diff --git a/webserver/docker_gitlab/templates/conf/gitlab.rb b/webserver/docker_gitlab/templates/conf/gitlab.rb index 212f6559d5fbbe42938f1742ea1096d6ab2d3f6e..f2d76895f5c35186264a3f17706f643816388edb 100644 --- a/webserver/docker_gitlab/templates/conf/gitlab.rb +++ b/webserver/docker_gitlab/templates/conf/gitlab.rb @@ -757,6 +757,9 @@ registry_external_url 'https://{{ domain_registry }}' # gitlab_rails['registry_port'] = "5005" # gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry" gitlab_rails['registry_enabled'] = true +#gitlab_rails['registry_host'] = "{{ domain_registry }}" +#gitlab_rails['registry_port'] = "" +#gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry" # Notification secret, it's used to authenticate notification requests to GitLab application # You only need to change this when you use external Registry service, otherwise @@ -765,12 +768,15 @@ gitlab_rails['registry_enabled'] = true ###! **Do not change the following 3 settings unless you know what you are ###! doing** -# gitlab_rails['registry_api_url'] = "http://localhost:5000" +gitlab_rails['registry_api_url'] = "http://localhost:5000" # gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key" # gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer" ### Settings used by Registry application registry['enable'] = true +registry['registry_http_addr'] = "0.0.0.0:5000" +# registry['log_directory'] = "/var/log/gitlab/registry" + # registry['username'] = "registry" # registry['group'] = "registry" # registry['uid'] = nil @@ -792,23 +798,6 @@ registry['enable'] = true # registry['autoredirect'] = false # registry['compatibility_schema1_enabled'] = false -### Registry Database -### see https://gitlab.warpzone.ms/help/administration/packages/container_registry_metadata_database.md - -registry['database'] = { - 'enabled' => false, - 'host' => 'localhost', - 'port' => 5432, - 'user' => 'registry-database-user', - 'password' => 'registry-database-password', - 'dbname' => 'registry-database-name', - 'sslmode' => 'require', - 'sslcert' => '/path/to/cert.pem', - 'sslkey' => '/path/to/private.key', - 'sslrootcert' => '/path/to/ca.pem' -} - - ### Registry backend storage ###! Docs: https://docs.gitlab.com/ee/administration/packages/container_registry.html#configure-storage-for-the-container-registry # registry['storage'] = { @@ -824,6 +813,19 @@ registry['database'] = { # } # } +# registry['storage'] = { +# 'filesystem' => { +# 'rootdirectory' => "/var/opt/gitlab/gitlab-rails/shared/registry" +# }, +# 'delete' => { +# 'enabled' => true +# }, +# 'cache' => { +# 'blobdescriptor' => 'inmemory' +# } +# } + + ### Registry notifications endpoints # registry['notifications'] = [ # { @@ -1317,6 +1319,10 @@ registry['database'] = { # nginx['redirect_http_to_https'] = false # nginx['redirect_http_to_https_port'] = 80 +# Increase maximal header size, needed for registry to work +nginx['client_max_body_size'] = "500m" +nginx['large_client_header_buffers'] = "8 32k" + ##! Most root CA's are included by default # nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt" @@ -1772,6 +1778,7 @@ registry_nginx['enable'] = true registry_nginx['listen_port'] = 5005 registry_nginx['listen_https'] = false +registry_nginx['proxy_pass'] = "http://localhost:5000" registry_nginx['proxy_set_headers'] = { "Host" => "$http_host", @@ -1781,6 +1788,20 @@ registry_nginx['proxy_set_headers'] = { "X-Forwarded-Ssl" => "on" } +# Increase maximal header size, needed for registry to work +registry_nginx['client_max_body_size'] = "500m" +registry_nginx['large_client_header_buffers'] = "8 32k" + +# Konfiguriere zusätzliche Nginx-Parameter für Registry +registry_nginx['custom_gitlab_server_config'] = " + client_header_buffer_size 64k; + proxy_buffer_size 64k; + proxy_buffers 8 64k; + proxy_busy_buffers_size 64k; + proxy_connect_timeout 300s; + proxy_read_timeout 300s; +" + ################################################################################ ## Prometheus ##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/ diff --git a/webserver/docker_gitlab/templates/docker-compose.yml b/webserver/docker_gitlab/templates/docker-compose.yml index f2f908f2b271dcc1fff20788f5a76bdcf9382e4a..4d514d3f6d1f537159c18e4016c666a61a279bf3 100644 --- a/webserver/docker_gitlab/templates/docker-compose.yml +++ b/webserver/docker_gitlab/templates/docker-compose.yml @@ -25,6 +25,8 @@ services: - traefik.http.routers.{{ servicename }}_registry.entrypoints=websecure - traefik.http.routers.{{ servicename }}_registry.service={{ servicename }}_registry - traefik.http.services.{{ servicename }}_registry.loadbalancer.server.port=5005 + - traefik.http.middlewares.registry-headers.headers.customRequestHeaders.Host={{ domain_registry }} + - traefik.http.routers.{{ servicename }}_registry.middlewares=registry-headers networks: - default - web