À faire en même temps que moi
On créé le certificat pour registry
cd /etc/gitlab
sudo openssl req -newkey rsa:4096 -nodes -sha256 -keyout registry.das.becode.key -addext "subjectAltName = DNS:registry.das.becode" -x509 -days 365 -out registry.das.becode.cert
Il faut modifer le fichier de config de gitlab
sudo nano /etc/gitlab/gitlab.rb
Et rajouter ces lignes
gitlab_rails['gitlab_default_projects_features_container_registry'] = true
registry_external_url 'https://registry.das.becode'
gitlab_rails['registry_enabled'] = true
gitlab_rails['registry_host'] = "registry.das.becode"
registry_nginx['enable'] = true
registry_nginx['listen_port'] = 443
registry_nginx['ssl_certificate'] = "/etc/gitlab/registry.das.becode.cert"
registry_nginx['ssl_certificate_key'] = "/etc/gitlab/registry.das.becode.key"
On reconfigure gitlab
gitlab-ctl reconfigure
On va gérer le certificat auto-signé sur le client (runner1)
openssl s_client -showcerts -connect registry.das.becode:443 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ca.crt
On copie le certificat dans le bon répertoire
sudo cp ca.crt /usr/local/share/ca-certificates/
On update les certificats
sudo update-ca-certificates -v
On rédemare docker
sudo systemctl restart docker
Et on se loggue
docker login registry.das.becode