If you use an external Registry (not the one integrated with GitLab), you must add
these settings to its configuration. In this case, you will also have to specify
notification secret in `registry.notification_secret` section of
`/etc/gitlab/gitlab.rb` file.
1. Reconfigure the **primary** node for the change to take effect:
```sh
gitlab-ctl reconfigure
```
### Configure **secondary** node
Make sure you have Container Registry set up and working on
the **secondary** node before following the next steps.
The following steps should be done on each **secondary** node you're
expecting to see the Docker images replicated.
Because we need to allow the **secondary** node to communicate securely with
the **primary** node Container Registry, we need to have a single key
pair for all the nodes. The **secondary** node will use this key to
generate a short-lived JWT that is pull-only-capable to access the
**primary** node Container Registry.
1. SSH into the **secondary** node and login as the `root` user:
```sh
sudo-i
```
1. Copy `/var/opt/gitlab/gitlab-rails/etc/gitlab-registry.key` from the **primary** to the **secondary** node.
1. Edit `/etc/gitlab/gitlab.rb`:
```ruby
gitlab_rails['registry_replication']={
enabled: true,
primary_api_url: 'http://primary.example.com:5000/'# internal address to the primary registry, will be used by GitLab to directly communicate with primary registry API
}
```
1. Reconfigure the **secondary** node for the change to take effect:
```sh
gitlab-ctl reconfigure
```
### Verify replication
[ee]:https://about.gitlab.com/pricing/
To verify Container Registry replication is working, go to **Admin Area > Geo** (`/admin/geo/nodes`) on the **secondary** node.