Martin
Martin

Reputation: 100

setting gitlab with docker registry error 500

I have running docker with docker registry on example.domain.com

docker run -d -p 5000:5000 --restart=always --name registry \
-v /etc/ssl/certs/:/certs \
-e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry \
-v /git/docker_registry:/var/lib/registry \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/server.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/server.key \
registry:2

I can push and pull to this docker registry but when i try to connect it with gitlab which is running on the same machine example.domain.com using gitlab.yml config:

  registry:
    enabled: true
    host: example.domain.com
    port: 5005
    api_url: http://localhost:5000/
    key: /etc/ssl/certs/server.key
    path: /git/docker_registry

In web browser enabling docker registry on project works fine, but when i go to project page and open Regisry page i get error 500

Gitlab logs shows:

Started POST "/api/v3/internal/allowed" for 10.10.200.96 at 2016-11-25 10:15:01 +0100
Started POST "/api/v3/internal/allowed" for 10.10.200.96 at 2016-11-25 10:15:01 +0100
Started POST "/api/v3/internal/allowed" for 10.10.200.96 at 2016-11-25 10:15:01 +0100
Started GET "/data-access-servicess/centipede-rest/container_registry" for 10.11.0.232 at 2016-11-25 10:15:01 +0100
Processing by Projects::ContainerRegistryController#index as HTML
  Parameters: {"namespace_id"=>"data-access-servicess", "project_id"=>"centipede-rest"}
Completed 500 Internal Server Error in 195ms (ActiveRecord: 25.9ms)

Faraday::ConnectionFailed (wrong status line: "\x15\x03\x01\x00\x02\x02"):
  lib/container_registry/client.rb:19:in `repository_tags'
  lib/container_registry/repository.rb:22:in `manifest'
  lib/container_registry/repository.rb:31:in `tags'
  app/controllers/projects/container_registry_controller.rb:8:in `index'
  lib/gitlab/request_profiler/middleware.rb:15:in `call'
  lib/gitlab/middleware/go.rb:16:in `call'

and Docker Registry log:

2016/11/25 09:15:01 http: TLS handshake error from 172.17.0.1:44608: tls: first record does not look like a TLS handshake

Upvotes: 2

Views: 4128

Answers (1)

dhfsk
dhfsk

Reputation: 291

The problem is that gitlab tries to connect to the registry via http and not httpS. Hence your are getting the TLS handshake error.

Change your gitlab config from

registry:
  api_url: http://localhost:5000/

to

registry:
  api_url: https://localhost:5000/

If you are using a self-signed certificate, don't forget to trust it on the machine where gitlab is installed. See -> https://docs.docker.com/registry/insecure/#troubleshooting-insecure-registry

Upvotes: 3

Related Questions