Skip to content

G
gitlab-ce
Commit 0695cdee authored by Achilleas Pipinellis's avatar Achilleas Pipinellis
Browse files
Options

Add assumptions section and refactor domain configuration

parent 04d231ef
Show whitespace changes
Inline Side-by-side
Showing with 39 additions and 17 deletions
doc/administration/container_registry.md
View file @ 0695cdee
...@@ -7,33 +7,49 @@ This feature was [introduced][ce-4040] in GitLab 8.8. ...@@ -7,33 +7,49 @@ This feature was [introduced][ce-4040] in GitLab 8.8.
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --> <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
**Table of Contents** *generated with [DocToc](https://github.com/thlorenz/doctoc)* **Table of Contents** *generated with [DocToc](https://github.com/thlorenz/doctoc)*
- [Configuration](#configuration) - [Assumptions](#assumptions)
- [Container Registry domain configuration](#container-registry-domain-configuration)
- [Container Registry under existing GitLab domain](#container-registry-under-existing-gitlab-domain) - [Container Registry under existing GitLab domain](#container-registry-under-existing-gitlab-domain)
- [Container Registry under its own domain](#container-registry-under-its-own-domain) - [Container Registry under its own domain](#container-registry-under-its-own-domain)
- [Container Registry storage path](#container-registry-storage-path) - [Container Registry storage path](#container-registry-storage-path)
- [Disable Container Registry](#disable-container-registry)
- [Changelog](#changelog)
<!-- END doctoc generated TOC please keep comment here to allow auto update --> <!-- END doctoc generated TOC please keep comment here to allow auto update -->
## Configuration ## Assumptions
Containers can be large in size and they are stored on the server GitLab is If you are using Omnibus, you have to bare in mind the following:
installed on.
The Container Registry works under HTTPS by default. - The container Registry will be enabled by default if GitLab is configured
This means that the Container Registry requires a SSL certificate. with HTTPS and it will listen on port `5005`. If you want the Registry to
There are two options on how this can be configured: listen on a port other than `5005` which is the default, read [#Container Registry under existing GitLab domain](#container-registry-under-existing-gitlab-domain)
on how to achieve that. You will also have to configure your firewall to allow
connections to that port.
- The Container Registry works under HTTPS by default. Note that using HTTP is
possible but not recommended and out of the scope of this document,
[see the insecure Registry documentation][docker-insecure] if you want to
implement this.
1. Use its own domain - needs a SSL certificate for that specific domain ## Container Registry domain configuration
(eg. registry.example.com) or a wildcard certificate if hosted under a subdomain
(eg. registry.gitlab.example.com)
1. Use the existing GitLab domain and expose the registry on a port - can reuse
existing GitLab SSL certificate
Note that using HTTP is possible but not recommended, There are two ways you can configure the container Registry domain. Either use
[see insecure Registry document][docker-insecure]. the existing GitLab domain where in that case the Registry will listen on a port,
or use a completely separate domain. Since the container Registry requires a
TLS certificate, in the end it all boils down to how easy or pricey is to
get a new TLS certificate.
Please take this into consideration before configuring Container Registry for 1. If the Registry is configured to use its own domain, you will need a TLS
the first time. certificate for that specific domain (e.g., `registry.example.com`) or maybe
a wildcard certificate if hosted under a subdomain (e.g., `registry.gitlab.example.com`).
1. If the Registry is configured to use the existing GitLab domain, you can
expose the Registry on a port so that you can reuse the existing GitLab TLS
certificate.
Please take this into consideration before configuring the Container Registry
for the first time.
Read more about Docker Registry at https://docs.docker.com/registry/introduction/.
### Container Registry under existing GitLab domain ### Container Registry under existing GitLab domain
...@@ -141,7 +157,13 @@ Save the file and [reconfigure GitLab][] for the changes to take effect. ...@@ -141,7 +157,13 @@ Save the file and [reconfigure GitLab][] for the changes to take effect.
**NOTE** You should confirm that the GitLab, registry and the web server user **NOTE** You should confirm that the GitLab, registry and the web server user
have access to this directory. have access to this directory.
## Disable Container Registry
## Changelog
[reconfigure gitlab]: ../../administration/restart_gitlab.md "How to restart GitLab documentation" [reconfigure gitlab]: ../../administration/restart_gitlab.md "How to restart GitLab documentation"
[wildcard certificate]: "https://en.wikipedia.org/wiki/Wildcard_certificate" [wildcard certificate]: "https://en.wikipedia.org/wiki/Wildcard_certificate"
[ce-4040]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4040 [ce-4040]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4040
[docker-insecure]: https://github.com/docker/distribution/blob/master/docs/insecure.md [docker-insecure]: https://docs.docker.com/registry/insecure/
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7