Setting up GitLab Private Registry as Nexus Docker Proxy Repository

Sonatype Nexus Repository
, ,
1

Dear All,

We are trying to setup a GitLab private container registry as nexus docker proxy repository. Nexus is running in as airgap environment and accessing gitlab via proxy server. We have trusted all the required SSL certs (of gitlab and proxy) in Nexus.

However when we are trying to pull images stored in gitlab, we keep getting manifest unknown error as mentioned below. We also notice that nexus automatically adds v2 in front of registry name, not sure if there is any way to avoid this.

admin org-sonatype.nexus. repository. docker. internal. v2Handlers - Is the remote url a valid docker endpoint? Remote host https://registry.gitlab.com/ with path /v2/<registry_name>/manifests /<version> did not return the expected response. Error message: manifest unknown

Kindly suggest if we need to configure some properties differently, and how can we overcome this issue?

TIA.

2

Just to share quick update on this:

  • We further figured out that proxy doesn’t have any role (or concern) here
  • If we allow all outbound internet traffic (from nexus server) this starts to work fine
  • But if we only allow registry.gitlab.com traffic this gives the error as shared above.

So now the question is - Which additional URLs (outbound) we need to allow/whitelist so this would work fine.