目次 †概要 †Gitlab の Container Registry でプライベートな Dockerレジストリを構築する。 作業用ディレクトリ作成 †mkdir work_gitlab_container cd work_gitlab_container サーバ証明書の作成 †mkdir certs openssl req \ > -newkey rsa:4096 -nodes -sha256 -keyout certs/サーバ名.key \ > -x509 -days 365 -out certs/サーバ名.crt Generating a 4096 bit RSA private key ..............................................................................................++ .............................................................................................................++ writing new private key to 'certs/サーバ名.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) []:JP State or Province Name (full name) []: Locality Name (eg, city) []: Organization Name (eg, company) []:サーバ名 Organizational Unit Name (eg, section) []: Common Name (eg, fully qualified host name) []:サーバ名 Email Address []: docker-compose.yml の作成 †.env SERVER_NAME=サーバ名 docker-compose.yml web: image: gitlab/gitlab-ce:latest restart: always hostname: localhost container_name: mygitlab environment: GITLAB_OMNIBUS_CONFIG: | external_url "https://${SERVER_NAME}" registry_external_url "https://${SERVER_NAME}:4567" registry_nginx['ssl_certificate'] = "/var/certs/${SERVER_NAME}.crt" registry_nginx['ssl_certificate_key'] = "/var/certs/${SERVER_NAME}.key" ports: - '80:80' - '443:443' - '8022:22' - '4567:4567' volumes: - './certs:/var/certs' ビルド/起動 †docker-compose up -d しばらくすると、以下のようなログが出力され、コンテナがリスタートする。 docker logs -g mygitlab ================================================================================ Error executing action `create` on resource 'letsencrypt_certificate[XXX.XXX.XXX.XXX]' ================================================================================ : Recipe: gitlab::gitlab-rails * execute[clear the gitlab-rails cache] action run - execute /opt/gitlab/bin/gitlab-rake cache:clear Recipe: イメージをpushしてみる †docker login サーバ名:4567 # 適当なイメージをpull docker pull ubuntu # タグ付け/プッシュ docker image tag ubuntu サーバ名:4567/group1/myproject1 docker push サーバ名:4567/group1/myproject1 # ver2 をタグ付け/プッシュ docker image tag ubuntu サーバ名:4567/group1/myproject1:ver2 docker push サーバ名:4567/group1/myproject1:ver2 プッシュ後の状態 補足 †サーバ名をIPアドレスにする場合は、証明書の Subject Alternative Name もチェックされるので、これを含む証明書を作成する必要がある。 Error response from daemon: Get https://192.168.0.12:4567/v2/: x509: cannot validate certificate for 192.168.0.12 because it doesn't contain any IP SANs |