search

sameersbn / docker-gitlab

Dockerized GitLab
http://www.damagehead.com/docker-gitlab/
MIT License
7.87k stars 2.14k forks source link

Error 500 in container_registry #2120

Open Haso58 opened 4 years ago

Haso58 commented 4 years ago

Hi,

I followed this guide https://github.com/sameersbn/docker-gitlab/blob/master/docs/container_registry.md to activate gitlab docker registry. But I am getting a 500 Error when I click on container-registry. I found an identical issue the fix was to upgrade redis to redis:4.0.9-1 but I am already using redis:4.0.9-2. Here is my yml file. I hope someone can help me because I don't know what to do anymore.

`version: '2'

volumes:
  redis-data:
  postgresql-data:
  postgres_data:
  gitlab-data:

services:
  redis:
    restart: always
    image: sameersbn/redis:4.0.9-2
    command:
      - --loglevel warning
    volumes:
      - redis-data:/var/lib/redis:Z
  postgresql:
      restart: always
      image: sameersbn/postgresql:10-2
      volumes:
        - postgresql-data:/var/lib/postgresql:Z
      environment:
        - DB_USER=gitlab
        - DB_PASS=password
        - DB_NAME=gitlabhq_production
        - DB_EXTENSION=pg_trgm
        - GITLAB_REGISTRY_ENABLED=true
        - GITLAB_REGISTRY_HOST=registry.gitlab.com
        - GITLAB_REGISTRY_PORT=443
        - GITLAB_REGISTRY_API_URL=http://registry:5000
        - GITLAB_REGISTRY_KEY_PATH=/certs/registry.key

  gitlab:
    restart: always
    image: sameersbn/gitlab:12.7.6
    depends_on:
      - redis
      - postgresql
    ports:
      - "10080:80"
      - "10022:22"
      - "10443:443"
    volumes:
      - ./gitlab:/home/git/data
      - ./certs:/certs
    environment:

      - DEBUG=true

      - DB_ADAPTER=postgresql
      - DB_HOST=postgresql
      - DB_PORT=5432
      - DB_USER=gitlab
      - DB_PASS=password
      - DB_NAME=gitlabhq_production

      - REDIS_HOST=redis
      - REDIS_PORT=6379

      - TZ=Europe/Berlin
      - GITLAB_TIMEZONE=Berlin

      - GITLAB_HTTPS=false
      - SSL_SELF_SIGNED=false

      - GITLAB_HOST=localhost
      - GITLAB_PORT=10080
      - GITLAB_SSH_PORT=10022
      - GITLAB_RELATIVE_URL_ROOT=
      - GITLAB_SECRETS_DB_KEY_BASE=long-and-random-alphanumeric-string
      - GITLAB_SECRETS_SECRET_KEY_BASE=long-and-random-alphanumeric-string
      - GITLAB_SECRETS_OTP_KEY_BASE=long-and-random-alphanumeric-string

      - GITLAB_ROOT_PASSWORD=
      - GITLAB_ROOT_EMAIL=

      - GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
      - GITLAB_NOTIFY_PUSHER=false

      - GITLAB_EMAIL=notifications@example.com
      - GITLAB_EMAIL_REPLY_TO=noreply@example.com
      - GITLAB_INCOMING_EMAIL_ADDRESS=reply@example.com

      - GITLAB_BACKUP_SCHEDULE=daily
      - GITLAB_BACKUP_TIME=01:00

     # Registry
      - GITLAB_REGISTRY_ENABLED=true
      - GITLAB_REGISTRY_HOST=registry.gitlab.com
      - GITLAB_REGISTRY_PORT=443
      - GITLAB_REGISTRY_API_URL=http://registry:5000
      - GITLAB_REGISTRY_KEY_PATH=/certs/registry.key

      - SMTP_ENABLED=false
      - SMTP_DOMAIN=www.example.com
      - SMTP_HOST=smtp.gmail.com
      - SMTP_PORT=587
      - SMTP_USER=mailer@example.com
      - SMTP_PASS=password
      - SMTP_STARTTLS=true
      - SMTP_AUTHENTICATION=login

      - IMAP_ENABLED=false
      - IMAP_HOST=imap.gmail.com
      - IMAP_PORT=993
      - IMAP_USER=mailer@example.com
      - IMAP_PASS=password
      - IMAP_SSL=true
      - IMAP_STARTTLS=false

      - OAUTH_ENABLED=true
      - OAUTH_AUTO_SIGN_IN_WITH_PROVIDER=
      - OAUTH_ALLOW_SSO=saml
      - OAUTH_BLOCK_AUTO_CREATED_USERS=false
      - OAUTH_AUTO_LINK_LDAP_USER=false
      - OAUTH_AUTO_LINK_SAML_USER=true
      - OAUTH_EXTERNAL_PROVIDERS=

      - OAUTH_CAS3_LABEL=cas3
      - OAUTH_CAS3_SERVER=
      - OAUTH_CAS3_DISABLE_SSL_VERIFICATION=false
      - OAUTH_CAS3_LOGIN_URL=/cas/login
      - OAUTH_CAS3_VALIDATE_URL=/cas/p3/serviceValidate
      - OAUTH_CAS3_LOGOUT_URL=/cas/logout

      - OAUTH_GOOGLE_API_KEY=
      - OAUTH_GOOGLE_APP_SECRET=
      - OAUTH_GOOGLE_RESTRICT_DOMAIN=

      - OAUTH_FACEBOOK_API_KEY=
      - OAUTH_FACEBOOK_APP_SECRET=

      - OAUTH_TWITTER_API_KEY=
      - OAUTH_TWITTER_APP_SECRET=

      - OAUTH_GITHUB_API_KEY=
      - OAUTH_GITHUB_APP_SECRET=
      - OAUTH_GITHUB_URL=
      - OAUTH_GITHUB_VERIFY_SSL=

      - OAUTH_GITLAB_API_KEY=
      - OAUTH_GITLAB_APP_SECRET=

      - OAUTH_BITBUCKET_API_KEY=
      - OAUTH_BITBUCKET_APP_SECRET=

      - OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL=http://localhost:10080/users/auth/saml/callback
      - OAUTH_SAML_IDP_CERT_FINGERPRINT=910facfdeabf1f44f28c0b4b756c151de5270e4f
      - OAUTH_SAML_IDP_SSO_TARGET_URL=http://localhost:8091/auth/realms/gitlab/protocol/saml/clients/gitlab.codenorm
      - OAUTH_SAML_ISSUER=gitlab.codenorm
      - OAUTH_SAML_LABEL=gitlab.codenorm keycloak
      - OAUTH_SAML_NAME_IDENTIFIER_FORMAT=urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
      - OAUTH_SAML_GROUPS_ATTRIBUTE=roles
      - OAUTH_SAML_EXTERNAL_GROUPS='gitlab.codenorm:external'
      - OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=
      - OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=
      - OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME=name
      - OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=
      - OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=

      - OAUTH_CROWD_SERVER_URL=
      - OAUTH_CROWD_APP_NAME=
      - OAUTH_CROWD_APP_PASSWORD=

      - OAUTH_AUTH0_CLIENT_ID=
      - OAUTH_AUTH0_CLIENT_SECRET=
      - OAUTH_AUTH0_DOMAIN=
      - OAUTH_AUTH0_SCOPE=

      - OAUTH_AZURE_API_KEY=
      - OAUTH_AZURE_API_SECRET=
      - OAUTH_AZURE_TENANT_ID=

      - LDAP_ENABLED=true
      - LDAP_HOST=dost.local
      - LDAP_PORT=389
      - LDAP_UID=sAMAccountName
      - LDAP_BIND_DN=rachid
      - LDAP_PASS=codenorm
      - LDAP_BASE=OU=dostOU,DC=dost,DC=local
      - LDAP_VERIFY_SSL=false
      - LDAP_USER_FILTER=

  registry:
        image: registry
        restart: always
        expose:
            - "5000"
        ports:
            - "5000:5000"
        volumes:
            - ./gitlab/shared/registry:/registry
            - ./certs:/certs
        environment:
            - REGISTRY_LOG_LEVEL=info
            - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/registry
            - REGISTRY_AUTH_TOKEN_REALM=https://localhost:10080/jwt/auth
            - REGISTRY_AUTH_TOKEN_SERVICE=container_registry
            - REGISTRY_AUTH_TOKEN_ISSUER=gitlab-issuer
            - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/registry.crt
            - REGISTRY_STORAGE_DELETE_ENABLED=true

  postgres2:
    image: postgres
    container_name: postgres-gitlab
    volumes:
      - postgres_data:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: keycloak
      POSTGRES_USER: keycloak
      POSTGRES_PASSWORD: admin

  keycloak:
    image: quay.io/keycloak/keycloak:latest
    container_name: keycloak
    environment:
      DB_VENDOR: POSTGRES
      DB_ADDR: postgres2
      DB_DATABASE: keycloak
      DB_USER: keycloak
      DB_SCHEMA: public
      DB_PASSWORD: admin
      KEYCLOAK_USER: admin
      KEYCLOAK_PASSWORD: admin
      # Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, and it shouldn't be used in production without knowledge. It is highly recommended that you read the PostgreSQL JDBC driver documentation in order to use it.
      #JDBC_PARAMS: "ssl=true"
    ports:
      - 8091:8080
    depends_on:
      - postgres2`

this is the log what comes from registry: Selection_187

Haso58 commented 4 years ago

no one? this problem is staying no matter what I do

prakie commented 4 years ago

I'm getting the same error. no luck. I've tried with 12.x and now upgraded to 13.x, the issue still the same.

I'm using Nginx reverse proxy with lets-encrypt certificate.

sargreal commented 4 years ago

Have the same issue, here the traceback on the call to the registry:

Started GET "/xxx/xxx/container_registry" for 141.13.230.29 at 2020-08-19 07:56:03 +0000
Processing by Projects::Registry::RepositoriesController#index as HTML
  Parameters: {"namespace_id"=>"xxx", "project_id"=>"xxx"}
Completed 500 Internal Server Error in 36ms (ActiveRecord: 3.9ms | Elasticsearch: 0.0ms | Allocations: 13907)

Errno::EACCES (Permission denied @ rb_sysopen - /certs/registry.key):

lib/json_web_token/rsa_token.rb:23:in `read'
lib/json_web_token/rsa_token.rb:23:in `key_data'
lib/json_web_token/rsa_token.rb:27:in `key'
lib/json_web_token/rsa_token.rb:31:in `public_key'
lib/json_web_token/rsa_token.rb:36:in `kid'
lib/json_web_token/rsa_token.rb:14:in `encoded'
app/services/auth/container_registry_authentication_service.rb:51:in `access_token'
app/services/auth/container_registry_authentication_service.rb:32:in `full_access_token'
app/models/container_repository.rb:39:in `registry'
app/models/container_repository.rb:14:in `client'
app/models/container_repository.rb:63:in `manifest'
app/models/container_repository.rb:67:in `tags'
app/models/container_repository.rb:87:in `has_tags?'
app/controllers/projects/registry/repositories_controller.rb:57:in `block (2 levels) in ensure_root_container_repository!'
app/controllers/projects/registry/repositories_controller.rb:56:in `tap'
app/controllers/projects/registry/repositories_controller.rb:56:in `block in ensure_root_container_repository!'
app/controllers/projects/registry/repositories_controller.rb:53:in `tap'
app/controllers/projects/registry/repositories_controller.rb:53:in `ensure_root_container_repository!'
app/controllers/application_controller.rb:491:in `set_current_admin'
lib/gitlab/session.rb:11:in `with_session'
app/controllers/application_controller.rb:482:in `set_session_storage'
lib/gitlab/i18n.rb:55:in `with_locale'
lib/gitlab/i18n.rb:61:in `with_user_locale'
app/controllers/application_controller.rb:476:in `set_locale'
lib/gitlab/error_tracking.rb:50:in `with_context'
app/controllers/application_controller.rb:541:in `sentry_context'
app/controllers/application_controller.rb:469:in `block in set_current_context'
lib/gitlab/application_context.rb:52:in `block in use'
lib/gitlab/application_context.rb:52:in `use'
lib/gitlab/application_context.rb:20:in `with_context'
app/controllers/application_controller.rb:462:in `set_current_context'
lib/gitlab/request_profiler/middleware.rb:17:in `call'
lib/gitlab/middleware/go.rb:20:in `call'
lib/gitlab/etag_caching/middleware.rb:13:in `call'
lib/gitlab/middleware/multipart.rb:140:in `call'
lib/gitlab/middleware/read_only/controller.rb:51:in `call'
lib/gitlab/middleware/read_only.rb:18:in `call'
lib/gitlab/middleware/same_site_cookies.rb:27:in `call'
lib/gitlab/middleware/basic_health_check.rb:25:in `call'
lib/gitlab/middleware/handle_ip_spoof_attack_error.rb:25:in `call'
lib/gitlab/middleware/request_context.rb:23:in `call'
config/initializers/fix_local_cache_middleware.rb:9:in `call'
lib/gitlab/metrics/requests_rack_middleware.rb:60:in `call'
lib/gitlab/middleware/release_env.rb:12:in `call'

As it says permission error but even setting 777 on the key does not help

sargreal commented 4 years ago

Update: Issue were the permissions on the certs directory on the file system for me

Hope this helps someone