From b60aa77aaa581407e3f52a99c6667f2f407fbd61 Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Tue, 6 Jun 2017 16:26:12 +0200 Subject: [PATCH] Add info on using self-signed certs with Registry --- doc/administration/container_registry.md | 30 ++++++++++++++++-------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/doc/administration/container_registry.md b/doc/administration/container_registry.md index f707039827b..afafb6bf1f5 100644 --- a/doc/administration/container_registry.md +++ b/doc/administration/container_registry.md @@ -1,10 +1,7 @@ # GitLab Container Registry administration -> [Introduced][ce-4040] in GitLab 8.8. - ---- - > **Notes:** +- [Introduced][ce-4040] in GitLab 8.8. - Container Registry manifest `v1` support was added in GitLab 8.9 to support Docker versions earlier than 1.10. - This document is about the admin guide. To learn how to use GitLab Container @@ -514,8 +511,8 @@ configurable in future releases. ## Configure Container Registry notifications -You can configure the Container Registry to send webhook notifications in -response to events happening within the registry. +You can configure the Container Registry to send webhook notifications in +response to events happening within the registry. Read more about the Container Registry notifications config options in the [Docker Registry notifications documentation][notifications-config]. @@ -568,12 +565,25 @@ notifications: backoff: 1000 ``` -## Changelog +## Using self-signed certificates with Container Registry -**GitLab 8.8 ([source docs][8-8-docs])** +If you're using a self-signed certificate with your Container Registry, you +might encounter issues during the CI jobs like the following: -- GitLab Container Registry feature was introduced. +``` +Error response from daemon: Get registry.example.com/v1/users/: x509: certificate signed by unknown authority +``` +The Docker daemon running the command expects a cert signed by a recognized CA, +thus the error above. + +While GitLab doesn't support using self-signed certificates with Container +Registry out of the box, it is possible to make it work if you follow +[Docker's documentation][docker-insecure]. You may find some additional +information in [issue 18239][ce-18239]. + +[ce-18239]: https://gitlab.com/gitlab-org/gitlab-ce/issues/18239 +[docker-insecure]: https://docs.docker.com/registry/insecure/#using-self-signed-certificates [reconfigure gitlab]: restart_gitlab.md#omnibus-gitlab-reconfigure [restart gitlab]: restart_gitlab.md#installations-from-source [wildcard certificate]: https://en.wikipedia.org/wiki/Wildcard_certificate @@ -589,4 +599,4 @@ notifications: [existing-domain]: #configure-container-registry-under-an-existing-gitlab-domain [new-domain]: #configure-container-registry-under-its-own-domain [notifications-config]: https://docs.docker.com/registry/notifications/ -[registry-notifications-config]: https://docs.docker.com/registry/configuration/#notifications \ No newline at end of file +[registry-notifications-config]: https://docs.docker.com/registry/configuration/#notifications