Kid*_*Oob 13 nginx nexus docker
我在Linux VM上运行Nexus Repository Manager OSS 3.0.1-01在该VM上,我有nginx正在努力将代理http请求保留为https.我的SSL密钥由受信任的CA签名我创建了一个maven存储库,只要我有客户端计算机发布它就可以正常工作.
此外,在我的客户端计算机上,当我使用我的docker客户端,并进行docker登录时.我收到各种错误.
我按照这些说明https://books.sonatype.com/nexus-book/3.0/reference/docker.html#_accessing_repositories 特别是第9.2节,老实说,我花了最后两天无处可去.
我已经阅读了这里提到的所有内容: 无法连接到存储在Azure VM上的Nexus 3预览版中的Docker注册表 但是用户解释的设置让我感到困惑.
对于我们尝试通过添加--insecure-registry到/etc/default/docker文件来实现不安全设置的设置,根本不是一个选项.
我试图遵循多个教程只是为了理解docker注册表的内部工作原理但我无法将它拼凑在一起.我已经在一定程度上看了这个:https://www.digitalocean.com/community/tutorials/how-to-set-up-a-private-docker-registry-on-ubuntu-14-04
我在stackoverflow中使用了其他响应来帮助我解决 在nginx代理后面使用docker private registry(v2)的格式错误的HTTP响应
但老实说,我不能说我发现任何能够直接理解这一点的东西.NGINX没有报告任何错误登录/var/log/nginx/errors.log,每次我尝试登陆停机时,访问日志看起来都像基本'GETS'.docker登录
/var/log/upstart/docker.log报告的错误与我在下面用404错误说明的错误相同.还在github上关注这个问题,看看是否有任何帮助github com/docker/docker/issues/8410.任何协助让我能够成功登陆这个私人nexus 3回购的登陆者将是惊人的.
现在也许我对我为了让我的docker客户端成功使用这个nexus repo所阅读的所有内容感到困惑,但是我需要设置一个docker(group)repo,这是我的问题的根源吗?或者我可以只拥有一个泊坞(托管)回购.因为截至目前我只有一个泊坞(托管)回购.Nexus文档没有给我一种印象,即团队回购也需要让事情发挥作用.
最后但同样重要的是,我希望我的问题足够具体,我希望你们看到我在这里做了一些努力.我真的试过了!
当我登录时,我使用的是本地管理员用户,使用默认的管理员密码.首先让我提出问题:
如果我尝试没有端口,我得到以下 -
root:~# docker login box.company.net
Error response from daemon: Login:
<!DOCTYPE html>
<html>
<head>
<title>404 - Nexus Repository Manager</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
使用4444的HTTP端口,我得到以下内容
root:~# docker login box.company.net:4444
Error response from daemon: Get https://box.company.net:4444/v1/users/: `http: server gave HTTP response to HTTPS client`
如果我在Nexus UI中将HTTPS添加到4445,那么我就会运行
root:~# docker login box.company.net:4445
Error response from daemon: Get https://box.company.net:4445/v1/users/: dial tcp x.x.x.x:4445: getsockopt: connection refused
这是我的环境信息:
#cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=14.04
DISTRIB_CODENAME=trusty
DISTRIB_DESCRIPTION="Ubuntu 14.04.5 LTS"
# uname -r
3.19.0-65-generic
# nginx -v
nginx version: nginx/1.4.6 (Ubuntu)
~# docker version
Client:
Version: 1.12.1
API version: 1.24
Go version: go1.6.3
Git commit: 23cf638
Built: Thu Aug 18 05:22:43 2016
OS/Arch: linux/amd64
Server:
Version: 1.12.1
API version: 1.24
Go version: go1.6.3
Git commit: 23cf638
Built: Thu Aug 18 05:22:43 2016
OS/Arch: linux/amd64
cat /etc/nginx/conf.d/site.conf
server {
proxy_send_timeout 120;
proxy_read_timeout 300;
proxy_buffering off;
tcp_nodelay on;
server_tokens off;
client_max_body_size 1G;
listen 80;
server_name box.company.net;
location / {
rewrite ^(.*) https://box.company.net$1 permanent;
}
}
server {
listen 443;
server_name box.company.net;
keepalive_timeout 60;
ssl on;
ssl_certificate /etc/nginx/conf.d/net.crt;
ssl_certificate_key /etc/nginx/conf.d/net.key;
ssl_ciphers HIGH:!kEDH:!ADH:!MD5:@STRENGTH;
ssl_session_cache shared:TLSSSL:16m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
proxy_pass http://x.x.x.x:8081;
proxy_read_timeout 90;
}
}
这里有一些基本的卷曲结果以获取更多信息,如果这将有所帮助.
root:~# curl -v https://box.company.net
* Rebuilt URL to: https://box.company.net
* Hostname was NOT found in DNS cache
* Trying x.x.x.x...
* Connected to box.company.net (x.x.x.x) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
* subject: OU=Domain Control Validated; CN=*.company.net
* start date: 2016-04-01 14:01:38 GMT
* expire date: 2018-04-14 15:15:04 GMT
* subjectAltName: box.company.net matched
* issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2
* SSL certificate verify ok.
> GET / HTTP/1.1
> User-Agent: curl/7.35.0
> Host: box.company.net
> Accept: */*
>
< HTTP/1.1 200 OK
* Server nginx/1.4.6 (Ubuntu) is not blacklisted
< Server: nginx/1.4.6 (Ubuntu)
< Date: Thu, 25 Aug 2016 13:39:14 GMT
< Content-Type: text/html
< Content-Length: 5077
< Connection: keep-alive
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< Last-Modified: Thu, 25 Aug 2016 13:39:14 GMT
< Pragma: no-cache
< Cache-Control: post-check=0, pre-check=0
< Expires: 0
任何有助于让docker登录private.registry.net的帮助都非常有用,谢谢.
我不得不在我的 nginx 配置中添加一个额外的(服务器)条目,就在上一个条目的正下方
重启nginx
docker 客户端,将连接到端口 6666,nginx 会将流量路由到端口 4444,该端口
# correlates to your nexus http connector
server {
listen 6666;
server_name box.company.net;
keepalive_timeout 60;
ssl on;
ssl_certificate /etc/nginx/conf.d/net.crt;
ssl_certificate_key /etc/nginx/conf.d/net.key;
ssl_ciphers HIGH:!kEDH:!ADH:!MD5:@STRENGTH;
ssl_session_cache shared:TLSSSL:16m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
client_max_body_size 1G;
chunked_transfer_encoding on;
location / {
access_log /var/log/nginx/docker.log;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
proxy_pass http://x.x.x.x:4444;
proxy_read_timeout 90;
}
}
那么我可以做
docker login -u username -p password box.company.net:6666
docker pull box.company.net:6666/docker-image:tag
docker push box.company.net:6666/docker-image:tag
| 归档时间: |
|
| 查看次数: |
7079 次 |
| 最近记录: |