Gitlab CI -注册表和nginx

Question

我正在尝试设置自托管的gitlab CI与它自己的注册表。我还为TLS使用自签名证书，使用我自己的CA对此证书进行签名，该CA作为受信任的CA安装在我的主机上。

Gitlab-CE 13.6.3版本安装在Ubuntu 18.04上。已在同一主机上安装了snap microk8s群集

问题(一些非常基本的)

• 是否Gitlab注册中心使用停靠守护进程?

• 是如何实现连接的？

Docker client -> NGINX (5050) -> Gitlab注册中心(5000)

• I在gitlab.rb文件

中有下面的配置

registry['enable'] = true
registry['registry_http_addr'] = "127.0.0.1:5000"
registry['log_directory'] = "/var/log/gitlab/registry"
registry['env'] = {
  'SSL_CERT_DIR' => "/etc/gitlab/ssl"
}

# Below you can find settings that are exclusive to "Registry NGINX"
registry_nginx['enable'] = true
registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.local.crt"
registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.local.key"

registry_nginx['proxy_set_headers'] = {
 "Host" => "$http_host",
 "X-Real-IP" => "$remote_addr",
 "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
 "X-Forwarded-Proto" => "https",
 "X-Forwarded-Ssl" => "on"
}

# When the registry is automatically enabled using the same domain as `external_url`,
# it listens on this port
registry_nginx['listen_port'] = 5050
registry_nginx['listen_addresses'] = ['*', '[::]']

当我尝试停靠登录时，会观察到以下错误。是否期望基于上述配置？

   - with URL: https://127.0.0.1:5000 - > Login Success
   - with URL: https://127.0.0.1:5050 - > Login Success 
   - with URL: https://gitlab.local:5050 - > x509 certificate signed by unknown authority

• I有gitlab k8s & docker运行程序，他们能从容器内访问gitlab注册中心(nginx)端口5050吗?

    [[runners]]
      name = "docker"
      token = "xxxxxxx"
      executor = "docker"
      [runners.docker]
        image = "docker:stable"
        privileged = true
        volumes = ["/cache", "/var/run/docker.sock:/var/run/docker.sock"]

注意:我尝试了各种关于gitlab注册中心证书问题的gitlab论坛/帖子来构建/推送图像，但没有成功。

谢谢

Answer 1

尝试通过以下方式将证书放置在码头：

sudo mkdir -p /etc/docker/certs.d/gitlab.local:5050
cp /yourcerts/gitlab.local.crt /etc/docker/certs.d/gitlab.local:5050/ca.crt
sudo service docker reload