Unable to login to container registry when specifying port, 401 Unauthorized

Summary

Configure GitLab to host a docker container registry under the same domain (follow https://docs.gitlab.com/ee/administration/packages/container_registry.html#configure-container-registry-under-an-existing-gitlab-domain ). Trying to login to the registry fails when specifying the port, but succeeds when no port is specified.

Steps to reproduce

Use GitLab-omnibus.
Follow the guide at https://docs.gitlab.com/ee/administration/packages/container_registry.html#configure-container-registry-under-an-existing-gitlab-domain
You should now have something like this in your gitlab.rb

 registry_external_url 'https://gitlab.company.com:4567'
 gitlab_rails['registry_enabled'] = true
 registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/used.crt"
 registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/used.key"

Reconfigure for the settings to take effect gitlab-ctl reconfigure.

Trying to login to the registry

# docker login sms-dev1.schoolsoft.se:4567
Username: fibe
Password: 
Error response from daemon: login attempt to https://gitlab.company.com:4567/v2/ failed with status: 401 Unauthorized

Try again, but skip the port

# docker login gitlab.company.com
Username: fibe
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

What is the current bug behavior?

You can't log in to the registry with the URL you have specified for the registry.
Since you can't log in with the port specified every build that uses $CI_REGISTRY fails as that variable contains the port.

What is the expected correct behavior?

You should be able to login to the registry with the port.

Relevant logs


/var/log/gitlab/registry/current
2019-09-25_19:43:39.99323 127.0.0.1 - - [25/Sep/2019:21:43:39 +0200] "GET /v2/ HTTP/1.1" 401 87 "" "docker/19.03.2 go/go1.12.8 git-commit/6a30dfc kernel/3.10.0-693.2.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.2 \\(linux\\))"
2019-09-25_19:43:55.63779 time="2019-09-25T21:43:55.637725326+02:00" level=warning msg="error authorizing context: authorization token required" go.version=go1.12.7 http.request.host="gitlab.company.com:4567" http.request.id=f9bfc1bd-36f3-42eb-9310-028e4c510e92 http.request.method=GET http.request.remoteaddr=10.72.11.20 http.request.uri="/v2/" http.request.useragent="docker/19.03.2 go/go1.12.8 git-commit/6a30dfc kernel/3.10.0-693.2.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.2 \(linux\))" 
2019-09-25_19:43:55.63786 127.0.0.1 - - [25/Sep/2019:21:43:55 +0200] "GET /v2/ HTTP/1.1" 401 87 "" "docker/19.03.2 go/go1.12.8 git-commit/6a30dfc kernel/3.10.0-693.2.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.2 \\(linux\\))"
2019-09-25_19:54:50.18635 time="2019-09-25T21:54:50.186234169+02:00" level=warning msg="error authorizing context: authorization token required" go.version=go1.12.7 http.request.host="gitlab.company.com:4567" http.request.id=8a8a6e1c-0e74-46ec-93de-723e329ac6af http.request.method=GET http.request.remoteaddr=10.72.11.20 http.request.uri="/v2/" http.request.useragent="docker/19.03.2 go/go1.12.8 git-commit/6a30dfc kernel/3.10.0-693.2.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.2 \(linux\))" 
2019-09-25_19:54:50.18638 127.0.0.1 - - [25/Sep/2019:21:54:50 +0200] "GET /v2/ HTTP/1.1" 401 87 "" "docker/19.03.2 go/go1.12.8 git-commit/6a30dfc kernel/3.10.0-693.2.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.2 \\(linux\\))"
2019-09-25_19:56:16.77790 time="2019-09-25T21:56:16.777753628+02:00" level=warning msg="error authorizing context: authorization token required" go.version=go1.12.7 http.request.host="gitlab.company.com:4567" http.request.id=8a23ca79-b493-4cb9-afaf-9351a11687e1 http.request.method=GET http.request.remoteaddr=10.72.11.20 http.request.uri="/v2/" http.request.useragent="docker/19.03.2 go/go1.12.8 git-commit/6a30dfc kernel/3.10.0-693.2.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.2 \(linux\))" 
2019-09-25_19:56:16.77795 127.0.0.1 - - [25/Sep/2019:21:56:16 +0200] "GET /v2/ HTTP/1.1" 401 87 "" "docker/19.03.2 go/go1.12.8 git-commit/6a30dfc kernel/3.10.0-693.2.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.2 \\(linux\\))"
2019-09-25_19:56:17.00476 time="2019-09-25T21:56:17.004317209+02:00" level=info msg="token signed by untrusted key with ID: "U2WU:XL6Q:7PW6:C6R6:P4F2:VTET:BG27:RCIB:D2S3:CDDT:72OI:ULOP"" 
2019-09-25_19:56:17.00479 time="2019-09-25T21:56:17.00442923+02:00" level=warning msg="error authorizing context: invalid token" go.version=go1.12.7 http.request.host="gitlab.company.com:4567" http.request.id=3cc50b30-2b7d-4835-8338-c6913b266221 http.request.method=GET http.request.remoteaddr=10.72.11.20 http.request.uri="/v2/" http.request.useragent="docker/19.03.2 go/go1.12.8 git-commit/6a30dfc kernel/3.10.0-693.2.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.2 \(linux\))" 
2019-09-25_19:56:17.00480 127.0.0.1 - - [25/Sep/2019:21:56:17 +0200] "GET /v2/ HTTP/1.1" 401 87 "" "docker/19.03.2 go/go1.12.8 git-commit/6a30dfc kernel/3.10.0-693.2.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.2 \\(linux\\))"

Details of package version

Provide the package version installation details

# rpm -qa | grep 'gitlab'
gitlab-ee-12.3.1-ee.0.el7.x86_64
gitlab-runner-12.3.0-1.x86_64

Environment details

Operating System: CentOS Linux release 7.7.1908 (Core)
Installation Target, remove incorrect values:
- Bare Metal Machine
Installation Type, remove incorrect values:
- New Installation
Is there any other software running on the machine: gitlab-runner, docker
Is this a single or multiple node installation? Single
Resources
- CPU: Intel(R) Xeon(R) CPU E5-2630 v2 @ 2.60GHz
- Memory total: 32GB

Configuration details

Provide the relevant sections of `/etc/gitlab/gitlab.rb`


external_url 'https://gitlab.company.com'
gitlab_rails['time_zone'] = 'Europe/Stockholm'
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = 'gitlab@company.com'
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load REDACTED
 registry_external_url 'https://gitlab.company.com:4567'
 gitlab_rails['registry_enabled'] = true
registry['rootcertbundle'] = "/etc/gitlab/ssl/used.crt"
nginx['enable'] = true
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/used.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/used.key"
mattermost_external_url 'http://mattermost.company.com/'
mattermost['enable'] = false
mattermost['gitlab_enable'] = true
mattermost['gitlab_id'] = "REDACTED"
mattermost['gitlab_secret'] = "REDACTED"
 mattermost['gitlab_scope'] = ""
mattermost['gitlab_auth_endpoint'] = "http://gitlab.company.com/oauth/authorize"
mattermost['gitlab_token_endpoint'] = "http://gitlab.company.com/oauth/token"
mattermost['gitlab_user_api_endpoint'] = "http://gitlab.company.com/api/v4/user"
registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/used.crt"
registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/used.key"
gitlab_rails['ldap_sync_worker_cron'] = "10 * * * *"

Edited Sep 25, 2019 by Filip Bellander