registry tls without proxy

frontal/nginx.conf

@@ -38,26 +38,3 @@ server {
         proxy_set_header X-Forwarded-Proto $scheme;
     }
 }
-
-server {
-    listen 5000 ssl http2;
-    listen [::]:5000 ssl http2;
-    server_name oxyta.net;
-
-    ssl_certificate     /etc/letsencrypt/live/oxyta.net/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/oxyta.net/privkey.pem;
-
-    access_log  /var/log/nginx/log;
-    error_log  /var/log/nginx/err;
-
-    location /.well-known {
-        alias /srv/letsencrypt/.well-known;
-    }
-
-    location / {
-        proxy_pass http://127.0.0.1:5001;
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-    }
-}

registry/README.md

@@ -0,0 +1,8 @@
+# Add to gitlab
+
+```
+echo "gitlab_rails['registry_enabled'] = true" >> /srv/gitlab/app/config/gitlab.rb
+echo "gitlab_rails['registry_host'] = 'localhost'" >> /srv/gitlab/app/config/gitlab.rb
+echo "gitlab_rails['registry_port'] = '5000'" >> /srv/gitlab/app/config/gitlab.rb
+docker exec git_app_1 gitlab-ctl reconfigure
+```

registry/docker-compose.yml

@@ -5,4 +5,9 @@ services:
     image: registry
     restart: always
     ports:
-      - "127.0.0.1:5001:5000"
+      - "5000:5000"
+    volumes:
+      - /etc/letsencrypt/live/oxyta.net:/certs
+    environment:
+      - REGISTRY_HTTP_TLS_CERTIFICATE=/certs/fullchain.pem
+      - REGISTRY_HTTP_TLS_KEY=/certs/privkey.pem