use*_*695 9 gitlab docker docker-registry traefik
我正在使用traefik作为反向代理(以及管理letsencrypt证书),我正在运行一个自托管的gitlab实例.GitLab图像是一个单一的,包含所有服务,两个服务(Registry和Git)需要在同一个容器中提供.
通过下面显示的配置,gitlab运行良好.
docker login registry.domain.com 也在工作.
但导航到gitlab前端的注册表给了我500错误.
gitlab日志:
Errno::EADDRNOTAVAIL (Failed to open TCP connection to localhost:5000 (Cannot assign requested address - connect(2) for "localhost" port 5000)):
在我读到的文档中,端口5000是gitlab注册表的默认值.
所以我进入gitlab容器并尝试调用localhost:5000:
$ docker exec -it gitlab /bin/bash
root@gitlab:/# curl -v http://localhost:5000
* Rebuilt URL to: http://localhost:5000/
* Trying 127.0.0.1...
* TCP_NODELAY set
* connect to 127.0.0.1 port 5000 failed: Connection refused
* Trying ::1...
* TCP_NODELAY set
* Immediate connect fail for ::1: Cannot assign requested address
* Trying ::1...
* TCP_NODELAY set
* Immediate connect fail for ::1: Cannot assign requested address
* Failed to connect to localhost port 5000: Connection refused
* Closing connection 0
curl: (7) Failed to connect to localhost port 5000: Connection refused
此外,没有5000 ......
root@gitlab:/# netstat -tanpu | grep -i listen
tcp 0 0 127.0.0.1:9093 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.11:33383 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:9100 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:9229 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:9168 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 638/nginx
tcp 0 0 127.0.0.1:8082 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:9236 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 21/sshd
tcp 0 0 0.0.0.0:8060 0.0.0.0:* LISTEN 638/nginx
tcp 0 0 127.0.0.1:9121 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:9090 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:9187 0.0.0.0:* LISTEN -
tcp6 0 0 :::9094 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN 21/sshd
那么我的配置中缺少什么?我如何处理traefik中的5000端口?
泊坞窗,compose.yml
version: '3.3'
services:
gitlab:
image: gitlab/gitlab-ce:latest
container_name: gitlab
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url = 'https://gitlab.domain.com'
registry_external_url = 'https://registry.domain.com'
gitlab_rails['gitlab_shell_ssh_port'] = 2222
gitlab_rails['registry_enabled'] = true
ports:
- '2222:22'
networks:
- proxy
labels:
- traefik.enable=true
- traefik.gitlab.frontend.rule=Host:gitlab.domain.com
- traefik.gitlab.port=80
- traefik.reg.frontend.rule=Host:registry.domain.com
- traefik.reg.port=80
- traefik.docker.network=proxy
traefik:
image: traefik:1.7.3-alpine
restart: always
ports:
- 80:80
- 443:443
networks:
- proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /opt/traefik/traefik.toml:/traefik.toml
- /opt/traefik/acme.json:/acme.json
labels:
- traefik.frontend.rule=Host:monitor.domain.com
- traefik.port=8080
container_name: traefik
networks:
proxy:
external: true
traefik.toml
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.dashboard]
address = ":8080"
[entryPoints.dashboard.auth]
[entryPoints.dashboard.auth.basic]
users = ["admin:password"]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[api]
entrypoint="dashboard"
[docker]
domain = "domain.com"
watch = true
network = "proxy"
[acme]
email = "notifications@domain.com"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
[acme.httpChallenge]
entryPoint = "http"
首先:阅读“ GitLab 容器注册表管理”,确保:
默认情况下,容器注册表在 HTTPS 下工作。可以使用 HTTP,但不推荐,并且超出了本文档的范围。请阅读测试不安全的注册表。
其次,关于traefik ,您可以在docker-gitlab issues 1688中看到一个示例,它确实向 GitLab 的注册表部分声明了 traefik 前端。
Run Code Online (Sandbox Code Playgroud)- traefik.enable=true - traefik.backend=registry.demo.com - traefik.frontend.rule=Host:registry.demo.com - traefik.docker.network=traefik-00 - traefik.port=5000
如果您确实需要使用 traefik 通过外部 http URL 公开您的内部“https 端口 5000”注册表,您可以在此线程中找到一个示例。
| 归档时间: |
|
| 查看次数: |
1511 次 |
| 最近记录: |