Gitlab container registry behind reverse proxy

Question

I found a lot of questions on StackOverflow with the same title as this question.

But none of the questions or answers could help me to solve my problem

(I use example.com instead of my own domain).

when I try to login to my registry like this:

docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY

I get this error:

Error response from daemon: Get https://registry.example.com/v2/: denied: access forbidden

and if I curl the url:

curl https://registry.example.com/v2/

I get this json as a response.

{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":null}]}

I have setup Gitlab with a docker-compose file:

web:
  image: 'gitlab/gitlab-ee:latest'
  restart: always
  hostname: 'gitlab.example.com'
  environment:
    GITLAB_OMNIBUS_CONFIG: |
      external_url 'http://gitlab.example.com'
      nginx['listen_port'] = 8081
      nginx['listen_https'] = false
      registry_external_url 'https://registry.example.com'
      registry['registry_http_addr'] = "gitlab.example.com:5050"
      registry_nginx['listen_port'] = 5005
      registry_nginx['listen_https'] = false
  ports:
    - '8081:8081'
    - '5050:5005'
    - '22:22'
  volumes:
    - '/home/user/gitlab/config:/etc/gitlab'
    - '/home/user/gitlab/logs:/var/log/gitlab'
    - '/home/user/gitlab/data:/var/opt/gitlab'

I have setup my NGINX like this with (certbot/LetsEncrypt):

server {
    server_name registry.example.com www.registry.example.com;
    location / {
        proxy_pass http://192.168.0.30:5050;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/registry.example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/registry.example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
    if ($host = www.registry.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = registry.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    server_name registry.example.com www.registry.example.com;
    listen 80;
    return 404; # managed by Certbot
}