БЛОГ НА HUSL


gitlab и встроенный docker registry

Автор вопроса: Konstantin

Есть сервер с gitlab: # grep -v "^#" /etc/gitlab/gitlab.rb | grep -v "^$"

external_url 'http://gitlab.mysite.com'

registry_external_url 'https://registry.mysite.com'
gitlab_rails['registry_enabled'] = true
registry['enable'] = true
puma['worker_processes'] = 0
registry_nginx['enable'] = true
registry_nginx['proxy_set_headers'] = {
 "Host" => "$http_host",
 "X-Real-IP" => "$remote_addr",
 "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
 "X-Forwarded-Proto" => "https",
 "X-Forwarded-Ssl" => "on"
}
registry_nginx['listen_port'] = 5050
registry_nginx['listen_https'] = false

letsencrypt['enable'] = false

Пытаюсь включить встроенный docker registry.

gitlab-host # cat /etc/docker/daemon.json

{
    "insecure-registries":["192.168.15.55:5050"]
}

При логине с локальной машины с gitlab проблем нет:

gitlab-host # docker login 127.0.0.1:5050 -u test11
Password:
Login Succeeded

В логах:

gitlab-host # tail -f /var/log/gitlab/registry/current
2023-10-29_07:56:15.37526 time="2023-10-29T09:56:15.374+02:00" level=info msg="router info" config_http_addr="127.0.0.1:5000" config_http_host= config_http_net= config_http_prefix= config_http_relative_urls=false correlation_id=01HDX6XYMEY6VCFX0KECKCWN5P go_version=go1.20.10 method=GET path=/v2/ root_repo= router=gorilla/mux version=v3.85.0-gitlab
2023-10-29_07:56:15.37536 {"content_type":"application/json","correlation_id":"01HDX6XYMEY6VCFX0KECKCWN5P","duration_ms":0,"host":"127.0.0.1:5050","level":"info","method":"GET","msg":"access","proto":"HTTP/1.1","referrer":"","remote_addr":"127.0.0.1:37040","remote_ip":"127.0.0.1","status":401,"system":"http","time":"2023-10-29T09:56:15.375+02:00","ttfb_ms":0,"uri":"/v2/","user_agent":"docker/24.0.7 go/go1.20.10 git-commit/311b9ff kernel/6.1.0-13-amd64 os/linux arch/amd64 UpstreamClient(Docker-Client/24.0.7 \\(linux\\))","written_bytes":87}
2023-10-29_07:56:15.61087 time="2023-10-29T09:56:15.610+02:00" level=info msg="router info" config_http_addr="127.0.0.1:5000" config_http_host= config_http_net= config_http_prefix= config_http_relative_urls=false correlation_id=01HDX6XYVTFKAW9MS0V64X12HR go_version=go1.20.10 method=GET path=/v2/ root_repo= router=gorilla/mux version=v3.85.0-gitlab
2023-10-29_07:56:15.61302 time="2023-10-29T09:56:15.612+02:00" level=info msg="authorized request" auth_project_paths="[]" auth_user_name=test11 auth_user_type=personal_access_token correlation_id=01HDX6XYVTFKAW9MS0V64X12HR go_version=go1.20.10 root_repo= version=v3.85.0-gitlab
2023-10-29_07:56:15.61304 {"content_type":"application/json","correlation_id":"01HDX6XYVTFKAW9MS0V64X12HR","duration_ms":2,"host":"127.0.0.1:5050","level":"info","method":"GET","msg":"access","proto":"HTTP/1.1","referrer":"","remote_addr":"127.0.0.1:37056","remote_ip":"127.0.0.1","status":200,"system":"http","time":"2023-10-29T09:56:15.612+02:00","ttfb_ms":2,"uri":"/v2/","user_agent":"docker/24.0.7 go/go1.20.10 git-commit/311b9ff kernel/6.1.0-13-amd64 os/linux arch/amd64 UpstreamClient(Docker-Client/24.0.7 \\(linux\\))","written_bytes":2}

И даже если логинится к IP самой машины:

gitlab-host # docker login 192.168.15.55:5050 -u test11
Password:
Login Succeeded

В логах такое:

gitlab-host # tail -f /var/log/gitlab/registry/current
2023-10-29_07:57:03.55520 time="2023-10-29T09:57:03.555+02:00" level=info msg="router info" config_http_addr="127.0.0.1:5000" config_http_host= config_http_net= config_http_prefix= config_http_relative_urls=false correlation_id=01HDX6ZDP2WN3RVC6S83WFT8PT go_version=go1.20.10 method=GET path=/v2/ root_repo= router=gorilla/mux version=v3.85.0-gitlab
2023-10-29_07:57:03.55540 {"content_type":"application/json","correlation_id":"01HDX6ZDP2WN3RVC6S83WFT8PT","duration_ms":0,"host":"192.168.15.55:5050","level":"info","method":"GET","msg":"access","proto":"HTTP/1.1","referrer":"","remote_addr":"127.0.0.1:38774","remote_ip":"127.0.0.1","status":401,"system":"http","time":"2023-10-29T09:57:03.555+02:00","ttfb_ms":0,"uri":"/v2/","user_agent":"docker/24.0.7 go/go1.20.10 git-commit/311b9ff kernel/6.1.0-13-amd64 os/linux arch/amd64 UpstreamClient(Docker-Client/24.0.7 \\(linux\\))","written_bytes":87}
2023-10-29_07:57:03.61737 time="2023-10-29T09:57:03.617+02:00" level=info msg="router info" config_http_addr="127.0.0.1:5000" config_http_host= config_http_net= config_http_prefix= config_http_relative_urls=false correlation_id=01HDX6ZDR1QN4XV2PTHQ7AFPPB go_version=go1.20.10 method=GET path=/v2/ root_repo= router=gorilla/mux version=v3.85.0-gitlab
2023-10-29_07:57:03.61950 time="2023-10-29T09:57:03.619+02:00" level=info msg="authorized request" auth_project_paths="[]" auth_user_name=test11 auth_user_type=personal_access_token correlation_id=01HDX6ZDR1QN4XV2PTHQ7AFPPB go_version=go1.20.10 root_repo= version=v3.85.0-gitlab
2023-10-29_07:57:03.61955 {"content_type":"application/json","correlation_id":"01HDX6ZDR1QN4XV2PTHQ7AFPPB","duration_ms":2,"host":"192.168.15.55:5050","level":"info","method":"GET","msg":"access","proto":"HTTP/1.1","referrer":"","remote_addr":"127.0.0.1:38784","remote_ip":"127.0.0.1","status":200,"system":"http","time":"2023-10-29T09:57:03.619+02:00","ttfb_ms":2,"uri":"/v2/","user_agent":"docker/24.0.7 go/go1.20.10 git-commit/311b9ff kernel/6.1.0-13-amd64 os/linux arch/amd64 UpstreamClient(Docker-Client/24.0.7 \\(linux\\))","written_bytes":2}

Но если логиниться с удаленной машины, то получаю такое:

localnetwork-host # docker login 192.168.15.55:5050 -u test11
Password:
Error response from daemon: Get "http://192.168.15.55:5050/v2/": denied: access forbidden

На всякий случай : localnetwork-host # cat /etc/docker/daemon.json

{
    "insecure-registries":["192.168.15.55:5050"]
}

В логах:

gitlab-host # tail -f /var/log/gitlab/registry/current
2023-10-29_07:41:25.42038 time="2023-10-29T09:41:25.420+02:00" level=info msg="router info" config_http_addr="127.0.0.1:5000" config_http_host= config_http_net= config_http_prefix= config_http_relative_urls=false correlation_id=01HDX62SHCJ8FYY73FPWC6ZJ58 go_version=go1.20.10 method=GET path=/v2/ root_repo= router=gorilla/mux version=v3.85.0-gitlab
2023-10-29_07:41:25.42058 {"content_type":"application/json","correlation_id":"01HDX62SHCJ8FYY73FPWC6ZJ58","duration_ms":0,"host":"192.168.15.55:5050","level":"info","method":"GET","msg":"access","proto":"HTTP/1.1","referrer":"","remote_addr":"127.0.0.1:39304","remote_ip":"127.0.0.1","status":401,"system":"http","time":"2023-10-29T09:41:25.420+02:00","ttfb_ms":0,"uri":"/v2/","user_agent":"docker/24.0.2 go/go1.20.4 git-commit/659604f kernel/5.10.0-23-amd64 os/linux arch/amd64 UpstreamClient(Docker-Client/24.0.2 \\(linux\\))","written_bytes":87}

Источник

Ответы (0 шт):

licensed under cc by-sa 3.0 with attribution.