页面“Jenkins自动化构建和部署例子”与“部署私有Docker私有镜像仓库 harbor Registry-Docker”之间的差异
第1行: | 第1行: | ||
− | = | + | =高级之Harbor= |
− | [ | + | [https://www.cnblogs.com/bytefish/p/8452190.html 安装Harbor1.4.0开源docker镜像仓库(含letsencrypt证书] |
− | + | https://blog.51cto.com/u_13043516/2365284 | |
− | |||
− | = | + | =初入门= |
− | + | <pre> | |
+ | docker run -d -p 5000:5000 --restart=always --name registry -v /opt/registry:/var/lib/registry registry:2 | ||
+ | |||
+ | 93602b4311e2 k8s.gcr.io/pause:3.1 "/pause" | ||
+ | |||
+ | commit 将一个容器提交成镜像 和指定tag | ||
+ | root@k8s-node1:~# docker commit 93602b4311e2 192.168.88.59:5000/mypause:v1 | ||
+ | 335sha256:0937ae67cb675168c23ede1e15408d19d235112a892f1c095c33404f50c9bf9f | ||
− | + | docker push 192.168.88.59:5000/mypause:v1 | |
− | + | </pre> | |
+ | |||
+ | =使用Docker Registry= | ||
+ | |||
+ | == docker 运行== | ||
+ | 如何 docker-compose | ||
− | |||
<pre> | <pre> | ||
− | + | info Registry server 192.168.88.52 | |
− | + | ||
− | + | mkdir /data/registry | |
− | + | #指定目录比指定配置文件更加重要 | |
− | + | docker run -d \ | |
+ | -p 5000:5000 \ | ||
+ | --restart=always \ | ||
+ | --name registry \ | ||
+ | -v /data/registry:/var/lib/registry \ | ||
+ | registry:2 | ||
+ | |||
+ | |||
+ | |||
+ | docker images | ||
+ | REPOSITORY TAG IMAGE ID CREATED SIZE | ||
+ | php 7.1-fpm-alpine cbfebc795f0b 4 weeks ago 70.1MB | ||
+ | docker tag php:7.1-fpm-alpine 192.168.88.52:5000/php | ||
− | + | [root@localhost ~]# docker push 192.168.88.52:5000/php | |
+ | The push refers to repository [192.168.88.52:5000/php] | ||
+ | Get https://192.168.88.52:5000/v2/: http: server gave HTTP response to HTTPS client | ||
− | + | vi /etc/docker/daemon.json | |
− | + | { "insecure-registries":["192.168.88.52:5000"] } | |
− | + | ||
+ | systemctl restart docker | ||
+ | |||
+ | #再次push成功 | ||
+ | docker push 192.168.88.52:5000/php | ||
</pre> | </pre> | ||
− | = | + | =配置SSL证书及nginx反向代理docker registry= |
+ | ==SSL证书生成== | ||
+ | |||
+ | <pre> | ||
+ | |||
+ | |||
+ | 搭建私有CA,初始化CA环境,在/etc/pki/CA/下建立证书索引数据库文件index.txt和序列号文件serial,并为证书序列号文件提供初始值。 | ||
+ | # touch /etc/pki/CA/{index.txt,serial} | ||
+ | # echo 01 > /etc/pki/CA/serial | ||
+ | |||
+ | |||
+ | 生成密钥并保存到/etc/pki/CA/private/cakey.pem | ||
+ | # (umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048) | ||
+ | |||
+ | 生成根证书 | ||
+ | # openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3650 | ||
+ | |||
+ | |||
+ | 需要填写的信息: | ||
+ | |||
+ | Country Name (2 letter code) [XX]:CN | ||
+ | State or Province Name (full name) []:Beijing | ||
+ | Locality Name (eg, city) [Default City]:Beijing | ||
+ | Organization Name (eg, company) [Default Company Ltd]:hub | ||
+ | Organizational Unit Name (eg, section) []:ops | ||
+ | Common Name (eg, your name or your server's hostname) []:hub.com | ||
+ | Email Address []:[email protected] | ||
+ | |||
+ | |||
+ | 使系统信任根证书 | ||
+ | cat /etc/pki/CA/cacert.pem >> /etc/pki/tls/certs/ca-bundle.crt | ||
+ | |||
+ | 安装nginx | ||
+ | yum install openssl模块已有 | ||
+ | |||
+ | |||
+ | 签发证书 | ||
+ | 创建ssl目录用来存放密钥文件和证书申请文件 | ||
+ | |||
+ | mkdir /app/nginx/conf/ssl | ||
+ | |||
+ | 创建密钥文件和证书申请文件 | ||
+ | (umask 077;openssl genrsa -out /app/nginx/conf/ssl/docker.key 2048) | ||
+ | openssl req -new -key /app/nginx/conf/ssl/docker.key -out /app/nginx/conf/ssl/docker.csr | ||
+ | |||
+ | |||
+ | 填写的申请信息前四项要和私有CA的信息一致 | ||
+ | |||
+ | Country Name (2 letter code) [XX]:CN | ||
+ | State or Province Name (full name) []:Beijing | ||
+ | Locality Name (eg, city) [Default City]:Beijing | ||
+ | Organization Name (eg, company) [Default Company Ltd]:hub | ||
+ | Organizational Unit Name (eg, section) []:ops | ||
+ | Common Name (eg, your name or your server's hostname) []:hub.com | ||
+ | Email Address []:[email protected] | ||
+ | |||
+ | Please enter the following 'extra' attributes | ||
+ | to be sent with your certificate request | ||
+ | A challenge password []: #直接回车 | ||
+ | An optional company name []: | ||
+ | |||
+ | |||
+ | 签署,证书 | ||
+ | openssl ca -in /app/nginx/conf/ssl/docker.csr -out /app/nginx/conf/ssl/docker.crt -days 3650 | ||
+ | |||
+ | output 省 | ||
+ | Certificate is to be certified until Jun 30 02:55:22 2029 GMT (3650 days) | ||
+ | Sign the certificate? [y/n]:y | ||
+ | |||
+ | |||
+ | 1 out of 1 certificate requests certified, commit? [y/n]y | ||
+ | Write out database with 1 new entries | ||
+ | Data Base Updated </pre> | ||
+ | |||
+ | ===配置nginx反向代理docker registry=== | ||
<pre> | <pre> | ||
− | + | 添加认证 | |
− | + | yum -y install httpd-tools | |
+ | #docker-registry.htpasswd 文件看nginx 的配置文件便可知 | ||
+ | htpasswd -c /etc/nginx/conf.d/docker-registry.htpasswd test | ||
+ | New password: | ||
+ | Re-type new password: | ||
+ | Adding password for user test | ||
− | + | ||
+ | [root@localhost conf.d]# cat docker-registry.conf | ||
+ | |||
+ | upstream docker-registry { | ||
+ | server 127.0.0.1:5000; | ||
+ | } | ||
+ | server { | ||
+ | listen 80; | ||
+ | server_name hub.com; | ||
+ | return 301 https://$server_name$request_uri; | ||
+ | } | ||
+ | server { | ||
+ | listen 443; | ||
+ | server_name hub.com; | ||
+ | #charset koi8-r; | ||
− | + | #access_log logs/host.access.log main; | |
+ | ssl on; | ||
+ | ssl_certificate /app/nginx/conf/ssl/docker.crt; | ||
+ | ssl_certificate_key /app/nginx/conf/ssl/docker.key; | ||
+ | |||
+ | chunked_transfer_encoding on; | ||
+ | |||
+ | proxy_set_header X-Forwarded-Proto "https"; | ||
+ | client_max_body_size 1G; | ||
+ | proxy_connect_timeout 3000; | ||
+ | proxy_send_timeout 3000; | ||
+ | proxy_read_timeout 3000; | ||
+ | proxy_buffering off; | ||
+ | tcp_nodelay on; | ||
+ | |||
+ | |||
+ | proxy_set_header Host $host; | ||
+ | proxy_set_header X-Real-IP $remote_addr; | ||
+ | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
+ | add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always; | ||
+ | |||
+ | location / { | ||
+ | auth_basic "Docker registry"; | ||
+ | auth_basic_user_file /etc/nginx/conf.d/docker-registry.htpasswd; | ||
+ | proxy_pass http://docker-registry; | ||
+ | } | ||
+ | location /_ping{ | ||
+ | auth_basic off; | ||
+ | proxy_pass http://docker-registry; | ||
+ | } | ||
+ | location /v2/_ping{ | ||
+ | auth_basic off; | ||
+ | proxy_pass http://docker-registry; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | |||
+ | systemctl restart nginx | ||
+ | </pre> | ||
+ | |||
+ | === registry usage=== | ||
+ | <pre> | ||
+ | 如果没有DNS解析内网域名,修改hosts文件 | ||
+ | cat >>/etc/hosts <<EOF | ||
+ | 192.168.88.52 hub.com | ||
+ | EOF | ||
+ | |||
+ | systemctl daemon-reload | ||
+ | systemctl restart docker | ||
+ | |||
+ | 登录 | ||
+ | [root@localhost conf.d]# docker login hub.com | ||
+ | Username: test | ||
+ | Password: | ||
+ | WARNING! Your password will be stored unencrypted in /root/.docker/config.json. | ||
+ | Configure a credential helper to remove this warning. See | ||
+ | https://docs.docker.com/engine/reference/commandline/login/#credentials-store | ||
+ | |||
+ | Login Succeeded | ||
+ | |||
+ | 把一个容器提交为images | ||
+ | [root@localhost conf.d]# docker ps | ||
+ | CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES | ||
+ | 6d5f17124090 registry:2 "/entrypoint.sh /etc…" 2 hours ago Up 20 minutes 0.0.0.0:5000->5000/tcp registry | ||
+ | [root@localhost conf.d]# docker commit 6d5f17124090 hub.com/registry:v2 | ||
+ | sha256:d7af5d03593d7f60903dc9da2b9a4d1d0a1a70878e0a7a09423372261cb4fccb | ||
+ | [root@localhost conf.d]# docker push hub.com/registry:v2 | ||
+ | The push refers to repository [hub.com/registry] | ||
+ | |||
+ | 上传镜像 | ||
+ | |||
+ | docker tag nginx hub.com/nginx | ||
+ | docker push hub.com/nginx | ||
+ | |||
+ | 查看 | ||
+ | curl -u test:test https://hub.com/v2/_catalog | ||
+ | {"repositories":["httpd","nginx","php"]} | ||
+ | |||
+ | |||
+ | </pre> | ||
+ | |||
+ | ==client== | ||
+ | <pre> | ||
+ | 局域网内其他机器认证(192.168.88.60 ubuntu | ||
+ | |||
+ | 其它机器 | ||
+ | cat >>/etc/hosts <<EOF | ||
+ | 192.168.88.52 hub.com | ||
+ | EOF | ||
+ | |||
+ | 把CA的密钥发送到客户机,并添加到ca-bundle.crt | ||
+ | |||
+ | on 60 | ||
+ | mkdir -p /etc/pki/tls/certs/ | ||
+ | |||
+ | on 52 | ||
+ | scp -p /etc/pki/tls/certs/ca-bundle.crt [email protected]:/etc/pki/tls/certs/ca-bundle.crt | ||
+ | scp -p /etc/pki/CA/cacert.pem [email protected]:/etc/pki/CA/cacert.pem | ||
+ | |||
+ | #on 60 | ||
+ | cat /etc/pki/CA/cacert.pem >> /etc/pki/tls/certs/ca-bundle.crt | ||
+ | 重启docker | ||
+ | systemctl restart docker | ||
+ | |||
+ | </pre> | ||
+ | |||
+ | =trouble= | ||
+ | <pre> | ||
+ | 问题 | ||
+ | |||
+ | [root@localhost conf.d]# docker login hub.com | ||
+ | Username: test | ||
+ | Password: | ||
+ | Error response from daemon: login attempt to https://hub.com/v2/ failed with status: 404 Not Found | ||
+ | |||
+ | host 搞错 要前面是ip 后面是域名 | ||
+ | |||
+ | |||
+ | 一开始注释了ssl证书 | ||
+ | Username: test | ||
+ | Password: | ||
+ | Error response from daemon: Get https://hub.com/v2/: http: server gave HTTP response to HTTPS client | ||
+ | |||
+ | ssl err | ||
+ | |||
+ | |||
+ | #on ubuntu | ||
+ | root@k8s-node2:~# docker login hub.com | ||
+ | Username: test | ||
+ | Password: | ||
+ | Error response from daemon: Get https://hub.com/v2/: x509: certificate signed by unknown authority | ||
+ | |||
+ | cat /etc/docker/daemon.json | ||
+ | { | ||
+ | "insecure-registries" : ["hub.com"] | ||
+ | } | ||
+ | |||
+ | systemctl restart docker | ||
+ | |||
+ | |||
+ | </pre> | ||
+ | ==docker push unknown blob received unexpected HTTP status: 502 Bad Gateway== | ||
+ | <pre> | ||
+ | docker push hub.com/httpd:2.4.16 | ||
+ | 最后老是 | ||
+ | unknown blob | ||
+ | |||
+ | nginx 配置文件问题? | ||
+ | |||
+ | received unexpected HTTP status: 502 Bad Gateway | ||
+ | |||
+ | 解决办法 在nginx.conf add | ||
+ | proxy_set_header X-Forwarded-Proto "https"; | ||
+ | client_max_body_size 1G; | ||
+ | proxy_connect_timeout 3000; | ||
+ | proxy_send_timeout 3000; | ||
+ | proxy_read_timeout 3000; | ||
+ | proxy_buffering off; | ||
+ | tcp_nodelay on; | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | proxy_set_header Host $host; | ||
+ | proxy_set_header X-Real-IP $remote_addr; | ||
+ | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
+ | |||
+ | </pre> | ||
+ | |||
+ | =see also= | ||
+ | |||
+ | [https://www.cnblogs.com/Eivll0m/p/7089675.html 搭建私服-docker registry] | ||
+ | |||
+ | |||
+ | https://docs.docker.com/registry/configuration/ | ||
+ | |||
+ | [https://my.oschina.net/u/4126211/blog/4540959 Docker 私有镜像仓库的搭建及认证] | ||
+ | |||
+ | [https://blog.csdn.net/YoungAngelGirl/article/details/80031845 k8s实战之从私有仓库拉取镜像 - kubernetes] | ||
+ | |||
+ | [https://blog.csdn.net/fenggj19870/article/details/82752554 docker login x509: certificate signed by unknown authority] | ||
+ | |||
+ | [https://blog.csdn.net/www203203/article/details/58105177 docker push 出现:x509: certificate signed by unknown authority] | ||
+ | |||
+ | https://docs.docker.com/registry/insecure/#deploy-a-plain-http-registry | ||
+ | |||
+ | |||
+ | [https://www.jianshu.com/p/94eb79825372 Docker Hub 仓库使用,及搭建 Docker Registry] | ||
+ | |||
+ | [https://blog.csdn.net/KingBoyWorld/article/details/80109916 docker通过代理上传https协议的私服地址报错unknown blob] | ||
+ | |||
− | = | + | [https://blog.csdn.net/jiangyu1013/article/details/84339469 解决:Error response from daemon: Get https://index.docker.io/v1/search?q=openjdk&n=25: dial tcp: looku] |
− | [https:// | + | [https://blog.csdn.net/xiaolummhae/article/details/51840881 docker login CA认证问题/添加自签发的 SSL 证书为受信任的根证书] |
− | [https:// | + | [https://blog.csdn.net/mimica247706624/article/details/80724900 CentOS7.4 Docker Harbor registry基于Https方式安全认证私有仓库搭建] |
− | |||
− | [https://blog.csdn.net/ | + | [https://blog.csdn.net/xcjing/article/details/70238273 搭建一个支持HTTPS的私有DOCKER Registry] |
+ | [https://blog.csdn.net/bingoxubin/article/details/78726092 docker私有仓库] | ||
− | [https://blog. | + | [https://blog.csdn.net/qq_42114918/article/details/81609465 Docker搭建本地仓库registry] |
− | [https:// | + | [https://www.cnblogs.com/xcloudbiz/articles/5526262.html 部署私有Docker Registry] |
− | + | [https://chuansongme.com/n/1134213 Moving to Docker(二):搭建一个私有registry服务] | |
− | |||
− | [ | ||
− | + | ==other== | |
+ | [https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-on-centos-7 How To Create a Self-Signed SSL Certificate for Nginx on CentOS 7] | ||
− | + | [https://www.cnblogs.com/piscesLoveCc/p/6120875.html Nginx启动SSL功能,并进行功能优化] | |
− | [https:// | ||
− | + | [https://blog.csdn.net/u012486840/article/details/52610320 CentOS 7 yum 安装 Nginx] | |
− | + | =changelog= | |
− | + | 2019年 07月 03日 星期三 16:23:35 CST 添加ssl | |
− | + | [[category:Container]] | |
− | [ |
2021年7月1日 (四) 13:32的版本
目录
高级之Harbor
安装Harbor1.4.0开源docker镜像仓库(含letsencrypt证书
https://blog.51cto.com/u_13043516/2365284
初入门
docker run -d -p 5000:5000 --restart=always --name registry -v /opt/registry:/var/lib/registry registry:2 93602b4311e2 k8s.gcr.io/pause:3.1 "/pause" commit 将一个容器提交成镜像 和指定tag root@k8s-node1:~# docker commit 93602b4311e2 192.168.88.59:5000/mypause:v1 335sha256:0937ae67cb675168c23ede1e15408d19d235112a892f1c095c33404f50c9bf9f docker push 192.168.88.59:5000/mypause:v1
使用Docker Registry
docker 运行
如何 docker-compose
info Registry server 192.168.88.52 mkdir /data/registry #指定目录比指定配置文件更加重要 docker run -d \ -p 5000:5000 \ --restart=always \ --name registry \ -v /data/registry:/var/lib/registry \ registry:2 docker images REPOSITORY TAG IMAGE ID CREATED SIZE php 7.1-fpm-alpine cbfebc795f0b 4 weeks ago 70.1MB docker tag php:7.1-fpm-alpine 192.168.88.52:5000/php [root@localhost ~]# docker push 192.168.88.52:5000/php The push refers to repository [192.168.88.52:5000/php] Get https://192.168.88.52:5000/v2/: http: server gave HTTP response to HTTPS client vi /etc/docker/daemon.json { "insecure-registries":["192.168.88.52:5000"] } systemctl restart docker #再次push成功 docker push 192.168.88.52:5000/php
配置SSL证书及nginx反向代理docker registry
SSL证书生成
搭建私有CA,初始化CA环境,在/etc/pki/CA/下建立证书索引数据库文件index.txt和序列号文件serial,并为证书序列号文件提供初始值。 # touch /etc/pki/CA/{index.txt,serial} # echo 01 > /etc/pki/CA/serial 生成密钥并保存到/etc/pki/CA/private/cakey.pem # (umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048) 生成根证书 # openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3650 需要填写的信息: Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:Beijing Locality Name (eg, city) [Default City]:Beijing Organization Name (eg, company) [Default Company Ltd]:hub Organizational Unit Name (eg, section) []:ops Common Name (eg, your name or your server's hostname) []:hub.com Email Address []:[email protected] 使系统信任根证书 cat /etc/pki/CA/cacert.pem >> /etc/pki/tls/certs/ca-bundle.crt 安装nginx yum install openssl模块已有 签发证书 创建ssl目录用来存放密钥文件和证书申请文件 mkdir /app/nginx/conf/ssl 创建密钥文件和证书申请文件 (umask 077;openssl genrsa -out /app/nginx/conf/ssl/docker.key 2048) openssl req -new -key /app/nginx/conf/ssl/docker.key -out /app/nginx/conf/ssl/docker.csr 填写的申请信息前四项要和私有CA的信息一致 Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:Beijing Locality Name (eg, city) [Default City]:Beijing Organization Name (eg, company) [Default Company Ltd]:hub Organizational Unit Name (eg, section) []:ops Common Name (eg, your name or your server's hostname) []:hub.com Email Address []:[email protected] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: #直接回车 An optional company name []: 签署,证书 openssl ca -in /app/nginx/conf/ssl/docker.csr -out /app/nginx/conf/ssl/docker.crt -days 3650 output 省 Certificate is to be certified until Jun 30 02:55:22 2029 GMT (3650 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated
配置nginx反向代理docker registry
添加认证 yum -y install httpd-tools #docker-registry.htpasswd 文件看nginx 的配置文件便可知 htpasswd -c /etc/nginx/conf.d/docker-registry.htpasswd test New password: Re-type new password: Adding password for user test [root@localhost conf.d]# cat docker-registry.conf upstream docker-registry { server 127.0.0.1:5000; } server { listen 80; server_name hub.com; return 301 https://$server_name$request_uri; } server { listen 443; server_name hub.com; #charset koi8-r; #access_log logs/host.access.log main; ssl on; ssl_certificate /app/nginx/conf/ssl/docker.crt; ssl_certificate_key /app/nginx/conf/ssl/docker.key; chunked_transfer_encoding on; proxy_set_header X-Forwarded-Proto "https"; client_max_body_size 1G; proxy_connect_timeout 3000; proxy_send_timeout 3000; proxy_read_timeout 3000; proxy_buffering off; tcp_nodelay on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always; location / { auth_basic "Docker registry"; auth_basic_user_file /etc/nginx/conf.d/docker-registry.htpasswd; proxy_pass http://docker-registry; } location /_ping{ auth_basic off; proxy_pass http://docker-registry; } location /v2/_ping{ auth_basic off; proxy_pass http://docker-registry; } } systemctl restart nginx
registry usage
如果没有DNS解析内网域名,修改hosts文件 cat >>/etc/hosts <<EOF 192.168.88.52 hub.com EOF systemctl daemon-reload systemctl restart docker 登录 [root@localhost conf.d]# docker login hub.com Username: test Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded 把一个容器提交为images [root@localhost conf.d]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6d5f17124090 registry:2 "/entrypoint.sh /etc…" 2 hours ago Up 20 minutes 0.0.0.0:5000->5000/tcp registry [root@localhost conf.d]# docker commit 6d5f17124090 hub.com/registry:v2 sha256:d7af5d03593d7f60903dc9da2b9a4d1d0a1a70878e0a7a09423372261cb4fccb [root@localhost conf.d]# docker push hub.com/registry:v2 The push refers to repository [hub.com/registry] 上传镜像 docker tag nginx hub.com/nginx docker push hub.com/nginx 查看 curl -u test:test https://hub.com/v2/_catalog {"repositories":["httpd","nginx","php"]}
client
局域网内其他机器认证(192.168.88.60 ubuntu 其它机器 cat >>/etc/hosts <<EOF 192.168.88.52 hub.com EOF 把CA的密钥发送到客户机,并添加到ca-bundle.crt on 60 mkdir -p /etc/pki/tls/certs/ on 52 scp -p /etc/pki/tls/certs/ca-bundle.crt [email protected]:/etc/pki/tls/certs/ca-bundle.crt scp -p /etc/pki/CA/cacert.pem [email protected]:/etc/pki/CA/cacert.pem #on 60 cat /etc/pki/CA/cacert.pem >> /etc/pki/tls/certs/ca-bundle.crt 重启docker systemctl restart docker
trouble
问题 [root@localhost conf.d]# docker login hub.com Username: test Password: Error response from daemon: login attempt to https://hub.com/v2/ failed with status: 404 Not Found host 搞错 要前面是ip 后面是域名 一开始注释了ssl证书 Username: test Password: Error response from daemon: Get https://hub.com/v2/: http: server gave HTTP response to HTTPS client ssl err #on ubuntu root@k8s-node2:~# docker login hub.com Username: test Password: Error response from daemon: Get https://hub.com/v2/: x509: certificate signed by unknown authority cat /etc/docker/daemon.json { "insecure-registries" : ["hub.com"] } systemctl restart docker
docker push unknown blob received unexpected HTTP status: 502 Bad Gateway
docker push hub.com/httpd:2.4.16 最后老是 unknown blob nginx 配置文件问题? received unexpected HTTP status: 502 Bad Gateway 解决办法 在nginx.conf add proxy_set_header X-Forwarded-Proto "https"; client_max_body_size 1G; proxy_connect_timeout 3000; proxy_send_timeout 3000; proxy_read_timeout 3000; proxy_buffering off; tcp_nodelay on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
see also
https://docs.docker.com/registry/configuration/
docker login x509: certificate signed by unknown authority
docker push 出现:x509: certificate signed by unknown authority
https://docs.docker.com/registry/insecure/#deploy-a-plain-http-registry
Docker Hub 仓库使用,及搭建 Docker Registry
docker通过代理上传https协议的私服地址报错unknown blob
解决:Error response from daemon: Get https://index.docker.io/v1/search?q=openjdk&n=25: dial tcp: looku
docker login CA认证问题/添加自签发的 SSL 证书为受信任的根证书
CentOS7.4 Docker Harbor registry基于Https方式安全认证私有仓库搭建
Moving to Docker(二):搭建一个私有registry服务
other
How To Create a Self-Signed SSL Certificate for Nginx on CentOS 7
changelog
2019年 07月 03日 星期三 16:23:35 CST 添加ssl