From 47f4de58d7b8dcffb5c543ce304bab096451b64e Mon Sep 17 00:00:00 2001
From: saibotk <git@saibotk.de>
Date: Sun, 15 Aug 2021 23:57:13 +0200
Subject: [PATCH] gitlab: Add options for port and entrypoint to registry
 config

This patch enables users to customize the entrypoint and port that is shown for external access (only supplied so gitlab can still show valid registry links).
---
 roles/gitlab/defaults/main.yml            | 2 ++
 roles/gitlab/templates/docker-compose.yml | 8 ++++----
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/roles/gitlab/defaults/main.yml b/roles/gitlab/defaults/main.yml
index a907521..5fb1e60 100644
--- a/roles/gitlab/defaults/main.yml
+++ b/roles/gitlab/defaults/main.yml
@@ -102,6 +102,8 @@ gitlab_csp:
 # Gitlab docker registry settings
 gitlab_registry:
   enabled: false
+  # external_port: 5050 # Defines the port that is appended to the registry domain used by gitlab.
+  # traefik_entrypoint: "websecure" # Defines the entrypoint that traefik should use for the registry. Can be useful to use another port while still using the certificate of the domain.
 
 # Gitlab telegraf configuration, allows to configure a monitoring setup for Gitlab
 gitlab_telegraf:
diff --git a/roles/gitlab/templates/docker-compose.yml b/roles/gitlab/templates/docker-compose.yml
index da86bca..159a5d8 100644
--- a/roles/gitlab/templates/docker-compose.yml
+++ b/roles/gitlab/templates/docker-compose.yml
@@ -115,8 +115,8 @@ services:
         # Gitlab registry
         gitlab_rails['registry_enabled'] = true
         gitlab_rails['registry_host'] = "{{ gitlab_registry_domain }}"
-        registry_external_url "https://{{ gitlab_registry_domain }}"
-        registry_nginx['listen_port'] = 5050
+        registry_external_url "https://{{ gitlab_registry_domain }}{% if gitlab_registry.external_port is defined %}:{{ gitlab_registry.external_port }}{% endif %}"
+        registry_nginx['listen_port'] = 5040
         registry_nginx['listen_https'] = false
 {% endif %}
 
@@ -196,12 +196,12 @@ services:
 
 {% if gitlab_registry.enabled %}
       - "traefik.http.routers.gitlab-registry.rule=Host(`{{ gitlab_registry_domain }}`) && PathPrefix(`/`)"
-      - "traefik.http.routers.gitlab-registry.entrypoints=websecure"
+      - "traefik.http.routers.gitlab-registry.entrypoints={{ gitlab_registry.traefik_entrypoint | default('websecure') }}"
       - "traefik.http.routers.gitlab-registry.tls=true"
       - "traefik.http.routers.gitlab-registry.tls.certresolver={{ gitlab_traefik_certresolver }}"
       - "traefik.http.routers.gitlab-registry.middlewares=gitlab,compress"
       - "traefik.http.routers.gitlab-registry.service=gitlab-registry"
-      - "traefik.http.services.gitlab-registry.loadbalancer.server.port=5050"
+      - "traefik.http.services.gitlab-registry.loadbalancer.server.port=5040"
 {% endif %}
 
       - "traefik.http.middlewares.gitlab.headers.sslredirect=true"