Add info on using self-signed certs with Registry

b60aa77a · Achilleas Pipinellis · 606e9cef · b60aa77a
Commit b60aa77a authored Jun 06, 2017 by Achilleas Pipinellis
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 10 deletions

doc/administration/container_registry.md doc/administration/container_registry.md +20 -10

No files found.
--- a/doc/administration/container_registry.md
+++ b/doc/administration/container_registry.md
 # GitLab Container Registry administration

-> [Introduced][ce-4040] in GitLab 8.8.
-
---
-
 > **Notes:**
+- [Introduced][ce-4040] in GitLab 8.8.
 - Container Registry manifest `v1` support was added in GitLab 8.9 to support
  Docker versions earlier than 1.10.
 - This document is about the admin guide. To learn how to use GitLab Container
@@ -514,8 +511,8 @@ configurable in future releases.

 ## Configure Container Registry notifications

-You can configure the Container Registry to send webhook notifications in 
-response to events happening within the registry.  
+You can configure the Container Registry to send webhook notifications in
+response to events happening within the registry.

 Read more about the Container Registry notifications config options in the
 [Docker Registry notifications documentation][notifications-config].
@@ -568,12 +565,25 @@ notifications:
      backoff: 1000
 ```

-## Changelog
+## Using self-signed certificates with Container Registry
+
+If you're using a self-signed certificate with your Container Registry, you
+might encounter issues during the CI jobs like the following:
+
+```
+Error response from daemon: Get registry.example.com/v1/users/: x509: certificate signed by unknown authority
+```

-**GitLab 8.8 ([source docs][8-8-docs])**
+The Docker daemon running the command expects a cert signed by a recognized CA,
+thus the error above.

- GitLab Container Registry feature was introduced.
+While GitLab doesn't support using self-signed certificates with Container
+Registry out of the box, it is possible to make it work if you follow
+[Docker's documentation][docker-insecure]. You may find some additional
+information in [issue 18239][ce-18239].

+[ce-18239]: https://gitlab.com/gitlab-org/gitlab-ce/issues/18239
+[docker-insecure]: https://docs.docker.com/registry/insecure/#using-self-signed-certificates
 [reconfigure gitlab]: restart_gitlab.md#omnibus-gitlab-reconfigure
 [restart gitlab]: restart_gitlab.md#installations-from-source
 [wildcard certificate]: https://en.wikipedia.org/wiki/Wildcard_certificate
@@ -589,4 +599,4 @@ notifications:
 [existing-domain]: #configure-container-registry-under-an-existing-gitlab-domain
 [new-domain]: #configure-container-registry-under-its-own-domain
 [notifications-config]: https://docs.docker.com/registry/notifications/
-[registry-notifications-config]: https://docs.docker.com/registry/configuration/#notifications
\ No newline at end of file
+[registry-notifications-config]: https://docs.docker.com/registry/configuration/#notifications