0

I try configure Gitlab to use an Docker registry

Read article:
How to setup omnibus installation to use an external Docker registry?

But this articles about native docker registry.

Does anyone have an article on setting configure Gitlab to use an Nexus Docker registry?

docker run --rm -it -p 443:5000 --name registry \
  -v /var/docker-registry-data:/var/lib/registry \
  -v /var/docker-registry-certs:/certs \
  -v /etc/gitlab/registry-certs:/etc/gitlab/registry-certs \
  -e REGISTRY_AUTH_TOKEN_REALM="what's supposed to be here?" \
  -e REGISTRY_AUTH_TOKEN_SERVICE=container_registry \
  -e REGISTRY_AUTH_TOKEN_ISSUER=gitlab-issuer \
  -e REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/etc/gitlab/registry-certs/registry-auth.crt \
  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/fullchain.pem \
  -e REGISTRY_HTTP_TLS_KEY=/certs/privkey.pem \
  --name docker-registry \
  registry:2

What should be there in the variable REGISTRY_AUTH_TOKEN_REALM?

Vladimir Vagaytsev
  • 2,871
  • 9
  • 33
  • 36
Anton Patsev
  • 605
  • 2
  • 13
  • 27

1 Answers1

1

To configure the registry to use the token mechanism, you should configure the following options:

auth: token: realm: The authentication end point. service: The service name. issuer: The issuer of the request, must match the issuer in the authentication service configuration. rootcertbundle: The certificate bundle which its public key used to sign the token.

So now if we want to run the registry container:

-e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry \
-e REGISTRY_AUTH=token \
-e REGISTRY_AUTH_TOKEN_REALM=https://registry.example.com:5001/auth \
-e REGISTRY_AUTH_TOKEN_SERVICE="Docker registry" \
-e REGISTRY_AUTH_TOKEN_ISSUER="Auth Service" \
-e REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/ssl/server.pem \
-v /root/auth_server/ssl:/ssl \
-v /root/docker_registry/data:/var/lib/registry \
--restart=always \
--name registry registry:2```
Rafael Oliveira
  • 309
  • 2
  • 11