我正在尝试使用omnibus docker image设置Docker注册表。我正在所有容器(包括omnibus)的前面运行一个单独的nginx代理,因此我按文档(https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl)中所述调整了配置。 这些是我对容器的配置:
docker run --detach --hostname gitlab.domain.com --name gitlab -p 30022:22 -p 30080:80 --volume /srv/gitlab/config:/etc/gitlab --volume /srv/gitlab/logs:/var/log/gitlab --volume /srv/gitlab/data:/var/opt/gitlab --env GITLAB_OMNIBUS_CONFIG="external_url 'https://gitlab.domain.com';nginx['listen_port']=80;nginx['listen_https']=false;registry_external_url 'https://gitlab-registry.domain.com';registry_nginx['listen_port']=80;registry_nginx['listen_https']=false" gitlab/gitlab-ce:latest
由于单独的nginx是由plesk自动配置的,并且是docker扩展,所以这是nginx配置中有趣的部分:
#extension docker begin
location ~ ^/.* {
proxy_pass http://0.0.0.0:30080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
#extension docker end
Gitlab本身(UI,SSH,克隆,推送等)运行良好,我什至可以进入注册表。但是,我无法成功完成docker login
。这就是我得到的:
Login did not succeed, error: Error response from daemon: Get https://gitlab-registry.domain.com/v2/: unauthorized: HTTP Basic: Access denied
这是注册表域上curl的输出:
* Trying XX.XXX.XX.XX...
* TCP_NODELAY set
* Connected to gitlab-registry.domain.com (XX.XXX.XX.XX) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=domain.com
* start date: Jun 27 01:10:09 2019 GMT
* expire date: Sep 25 01:10:09 2019 GMT
* subjectAltName: host "gitlab-registry.domain.com" matched cert's "*.domain.com"
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
> GET /v2 HTTP/1.1
> Host: gitlab-registry.domain.com
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Server: nginx
< Date: Thu, 11 Jul 2019 14:01:37 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 39
< Connection: keep-alive
< Docker-Distribution-Api-Version: registry/2.0
< Location: /v2/
< X-Powered-By: PleskLin
<
<a href="/v2/">Moved Permanently</a>.
* Connection #0 to host gitlab-registry.domain.com left intact
我现在已经花了几天时间来更改端口,标头设置,综合配置等。我真的没有主意了。也尝试过this。有谁知道如何解决这一问题?谢谢!