Ali*_*zad 6 proxy nginx nexus docker
我目前正在尝试将nexus3配置为docker映像的私有注册表,并将nginx用作反向代理。在关联内创建了3个存储库,分别是NexusDockerProxy(docker代理),NexusDockerHosted(docker托管,http端口:4444)和NexusDockerGroup(docker组,http端口:5555),同时添加了托管和代理。
nexus是使用nginx配置的,其中我们正在使用自签名证书,并将其添加到nginx配置文件中。
server {
proxy_send_timeout 120;
proxy_read_timeout 300;
proxy_buffering off;
tcp_nodelay on;
server_tokens off;
client_max_body_size 1G;
listen 80;
server_name server908.int.org.com;
location / {
rewrite ^(.*) https://server908.int.org.com$1 permanent;
}
}
server {
listen 443;
server_name server908.int.org.com;
keepalive_timeout 60;
ssl on;
ssl_certificate /etc/ssl/certs/orgnexus.crt;
ssl_certificate_key /etc/ssl/certs/orgnexus.key;
ssl_ciphers HIGH:!kEDH:!ADH:!MD5:@STRENGTH;
ssl_session_cache shared:TLSSSL:16m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
proxy_pass http://server908.int.org.com:8082;
proxy_read_timeout 90;
}
}
# correlates to your nexus http connector
server {
listen 6666;
server_name server908.int.org.com;
keepalive_timeout 60;
ssl on;
ssl_certificate /etc/ssl/certs/orgnexus.crt;
ssl_certificate_key /etc/ssl/certs/orgnexus.key;
ssl_ciphers HIGH:!kEDH:!ADH:!MD5:@STRENGTH;
ssl_session_cache shared:TLSSSL:16m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
client_max_body_size 1G;
chunked_transfer_encoding on;
location / {
access_log /var/log/nginx/docker.log;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
proxy_pass http://server908.int.org.com:5555;
proxy_read_timeout 90;
}
}
我们在下面的条目“ / etc / default / docker”文件中添加了注释。
http_proxy=http://x.x.x.x:3128
https_proxy=http://x.x.x.x:3128
登录也成功
[root@server446 ~]$ docker login -u admin -p admin123 server908.int.org.com:6666
Login Succeeded
搜索并提取图像也可以。
[test@server446 ~]$ docker search server908.int.org.com:6666/mac
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
org.com server908.int.org.com:6666/crate CrateDB is a distributed SQL database hand... 79 [OK]
org.com server908.int.org.com:6666/maccam912/meanjs MEANJS (not MEANIO) starting point for dev... 27 [OK]
org.com server908.int.org.com:6666/macadmins/puppetmaster Simple puppetmaster based on CentOS 6 25 [OK]
org.com server908.int.org.com:6666/macadmins/bsdpy Apple NetBoot replacement written in Pytho... 18 [OK]
org.com server908.int.org.com:6666/macadmins/reposado Host Apple Software Updates from a Docker ... 12 [OK]
org.com server908.int.org.com:6666/mackerel/mackerel-agent 11 [OK]
org.com server908.int.org.com:6666/macadmins/munkiwebadmin This Docker container runs MunkiWebAdmin. ... 8 [OK]
org.com server908.int.org.com:6666/macadmins/postgres Postgres that accepts remote connections b... 8 [OK]
org.com server908.int.org.com:6666/macropin/strider Possibly the best `Dockerfile` for Strider-CD 8 [OK]
org.com server908.int.org.com:6666/mace/openvpn-as OpenVPN Access-Server with WebUI 7 [OK]
org.com server908.int.org.com:6666/frolvlad/alpine-python-machinelearning Small Docker image with Python Machine Lea... 6 [OK]
org.com server908.int.org.com:6666/macadmins/munkireport-php Docker autobuild repository for https://re... 6 [OK]
org.com server908.int.org.com:6666/mace/qbittorrent qBittorrent build from source 6 [OK]
org.com server908.int.org.com:6666/macropin/sshd (deprecated) Use docker.io/panubo/sshd 5 [OK]
org.com server908.int.org.com:6666/macadmins/macnamer 4 [OK]
org.com server908.int.org.com:6666/macadmins/puppetmaster-whdcli Puppetmaster + WHDCLI for autosigning base... 4 [OK]
org.com server908.int.org.com:6666/macadmins/sal An image that runs [Sal](https://github.co... 4 [OK]
org.com server908.int.org.com:6666/macropin/roundcube Docker container for Roundcube webmail 4 [OK]
org.com server908.int.org.com:6666/uetchy/machinelearning Dockerfile for scientists studying Machine... 4 [OK]
org.com server908.int.org.com:6666/clearlinux/machine-learning Machine Learning Container 3 [OK]
org.com server908.int.org.com:6666/hartator/wayback-machine-downloader Download an entire archive from the Waybac... 3 [OK]
org.com server908.int.org.com:6666/macadmins/whd Docker container for SolarWinds WebHelpDesk 3 [OK]
org.com server908.int.org.com:6666/macinv/gunicorn-example A simple Gunicorn example 2 [OK]
org.com server908.int.org.com:6666/macropin/mailman Mailman all in one container 2 [OK]
org.com server908.int.org.com:6666/spacemacs/emacs25 Spacemacs running on Emacs 25. 2 [OK]
[test@server446 ~]$ docker pull server908.int.org.com:6666/macadmins/puppetmaster
Using default tag: latest
Trying to pull repository server908.int.org.com:6666/macadmins/puppetmaster ...
sha256:bf7a53a0ddb6cd0371cfec3fe6131347b5a3712c2cf282400c979ed254a38f67: Pulling from server908.int.org.com:6666/macadmins/puppetmaster
0d399614d56a: Pull complete
75e4c6031170: Pull complete
12a00ed15a39: Pull complete
6fb754ec65e3: Pull complete
9b6cf7664f02: Pull complete
07db30a930a5: Pull complete
ccdd2cf9b303: Pull complete
820dfdfc6db7: Pull complete
78c5dec8ba5d: Pull complete
Digest: sha256:bf7a53a0ddb6cd0371cfec3fe6131347b5a3712c2cf282400c979ed254a38f67
Status: Downloaded newer image for server908.int.org.com:6666/macadmins/puppetmaster:latest
但是,在推送图像时,出现以下404错误。
[test@server446 ~]$ docker push server908.int.org.com:6666/maven:1
The push refers to a repository [server908.int.org.com:6666/maven]
701925f78142: Layer already exists
78bb4fee972f: Layer already exists
e1300844f726: Layer already exists
bfee0515af91: Preparing
2afcf4c557eb: Preparing
72cfa243711c: Waiting
9bf603e17b04: Waiting
70b22baddf90: Waiting
596ecbaf3ba4: Waiting
445ed6ee6867: Waiting
c59fa6cbcbd9: Waiting
8d4d1ab5ff74: Waiting
error parsing HTTP 404 response body: invalid character '<' looking for beginning of value:
我确实试图使它起作用,但是现在停留在最后一步。感谢帮助docker push工作的任何帮助。
error parsing HTTP 404 response body...当您只能推送到托管存储库时,nexus 试图告诉您您正在推送到组或代理存储库,这是典型的错误。
据我所知,这种解释可能适合:
使用 nginx 配置
server {
listen 6666;
server_name server908.int.org.com;
...
proxy_pass http://server908.int.org.com:5555;
proxy_read_timeout 90;
...
}
你推送到这个代理:
docker push server908.int.org.com:6666/maven:1
您最终会推送到 server908.int.org.com:5555。
使用上面的 Nexus 配置
在 nexus 中创建了 3 个 repos,即 NexusDockerProxy(docker 代理)、NexusDockerHosted(docker 托管,http 端口:4444)和 NexusDockerGroup(docker 组,http 端口:5555),并添加了托管和代理
您正在推送到 Docker 组。我认为这就是它抛出上述错误的原因。
将您的 nginx-proxy 配置为转发到 4444 而不是 5555,您应该可以正常推送。
旁注:这使得有必要有两个端点(一个用于“从组中读取”)和一个用于推送到 Nexus。
因此,在您的 nginx 配置中设置两个端点(一个代理到 5555,一个代理到 4444)。在所有 Dockerfile 中以及从注册表中提取时,使用 4444 的代理。仅在推送时使用代理到 5555。
所以我建议这样的事情可能会奏效:
# Proxy 1, the "pull" proxy. Use this when pulling and in your Dockerfiles/docker-compose files
server {
listen 6666;
server_name server908.int.org.com;
[...ssl config and everything else...]
location / {
access_log /var/log/nginx/docker-pull.log;
[...header config and other things...]
proxy_pass http://server908.int.org.com:5555;
proxy_read_timeout 90;
}
}
# Proxy 2, the "push" proxy. Use this endpoint ONLY when pushing images to Nexus.
server {
listen 7777;
server_name server908.int.org.com;
[...ssl config and everything else...]
location / {
access_log /var/log/nginx/docker-push.log;
[...header config and other things...]
proxy_pass http://server908.int.org.com:4444;
proxy_read_timeout 90;
}
}
现在我不是 Nexus 专家,但这应该可以解决您的问题。我不确定 Nexus 是否打算通过一个端点(组并通过一个端口托管 Docker 存储库)来工作,但我记得在当天使用这两个端点进行设置,一个用于推一个拉。
希望能帮助到你!
现在可以使用了。配置服务器端口 6666 块与要使用的不同代理端口。对于 GET 请求代理端口应为 5555(即 docker-proxy repo)端口,除 GET 代理端口外应为 4444(即 docker-hosted repo)端口
在“/etc/default/docker”文件中注释了代理条目。
重新启动 Nginx。
执行登录
登录后,将在“.docker”目录下创建文件名“config.json”
搜索 docker hub 中可用的图像。通过 Nexus 代理从 docker hub 拉取镜像 标记拉取的镜像 推送镜像
从 Nexus Repo 中提取(这应该比从 docker hub 中提取要快)还要确保在 Nexus SSL 证书部分中添加代理服务器证书。
keytool -J-Dhttps.proxyHost=<proxy_hostname> -J-Dhttps.proxyPort=<proxy_port> -printcert -rfc -sslserver <remote_host_name:remote_ssl_port>
将 和 替换为 Nexus 在 Administration -> Server 下配置的 HTTP 代理服务器。替换为存在认证问题的远程主机和端口之一。如果端口是默认的 443,则可以省略。
您应该看到上述命令至少打印了两个条目。获取最后打印的证书内容并将其完全复制到剪贴板。这应该是您的代理服务器的证书,添加到证书链的末尾。
复制的证书内容应以-----BEGIN CERTIFICATE-----开头,以-----END CERTIFICATE-----结尾。
然后在 Nexus UI 中,转到管理 -> SSL 证书,然后单击添加...并选择粘贴 PEM。将证书内容粘贴到打开的对话框中。
单击加载证书。在下一个窗口中验证证书内容。验证列出的颁发者详细信息是否来自您的代理服务器证书。如果您满意,请单击“添加证书”。
希望这对您有帮助。
| 归档时间: |
|
| 查看次数: |
6348 次 |
| 最近记录: |