Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Self-hosted Gitlab registry: Connection refused for localhost:5000

Tags:

docker

gitlab

docker-registry

traefik

I'm using traefik as a reverse proxy (and for management for the letsencrypt certificates) and I'm running a self hosted gitlab instance. GitLab image is a monolithic with all the services into it, both of the services (Registry and Git) need to be served in the same container.

With the configuration shown below gitlab is running well.

docker login registry.domain.com is also working.

But navigating to the registry in the gitlab frontend gives me a 500 error.

The gitlab logs:

Errno::EADDRNOTAVAIL (Failed to open TCP connection to localhost:5000 (Cannot assign requested address - connect(2) for "localhost" port 5000)):

In the docs I read, that the port 5000 is default for gitlab registry.

So I went into the gitlab container and tried to call for localhost:5000:

$ docker exec -it gitlab /bin/bash

root@gitlab:/# curl -v http://localhost:5000
* Rebuilt URL to: http://localhost:5000/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* connect to 127.0.0.1 port 5000 failed: Connection refused
*   Trying ::1...
* TCP_NODELAY set
* Immediate connect fail for ::1: Cannot assign requested address
*   Trying ::1...
* TCP_NODELAY set
* Immediate connect fail for ::1: Cannot assign requested address
* Failed to connect to localhost port 5000: Connection refused
* Closing connection 0
curl: (7) Failed to connect to localhost port 5000: Connection refused

Furthermore there is no 5000...

root@gitlab:/# netstat -tanpu | grep -i listen
tcp        0      0 127.0.0.1:9093          0.0.0.0:*               LISTEN      -               
tcp        0      0 127.0.0.11:33383        0.0.0.0:*               LISTEN      -               
tcp        0      0 127.0.0.1:9100          0.0.0.0:*               LISTEN      -               
tcp        0      0 127.0.0.1:9229          0.0.0.0:*               LISTEN      -               
tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      -               
tcp        0      0 127.0.0.1:9168          0.0.0.0:*               LISTEN      -               
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      638/nginx       
tcp        0      0 127.0.0.1:8082          0.0.0.0:*               LISTEN      -               
tcp        0      0 127.0.0.1:9236          0.0.0.0:*               LISTEN      -               
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      21/sshd         
tcp        0      0 0.0.0.0:8060            0.0.0.0:*               LISTEN      638/nginx       
tcp        0      0 127.0.0.1:9121          0.0.0.0:*               LISTEN      -               
tcp        0      0 127.0.0.1:9090          0.0.0.0:*               LISTEN      -               
tcp        0      0 127.0.0.1:9187          0.0.0.0:*               LISTEN      -               
tcp6       0      0 :::9094                 :::*                    LISTEN      -               
tcp6       0      0 :::22                   :::*                    LISTEN      21/sshd

So what am I missing in my configuration? How do I have to handle the 5000 port in traefik?

docker-compose.yml

version: '3.3'

services:
  gitlab:
    image: gitlab/gitlab-ce:latest
    container_name: gitlab
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url = 'https://gitlab.domain.com'
        registry_external_url = 'https://registry.domain.com'
        gitlab_rails['gitlab_shell_ssh_port'] = 2222
        gitlab_rails['registry_enabled'] = true
    ports:
      - '2222:22'
    networks:
      - proxy
    labels:
      - traefik.enable=true
      - traefik.gitlab.frontend.rule=Host:gitlab.domain.com
      - traefik.gitlab.port=80
      - traefik.reg.frontend.rule=Host:registry.domain.com
      - traefik.reg.port=80
      - traefik.docker.network=proxy
  traefik:
    image: traefik:1.7.3-alpine
    restart: always
    ports:
      - 80:80
      - 443:443
    networks:
      - proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /opt/traefik/traefik.toml:/traefik.toml
      - /opt/traefik/acme.json:/acme.json
    labels:
      - traefik.frontend.rule=Host:monitor.domain.com
      - traefik.port=8080
    container_name: traefik

networks:
  proxy:
    external: true

traefik.toml

defaultEntryPoints = ["https","http"]

[entryPoints]
  [entryPoints.dashboard]
  address = ":8080"
    [entryPoints.dashboard.auth]
      [entryPoints.dashboard.auth.basic]
        users = ["admin:password"]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
  [entryPoints.https.tls]

[api]
entrypoint="dashboard"

[docker]
domain = "domain.com"
watch = true
network = "proxy"

[acme]
email = "[email protected]"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
  [acme.httpChallenge]
  entryPoint = "http"
like image 441
user3142695 Avatar asked Oct 22 '18 16:10

user3142695

People also ask

Does GitLab have a registry?

The GitLab Container Registry is a secure and private registry for container images. It's built on open source software and completely integrated within GitLab. Use GitLab CI/CD to create and publish images. Use the GitLab API to manage the registry across groups and projects.

Does GitLab have a Docker registry?

In Milestone 8.8, GitLab launched the MVC of the Container Registry. This feature integrated the Docker Distribution registry into GitLab so that any GitLab user could have a space to publish and share container images.

1 Answers

First: reading "GitLab Container Registry administration ", make sure that:

  • gitlab registry is activated in your Omnibus image: your gitlab.rb, by default, does not declare a registry.
  • you are using https, not http as an URL.

The container registry works under HTTPS by default. Using HTTP is possible but not recommended and out of the scope of this document. Read Test an insecure registry.

Second, regarding traefik, you can see an example in docker-gitlab issue 1688, which does declare a traefik front to the registry part of GitLab.

- traefik.enable=true
- traefik.backend=registry.demo.com
- traefik.frontend.rule=Host:registry.demo.com
- traefik.docker.network=traefik-00
- traefik.port=5000

If you really need to expose your internal "https port 5000" registry through an external http URL with traefik, you have an example in this thread.

like image 159
VonC Avatar answered Oct 20 '22 13:10

VonC
Sign in to Comment

Related questions

Docker, host-OS restart and busy ports
Python requests module hangs on socket connection but cURL works
Get previous command in docker container console
SSH into a docker container from another container on a different host
Where to install device drivers to make docker recognize the device?
Can Docker help build executable that work in different platform
Why does "docker push" push several images and where?
Docker-Compose Issue with container name
Installed gems not found by bundler when BUNDLE_PATH changed with Docker
Docker container can't see a serial port device
Docker on Windows Connecting to sql server from dotnetcore app
Run dotnet 1.1 using docker
How to export an environment variable to a docker image?
Excluding all hidden files with .dockerignore
Build Visual Studio C++ project in docker
Permission denied error invoking Docker on Mac host from inside Docker Ubuntu container as non-root user
Docker how to send request(curl - get, post) one container to another container
Relative Path with Docker-Compose Shared Volumes
docker login on private nexus => Error response from daemon: login attempt to http://ip:port/v2/ failed with status: 404 Not Found
Docker error with pipenv on django app: Warning: --system is intended to be used for pre-existing Pipfile

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!