未使用Docker注册表镜像 [英] Docker registry mirror not used
问题描述
当我尝试从本地镜像中提取图像时,它会起作用:
When I try to pull an image from my local mirror, it works :
$ docker login -u docker -p mypassword nexus3.pleiade.mycomp.fr:5000
$ docker pull nexus3.pleiade.mycomp.fr:5000/hello-world
Using default tag: latest
latest: Pulling from **hello-world**
78445dd45222: Pull complete
Digest: sha256:c5515758d4c5e1e838e9cd307f6c6a0d620b5e07e6f927b07d05f6d12a1ac8d7
Status: Downloaded newer image for **nexus3.pleiade.mycomp.fr:5000/hello-world:latest**
但是,当我想将此注册表用作镜像时,它只是被忽略,图像总是从Web Docker集线器中拉出,而不是从本地镜像中拉出:
But then, when I want to use this registry as mirror, it is just ignored, images are always pulled from web Docker hub, not from my local mirror :
$ ps -ef | grep docker
/usr/bin/dockerd -H fd:// --storage-driver=overlay2 --registry-mirror=https://nexus3.pleiade.mycomp.fr:5000
$ docker info
Registry Mirrors:
https://nexus3.pleiade.mycomp.fr:5000/
$ docker rmi nexus3.pleiade.mycomp.fr:5000/hello-world
_
$ docker pull hello-world
Using default tag: latest
latest: Pulling from **library/hello-world**
78445dd45222: Pull complete
Digest: sha256:c5515758d4c5e1e838e9cd307f6c6a0d620b5e07e6f927b07d05f6d12a1ac8d7
Status: Downloaded newer image for **hello-world:latest**
我确定它不使用我的镜像,因为当我取消设置代理设置时,它无法访问hello-world映像.
I know for sure it doesn't use my mirror, because when I unset the proxy settings, it cannot reach hello-world image.
是Docker错误,还是我缺少一些东西?
Is it a Docker bug, or am I missing something ?
Docker信息(简短):
Docker info (short) :
Server Version: 1.13.1
Storage Driver: overlay2
(...)
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.8.0-37-generic
Operating System: Ubuntu 16.10
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 15.67 GiB
(...)
Registry Mirrors:
https://nexus3.pleiade.edf.fr:5000/
更新:
在执行"journalctl -xe"时,我可以看到一些有用的信息:
Doing "journalctl -xe", I can see some useful information :
level = error msg =尝试下一个端点进行错误后拉:获取https://nexus3.pleiade.mycomp.fr:5000/v2/library/hello-world/manifests/latest:无基本身份验证凭据"
它看起来与以下内容有关: https://github.com/docker/docker/issues/20097,但解决方法不起作用:当我替换--registry-mirror = https://时,nexus3.pleiade.mycomp.fr:5000 by --registry-mirror = https://docker:password@nexus3.pleiade.mycomp.fr:5000
It looks related to : https://github.com/docker/docker/issues/20097, but the workaround is not working : when I replace --registry-mirror=https://nexus3.pleiade.mycomp.fr:5000 by --registry-mirror=https://docker:password@nexus3.pleiade.mycomp.fr:5000
我得到完全相同的错误.
I get exactly the same error.
如果有关系,则联系使用的是自签名证书,该证书已复制到/etc/docker/certs.d/nexus3.pleiade.mycomp.fr:5000/ca.crt,并且允许通过"docker"登录登录".
If it matters, the nexus is using a self signed certificate which has been copied to /etc/docker/certs.d/nexus3.pleiade.mycomp.fr:5000/ca.crt and this allowed to login via "docker login".
推荐答案
这是一个Docker错误:https://github.com/docker/docker/issues/30880
It's a docker bug : https://github.com/docker/docker/issues/30880
解决方法是设置一个https反向代理,设置一个硬编码的身份验证标头.
The workaround is to set up a https reverse proxy setting a hard-coded authentication header.
这是来自 Felipe C. 的示例配置:
在nginx docker配置中,添加:
In nginx docker config, add :
proxy_set_header Authorization "Basic a2luZzppc25ha2Vk";
完整示例:
server {
listen *:443 ssl http2;
server_name docker.domain.blah.net;
ssl on;
include ssl/domain.blah.net.conf;
# allow large uploads of files - refer to nginx documentation
client_max_body_size 0;
chunked_transfer_encoding on;
location / {
proxy_pass http://127.0.0.1:8083/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Authorization "Basic YWRtaW46YWRtaW4xMjM=";
#proxy_set_header X-Forwarded-Proto "https";
}
}
server {
listen *:80;
server_name docker.domain.blah.net;
return 301 https://$server_name$request_uri;
}
这篇关于未使用Docker注册表镜像的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!