我正在尝试使用自己的注册表设置自托管 gitlab CI。我还使用 TLS 的自签名证书,使用我自己的 CA 签署了这个证书,它作为受信任的 CA 安装在我的主机中
Gitlab-CE 13.6.3 版本安装在 Ubuntu 18.04 上。已在同一主机上安装 snap microk8s 集群
问题(一些非常基础的)
Docker 客户端 --> NGINX (5050) --> Gitlab 注册表 (5000)
registry['enable'] = true
registry['registry_http_addr'] = "127.0.0.1:5000"
registry['log_directory'] = "/var/log/gitlab/registry"
registry['env'] = {
'SSL_CERT_DIR' => "/etc/gitlab/ssl"
}
# Below you can find settings that are exclusive to "Registry NGINX"
registry_nginx['enable'] = true
registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.local.crt"
registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.local.key"
registry_nginx['proxy_set_headers'] = {
"Host" => "$http_host",
"X-Real-IP" => "$remote_addr",
"X-Forwarded-For" => "$proxy_add_x_forwarded_for",
"X-Forwarded-Proto" => "https",
"X-Forwarded-Ssl" => "on"
}
# When the registry is automatically enabled using the same domain as `external_url`,
# it listens on this port
registry_nginx['listen_port'] = 5050
registry_nginx['listen_addresses'] = ['*', '[::]']
当我尝试 docker login 时,观察到以下错误。是否基于上述配置? - with URL: https://127.0.0.1:5000 - > Login Success
- with URL: https://127.0.0.1:5050 - > Login Success
- with URL: https://gitlab.local:5050 - > x509 certificate signed by unknown authority
[[runners]]
name = "docker"
token = "xxxxxxx"
executor = "docker"
[runners.docker]
image = "docker:stable"
privileged = true
volumes = ["/cache", "/var/run/docker.sock:/var/run/docker.sock"]
注意:我尝试了各种关于 gitlab 注册表上的证书问题的 gitlab 论坛/帖子来构建/推送图像,但没有成功谢谢
最佳答案
尝试通过以下方式将证书放在 docker 中:
sudo mkdir -p /etc/docker/certs.d/gitlab.local:5050
cp /yourcerts/gitlab.local.crt /etc/docker/certs.d/gitlab.local:5050/ca.crt
sudo service docker reload
关于docker - Gitlab CI - 注册表和 nginx,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/65321142/