Unable to login to container registry when specifying port, 401 Unauthorized
Summary
Configure GitLab to host a docker container registry under the same domain (follow https://docs.gitlab.com/ee/administration/packages/container_registry.html#configure-container-registry-under-an-existing-gitlab-domain ). Trying to login to the registry fails when specifying the port, but succeeds when no port is specified.
Steps to reproduce
Use GitLab-omnibus.
Follow the guide at https://docs.gitlab.com/ee/administration/packages/container_registry.html#configure-container-registry-under-an-existing-gitlab-domain
You should now have something like this in your gitlab.rb
registry_external_url 'https://gitlab.company.com:4567'
gitlab_rails['registry_enabled'] = true
registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/used.crt"
registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/used.key"
Reconfigure for the settings to take effect gitlab-ctl reconfigure
.
Trying to login to the registry
# docker login sms-dev1.schoolsoft.se:4567
Username: fibe
Password:
Error response from daemon: login attempt to https://gitlab.company.com:4567/v2/ failed with status: 401 Unauthorized
Try again, but skip the port
# docker login gitlab.company.com
Username: fibe
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
What is the current bug behavior?
You can't log in to the registry with the URL you have specified for the registry.
Since you can't log in with the port specified every build that uses $CI_REGISTRY
fails as that variable contains the port.
What is the expected correct behavior?
You should be able to login to the registry with the port.
Relevant logs
Relevant logs
/var/log/gitlab/registry/current 2019-09-25_19:43:39.99323 127.0.0.1 - - [25/Sep/2019:21:43:39 +0200] "GET /v2/ HTTP/1.1" 401 87 "" "docker/19.03.2 go/go1.12.8 git-commit/6a30dfc kernel/3.10.0-693.2.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.2 \\(linux\\))" 2019-09-25_19:43:55.63779 time="2019-09-25T21:43:55.637725326+02:00" level=warning msg="error authorizing context: authorization token required" go.version=go1.12.7 http.request.host="gitlab.company.com:4567" http.request.id=f9bfc1bd-36f3-42eb-9310-028e4c510e92 http.request.method=GET http.request.remoteaddr=10.72.11.20 http.request.uri="/v2/" http.request.useragent="docker/19.03.2 go/go1.12.8 git-commit/6a30dfc kernel/3.10.0-693.2.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.2 \(linux\))" 2019-09-25_19:43:55.63786 127.0.0.1 - - [25/Sep/2019:21:43:55 +0200] "GET /v2/ HTTP/1.1" 401 87 "" "docker/19.03.2 go/go1.12.8 git-commit/6a30dfc kernel/3.10.0-693.2.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.2 \\(linux\\))" 2019-09-25_19:54:50.18635 time="2019-09-25T21:54:50.186234169+02:00" level=warning msg="error authorizing context: authorization token required" go.version=go1.12.7 http.request.host="gitlab.company.com:4567" http.request.id=8a8a6e1c-0e74-46ec-93de-723e329ac6af http.request.method=GET http.request.remoteaddr=10.72.11.20 http.request.uri="/v2/" http.request.useragent="docker/19.03.2 go/go1.12.8 git-commit/6a30dfc kernel/3.10.0-693.2.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.2 \(linux\))" 2019-09-25_19:54:50.18638 127.0.0.1 - - [25/Sep/2019:21:54:50 +0200] "GET /v2/ HTTP/1.1" 401 87 "" "docker/19.03.2 go/go1.12.8 git-commit/6a30dfc kernel/3.10.0-693.2.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.2 \\(linux\\))" 2019-09-25_19:56:16.77790 time="2019-09-25T21:56:16.777753628+02:00" level=warning msg="error authorizing context: authorization token required" go.version=go1.12.7 http.request.host="gitlab.company.com:4567" http.request.id=8a23ca79-b493-4cb9-afaf-9351a11687e1 http.request.method=GET http.request.remoteaddr=10.72.11.20 http.request.uri="/v2/" http.request.useragent="docker/19.03.2 go/go1.12.8 git-commit/6a30dfc kernel/3.10.0-693.2.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.2 \(linux\))" 2019-09-25_19:56:16.77795 127.0.0.1 - - [25/Sep/2019:21:56:16 +0200] "GET /v2/ HTTP/1.1" 401 87 "" "docker/19.03.2 go/go1.12.8 git-commit/6a30dfc kernel/3.10.0-693.2.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.2 \\(linux\\))" 2019-09-25_19:56:17.00476 time="2019-09-25T21:56:17.004317209+02:00" level=info msg="token signed by untrusted key with ID: "U2WU:XL6Q:7PW6:C6R6:P4F2:VTET:BG27:RCIB:D2S3:CDDT:72OI:ULOP"" 2019-09-25_19:56:17.00479 time="2019-09-25T21:56:17.00442923+02:00" level=warning msg="error authorizing context: invalid token" go.version=go1.12.7 http.request.host="gitlab.company.com:4567" http.request.id=3cc50b30-2b7d-4835-8338-c6913b266221 http.request.method=GET http.request.remoteaddr=10.72.11.20 http.request.uri="/v2/" http.request.useragent="docker/19.03.2 go/go1.12.8 git-commit/6a30dfc kernel/3.10.0-693.2.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.2 \(linux\))" 2019-09-25_19:56:17.00480 127.0.0.1 - - [25/Sep/2019:21:56:17 +0200] "GET /v2/ HTTP/1.1" 401 87 "" "docker/19.03.2 go/go1.12.8 git-commit/6a30dfc kernel/3.10.0-693.2.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.2 \\(linux\\))"
Details of package version
Provide the package version installation details
# rpm -qa | grep 'gitlab' gitlab-ee-12.3.1-ee.0.el7.x86_64 gitlab-runner-12.3.0-1.x86_64
Environment details
- Operating System: CentOS Linux release 7.7.1908 (Core)
- Installation Target, remove incorrect values:
- Bare Metal Machine
- Installation Type, remove incorrect values:
- New Installation
- Is there any other software running on the machine: gitlab-runner, docker
- Is this a single or multiple node installation? Single
- Resources
- CPU: Intel(R) Xeon(R) CPU E5-2630 v2 @ 2.60GHz
- Memory total: 32GB
Configuration details
Provide the relevant sections of `/etc/gitlab/gitlab.rb`
external_url 'https://gitlab.company.com' gitlab_rails['time_zone'] = 'Europe/Stockholm' gitlab_rails['gitlab_email_enabled'] = true gitlab_rails['gitlab_email_from'] = 'gitlab@company.com' gitlab_rails['ldap_enabled'] = true gitlab_rails['ldap_servers'] = YAML.load REDACTED registry_external_url 'https://gitlab.company.com:4567' gitlab_rails['registry_enabled'] = true registry['rootcertbundle'] = "/etc/gitlab/ssl/used.crt" nginx['enable'] = true nginx['redirect_http_to_https'] = true nginx['ssl_certificate'] = "/etc/gitlab/ssl/used.crt" nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/used.key" mattermost_external_url 'http://mattermost.company.com/' mattermost['enable'] = false mattermost['gitlab_enable'] = true mattermost['gitlab_id'] = "REDACTED" mattermost['gitlab_secret'] = "REDACTED" mattermost['gitlab_scope'] = "" mattermost['gitlab_auth_endpoint'] = "http://gitlab.company.com/oauth/authorize" mattermost['gitlab_token_endpoint'] = "http://gitlab.company.com/oauth/token" mattermost['gitlab_user_api_endpoint'] = "http://gitlab.company.com/api/v4/user" registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/used.crt" registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/used.key" gitlab_rails['ldap_sync_worker_cron'] = "10 * * * *"