settings for docker registry to work again #49

06839e4a · void · 9a44dd00 · 06839e4a · 06839e4a
Commit 06839e4a authored 3 months ago by void
--- a/webserver/docker_gitlab/templates/conf/gitlab.rb
+++ b/webserver/docker_gitlab/templates/conf/gitlab.rb
@@ -757,6 +757,9 @@ registry_external_url 'https://{{ domain_registry }}'
 # gitlab_rails['registry_port'] = "5005"
 # gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"
 gitlab_rails['registry_enabled'] = true
+#gitlab_rails['registry_host'] = "{{ domain_registry }}"
+#gitlab_rails['registry_port'] = ""
+#gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"

 # Notification secret, it's used to authenticate notification requests to GitLab application
 # You only need to change this when you use external Registry service, otherwise
@@ -765,12 +768,15 @@ gitlab_rails['registry_enabled'] = true

 ###! **Do not change the following 3 settings unless you know what you are
 ###!   doing**
-# gitlab_rails['registry_api_url'] = "http://localhost:5000"
+gitlab_rails['registry_api_url'] = "http://localhost:5000"
 # gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key"
 # gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer"

 ### Settings used by Registry application
 registry['enable'] = true
+registry['registry_http_addr'] = "0.0.0.0:5000"
+# registry['log_directory'] = "/var/log/gitlab/registry"
+
 # registry['username'] = "registry"
 # registry['group'] = "registry"
 # registry['uid'] = nil
@@ -792,23 +798,6 @@ registry['enable'] = true
 # registry['autoredirect'] = false
 # registry['compatibility_schema1_enabled'] = false

-### Registry Database
-### see https://gitlab.warpzone.ms/help/administration/packages/container_registry_metadata_database.md
-
-registry['database'] = {
-  'enabled' => false,
-  'host' => 'localhost',
-  'port' => 5432,
-  'user' => 'registry-database-user',
-  'password' => 'registry-database-password',
-  'dbname' => 'registry-database-name',
-  'sslmode' => 'require', 
-  'sslcert' => '/path/to/cert.pem',
-  'sslkey' => '/path/to/private.key',
-  'sslrootcert' => '/path/to/ca.pem'
-}
-
-
 ### Registry backend storage
 ###! Docs: https://docs.gitlab.com/ee/administration/packages/container_registry.html#configure-storage-for-the-container-registry
 # registry['storage'] = {
@@ -824,6 +813,19 @@ registry['database'] = {
 #   }
 # }

+# registry['storage'] = {
+#   'filesystem' => {
+#     'rootdirectory' => "/var/opt/gitlab/gitlab-rails/shared/registry"
+#   },
+#   'delete' => {
+#     'enabled' => true
+#   },
+#   'cache' => {
+#     'blobdescriptor' => 'inmemory'
+#   }
+# }
+
+
 ### Registry notifications endpoints
 # registry['notifications'] = [
 #   {
@@ -1317,6 +1319,10 @@ registry['database'] = {
 # nginx['redirect_http_to_https'] = false
 # nginx['redirect_http_to_https_port'] = 80

+# Increase maximal header size, needed for registry to work
+nginx['client_max_body_size'] = "500m"
+nginx['large_client_header_buffers'] = "8 32k"
+
 ##! Most root CA's are included by default
 # nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt"

@@ -1772,6 +1778,7 @@ registry_nginx['enable'] = true

 registry_nginx['listen_port'] = 5005
 registry_nginx['listen_https'] = false
+registry_nginx['proxy_pass'] = "http://localhost:5000"

 registry_nginx['proxy_set_headers'] = {
  "Host" => "$http_host",
@@ -1781,6 +1788,20 @@ registry_nginx['proxy_set_headers'] = {
  "X-Forwarded-Ssl" => "on"
 }

+# Increase maximal header size, needed for registry to work
+registry_nginx['client_max_body_size'] = "500m"
+registry_nginx['large_client_header_buffers'] = "8 32k"
+
+# Konfiguriere zusätzliche Nginx-Parameter für Registry
+registry_nginx['custom_gitlab_server_config'] = "
+  client_header_buffer_size 64k;
+  proxy_buffer_size 64k;
+  proxy_buffers 8 64k;
+  proxy_busy_buffers_size 64k;
+  proxy_connect_timeout 300s;
+  proxy_read_timeout 300s;
+"
+
 ################################################################################
 ## Prometheus
 ##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/

--- a/webserver/docker_gitlab/templates/docker-compose.yml
+++ b/webserver/docker_gitlab/templates/docker-compose.yml
@@ -25,6 +25,8 @@ services:
      - traefik.http.routers.{{ servicename }}_registry.entrypoints=websecure
      - traefik.http.routers.{{ servicename }}_registry.service={{ servicename }}_registry
      - traefik.http.services.{{ servicename }}_registry.loadbalancer.server.port=5005
+      - traefik.http.middlewares.registry-headers.headers.customRequestHeaders.Host={{ domain_registry }}
+      - traefik.http.routers.{{ servicename }}_registry.middlewares=registry-headers
    networks:
      - default
      - web