Configuring Container Registry in gitlab over http

Question

I'm trying to configure Container Registry in gitlab installed on my Ubuntu machine. I have Docker configured over http and it works, added insecure. Gitlab is installed on the host http://5.121.32.5

external_url 'http://5.121.32.5'

In the gitlab.rb file, I have enabled the following settings:

registry_external_url 'http://5.121.32.5'
gitlab_rails['registry_enabled'] = true
gitlab_rails['registry_host'] = "5.121.32.5"
gitlab_rails['registry_port'] = "5005"
gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"

To listen to the port, I created a file

sudo mkdir -p /etc/systemd/system/docker.service.d/

Here are its contents

[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock

But when the code runs in the gitlab-ci.yaml file

docker push ${MY_REGISTRY_PROJECT}:latest

then I get an error

Error response from daemon: Get "https://5.121.32.5:5005/v2/": dial tcp 5.121.32.5:5005: connect: connection refused

What is the problem? What did I miss? And why is https specified here if I have http configured?

Answer 1

When you use docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} the docker command defaults to HTTPS causing the problem.

You need to tell your GitLab Runner to use insecure registry:

On the server on which the GitLab Runner is running, add the following option to your docker launch arguments (for me I added it to the DOCKER_OPTS in /etc/default/docker and restarted the docker engine): --insecure-registry 172.30.100.15:5050, replacing the IP with your own insecure registry.

Source

Also, you may want to read more about it in this interesting discussion