How to setup self-hosted Gitlab with Container Registry?


I’m trying to configure self-hosted gitlab-ce docker container on localhost.

Gitlab runs fine, but I have problem with insecure container registry.

My Gitlab build fails when trying to login to the container repository.

I’m working on Windows 10 OS.

This is my gitlab-ci.yml configuration:

  - prepare

  image: docker:19.03.14
    - name: docker:19.03.14-dind
      alias: docker
      command: ["--tls=false", ""]
  stage: prepare
    - docker
    DOCKER_HOST: tcp://docker:2375
    GIT_STRATEGY: none
    GIT_TRACE: 1
    - docker info
      - echo $CI_REGISTRY_USER
      - echo $CI_REGISTRY

I have added address and IP map to /etc/host:

Later, I have modified docker daemon.json for insecure registry:

 "builder": {
  "gc": {
   "defaultKeepStorage": "20GB",
   "enabled": true
 "insecure-registries": [
 "experimental": false

In gitlab.rb config, I have set following parameters:

external_url ''
registry_external_url ''

### Settings used by GitLab application
gitlab_rails['registry_enabled'] = true
gitlab_rails['registry_port'] = "5000"
gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"

And this is Gitlab’s Runner config:

concurrent = 1
check_interval = 0
shutdown_timeout = 0

  session_timeout = 1800

  name = "Gitlab Runner"
  url = ""
  extra_hosts = [""]
  id = 2
  token = "my-token"
  token_obtained_at = 2023-08-14T07:38:15Z
  token_expires_at = 0001-01-01T00:00:00Z
  executor = "docker"
    MaxUploadedArchiveSize = 0
    tls_verify = false
    image = "ruby:2.7"
    privileged = true
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    volumes = ["/cache"]
    shm_size = 0

These are my containers:

IMAGE                      PORTS                                                          NAMES
gitlab/gitlab-runner                                                                      gitlab-runner
registry:2       >5000/tcp                                         registry
gitlab/gitlab-ce:latest>22/tcp,>80/tcp,>443/tcp   gitlab

The error I got in Gitlab build log is that I can’t connect to container registry:

$ docker info
WARNING: API is accessible on without encryption.
         Access to the remote API is equivalent to root access on the host. Refer
         to the 'Docker daemon attack surface' section in the documentation for
         more information:
 Debug Mode: false
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 19.03.14
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: container_version
 runc version: runvc_version
 init version: fec3683
 Security Options:
   Profile: default
 Kernel Version:
 Operating System: Alpine Linux v3.12 (containerized)
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 7.719GiB
 Name: my_name
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
 Live Restore Enabled: false
 Product License: Community Engine
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get dial tcp connect: connection refused
ERROR: Job failed: exit code 1

I should mention that I had mounted volume for docker.sock like this:

docker run -d --name gitlab-runner --restart always -v C:\my_path_to\gitlab\runner\config:/etc/gitlab-runner -v //var/run/docker.sock:/var/run/docker.sock gitlab/gitlab-runner

Also interesting thing is that when I try to log in to container repository from my computer’s command prompt, it says log in is successful even if I provide wrong credentials:

C:\Users\my_user\workspace\repository>docker login
Username: wrong+name
Login Succeeded

Maybe I configured DNS in /etc/host wrong. Can I solve it with only one address, etc: (no need for

I try to change settings, but can’t get it working. Can somebody help me?

I have managed to run Gitlab-ce with container registry.

Firstly, gitlab-ce has built in container registry so there is no need in my case for other container.

Secondly, I configured container registry with self-signed certificate so there is no need to use insecure registry.
I have generated certificate for IP address:

  1. Create configuration file cert.cfg:
default_bits = 4096
default_md = sha256
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
C = LT
ST = Vilniaus m.
L = Vilnius
O = Company
OU = MyDivision
CN =
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
IP.1 =
  1. Create certificate and key:
    openssl req -new -nodes -x509 -days 365 -keyout -out -config cert.cfg

  2. crt file must be placed in docker path:
    cp /this/is/path/docker/etc/certs.d/

NOTE: There is no need to restart docker.

I haven’t configure Gitlab-ce with certificate it works on plain HTTP (only container registry with HTTPS).

gitlab.rb configuration file looks like this:

          external_url ''
          registry_external_url ''
          registry['enable'] = true
          registry['env'] = {
            "REGISTRY_HTTP_RELATIVEURLS" => true