Docker registry only accepts HTTPS conn

[king-anduin]

Hi,

I have a question regarding your nice web gui. The Docker registry is only accepting HTTPS connections and because of that I get a http: TLS handshake error. Is there a way to provide a private key and/or crt for connecting to the registry?

best wishes
Peter

[Joxit]

Hi, thank you for using my project !

Are you hosting the ui or are you using the demo ui ?

If you are using the demo UI, my domain is joxit.dev and the TLD .dev ensure that the website is served only with HTTPS... So only registries on localhost will work without HTTPS, otherwise the TLS is required.

You will need to deploy the UI on a non-secure host (without TLS) if you are working with non TLS registry.

[king-anduin]

Hi,
let me give you a quick overview of how the set up is and then you get what I mean.
I have a nginx proxy server deployed who distributed the traffic between, gitlab-server, gitlab-redis, gitlab-postgres, gitlab-runner, gitlab-pgadmin, gitlab-registry and your app.

I added proxy_set_header X-Forwarded-Proto $scheme; to your nginx.conf

The entire server only serves HTTPS and redirect and HTTP request to HTTPS.
I proxy pass your request via HTTPS but still get the tls handshake error.

That is a part of the Docker-compose file.

services:
  nginx:
    image: nginx:1.23.3
    restart: unless-stopped
    container_name: nginx
    ports:
      - 80:80
      - 443:443
    volumes:
      - /srv/gitlab/nginx-conf/nginx.conf:/etc/nginx/nginx.conf
      - /srv/gitlab/certs/domain.crt:/etc/nginx/domain.crt
      - /srv/gitlab/certs/domain.key:/etc/nginx/domain.key
      - /var/log/nginx:/var/log/nginx
    networks:
      - gitlab
      - pgadmin
  
gitlab-registry:
    container_name: gitlab-registry
    restart: unless-stopped
    image: registry:2
    ports:
      - 5000:5000
    environment:
      REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt
      REGISTRY_HTTP_TLS_KEY: /certs/domain.key
      #REGISTRY_LOG_LEVEL: debug
      REGISTRY_AUTH: token
      REGISTRY_AUTH_TOKEN_REALM: https://xxxxxx/jwt/auth
      REGISTRY_AUTH_TOKEN_SERVICE: "container_registry"
      REGISTRY_AUTH_TOKEN_ISSUER: "gitlab-issuer"
      REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE: /certs/domain.crt
    volumes:
      - /srv/gitlab-registry/data:/var/lib/registry
      - /srv/gitlab/registry-config/config.yml:/etc/docker/registry/config.yml
      - /srv/gitlab/certs:/certs
      - /srv/gitlab/auth:/auth
    networks:
      - gitlab

gitlab-registry-ui:
    container_name: gitlab-registry-ui
    restart: unless-stopped
    image: joxit/docker-registry-ui:latest
    environment:
      - REGISTRY_TITLE=XXX Docker Registry
      - REGISTRY_URL=https://xxxx:5000
      - NGINX_PROXY_PASS_URL=https://gitlab-registry:5000
      - SINGLE_REGISTRY=true
    depends_on:
      - gitlab-registry
    volumes:
      - /srv/gitlab/registry-ui-config/nginx.conf:/etc/nginx/conf.d/default.conf
      - /srv/gitlab/certs/domain.crt:/etc/nginx/certs/domain.crt
      - /srv/gitlab/certs/domain.key:/etc/nginx/certs/domain.key
    networks:
      - gitlab

[Joxit]

Hi there, since you are using nginx in front of my UI, you do not need NGINX_PROXY_PASS_URL and the REGISTRY_URL should be your nginx address with https on port 443 instead of 5000.

Now if you still have the issue between your nginx server and the docker registry, you may need to set

proxy_ssl_server_name off;

If you can reach your registry over HTTPS via port 5000, that means the registry is well configured so you may check some documentation about nginx and proxy pass over HTTPS