Skip to content

Container Registry listening on wrong port?

I recently set up a container registry for our GitLab instance. It's supposed to run on port 5056. (We've already set up the firewall accordingly)

However, from the logs and output of netstat it seems the registry is actually running on port 5000. Now I'm not sure if this is intentional behavior, but uploading images to the registry doesn't work. From my CI/CD job I've written I know that runners can't connect to it:

Error response from daemon: Get "https://git.example.com:5056/v2/": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

This is when using the following job:

.build-docker:
  image: docker:26
  services:
    - docker:26-dind
  variables:
    IMAGE: ${CI_REGISTRY_IMAGE}/$SERVICE
  before_script:
    - docker info
    - export VER=$(date +"%Y.%m.%d")
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
  script:
    - docker build -f ${CI_PROJECT_DIR}/docker/${SERVICE}.DOCKERFILE -t ${IMAGE}:${VER} -t ${IMAGE}:latest
    - docker push ${IMAGE}:${VER}
    - docker push ${IMAGE}:latest

I also can't connect to it from my local machine:

docker login -u <user> https://git.example.com:5056
Error response from daemon: Get "https://git.example.com:5056/v2/": dial tcp xxx.xxx.xxx.xxx:5056: connect: connection refused

This also happens when I try port 5000 but that is probably due to the firewall settings which I don't have access to.

My registry is configured as follows in my /etc/gitlab/gitlab.rb:

external_url 'https://git.example.com'

# [...]

##################
# Regsitry Nginx #
##################
## see: https://docs.gitlab.com/ee/administration/packages/container_registry.html

registry_external_url 'https://git.example.com:5056'

registry_nginx['listen_https'] = true
registry_nginx['listen_port'] = '5056'
registry_nginx['ssl_certificate'] = '/path/to/my/wildcard/cert.crt'
registry_nginx['ssl_certificate_key'] = '/path/to/my/wildcard/cert.key'

gitlab_rails['registry_path'] = "/mnt/data/registry" # specifically mounted drive for registry data, owner is 'registry:git'

## see: https://docs.gitlab.com/ee/administration/packages/container_registry_metadata_database.html
registry['database'] = {
  'enabled' => true,
  'host' => 'localhost',
  'port' => 5432,
  'user' => 'registry',
  'password' => 'database-password',
  'dbname' => 'registry',
  'sslmode' => 'disable', # The database is not accessible from the outside so I didn't enable SSL
  'sslcert' => '',
  'sslkey' => '',
  'sslrootcert' => ''
}
Edited by JL Euler