带有外部nginx和omnibus的gitlab docker注册表

好吧，我知道了。

## Lines starting with two hashes (##) are comments with information.## Lines starting with one hash (#) are configuration parameters that can be uncommented.#######################################         configuration         #####################################upstream docker-registry { server <ip_of_gitlab_docker_container>:<port_of_gitlab_container>;}## Redirects all HTTP traffic to the HTTPS hostserver {  listen *:80;  server_name  sub.domain.tld;  server_tokens off; ## Don't show the nginx version number, a security best practice  return 301 https://$http_host:$request_uri;  access_log  /var/log/nginx/gitlab_registry_access.log;  error_log   /var/log/nginx/gitlab_registry_error.log;}server {  # If a different port is specified in https://gitlab.com/gitlab-org/gitlab-ce/blob/8-8-stable/config/gitlab.yml.example#L182,  # it should be declared here as well  listen *:443 ssl http2;  server_name  sub.domain.tld;  server_tokens off; ## Don't show the nginx version number, a security best practice  client_max_body_size 0;  chunked_transfer_encoding on;  ## Strong SSL Security  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/   ssl on;   ssl_certificate /etc/letsencrypt/live/sub.domain.tld/fullchain.pem;   ssl_certificate_key /etc/letsencrypt/live/sub.domain.tld/privkey.pem;  ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;  ssl_prefer_server_ciphers on;  ssl_session_cache  builtin:1000  shared:SSL:10m;  ssl_session_timeout  5m;  access_log  /var/log/nginx/gitlab_registry_access.log;  error_log   /var/log/nginx/gitlab_registry_error.log;    location /{     # let Nginx know about our auth file     proxy_pass http://docker-registry;     proxy_set_header Host $host; # required for docker client's sake     proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;     proxy_set_header X-Forwarded-Proto $scheme; } location /v2/ {     # To add basic authentication to v2 use auth_basic setting plus     # add_header     add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always;     proxy_pass http://docker-registry;     proxy_set_header Host $http_host; # required for docker client's sake     proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;     proxy_set_header X-Forwarded-Proto $scheme;     proxy_read_timeout 900; }}

也许Andrioshe的nginx配置也可以使用，但是我进行了一些更改并在尝试时将其与其他配置混在一起。我认为普通docker-
regsitry的配置文件也可以工作…将来会尝试使用。

但是更重要的是gitlab omnibus配置。

registry_external_url 'https://sub.domain.tld'registry['registry_http_addr'] = "<ip_of_gitlab_docker_container>:<port_of_gitlab_container>"registry_nginx['enable'] = falseregistry['enable'] = true

将’regsitry_http_addr’设置为gitlab Docker注册表IP和端口而不是localhost非常重要。