docker登录不适用于nexus 3私有注册表 [英] docker login not working with nexus 3 private registry

问题描述

Nexus用户界面配置

我正在linux VM上运行Nexus Repository Manager OSS 3.0.1-01 在该VM上，我让nginx致力于将代理http请求保留为https. 我的SSL密钥由受信任的CA签名 我创建了一个maven存储库，只要有客户端计算机发布，它就可以正常工作.

I am running Nexus Repository Manager OSS 3.0.1-01 on a linux VM On that VM, I have nginx working to reserve proxy http requests as https. My SSL key is signed by a trusted CA I created a maven repository, which works without issues, whenever I have a client machine publish to it.

也在此客户端计算机上，当我使用docker客户端并进行docker登录时.我收到各种错误.

Also on this client machine, when I use my docker client, and do a docker login. I am receiving all kinds of errors.

我正在遵循以下说明 https://books.sonatype .com/nexus-book/3.0/reference/docker.html#_accessing_repositories 特别是第9.2节，老实说，我花了最后两天没有了.

I am following these instructions https://books.sonatype.com/nexus-book/3.0/reference/docker.html#_accessing_repositories Specifically Section 9.2 and honestly, I've spent the last 2 days getting nowhere.

我已经阅读了这里提到的所有内容: 无法连接到存储的Docker注册表在Azure VM的Nexus 3预览版上 但是用户解释的这种设置使我感到困惑.

I've read over everything that's mentioned here: Trouble connecting to Docker registry stored on Nexus 3 Preview on Azure VM But that setup the user explains confuses me.

对于设置，我们试图通过将--insecure-registry添加到/etc/default/docker文件来实现不安全的设置，这简直不是 一个选择.

For the setup we are trying to achieve insecure settings by adding --insecure-registry to /etc/default/docker file, is simply not an option.

我试图遵循多个教程，只是为了了解docker注册表的内部工作原理，但是我无法完成 在一起.我已经在一定程度上关注了此问题:

I've tried to follow multiple tutorials just to understand the inner workings of the docker registry but I haven't been able to piece it together. I've looked at following this to a certain extent:https://www.digitalocean.com/community/tutorials/how-to-set-up-a-private-docker-registry-on-ubuntu-14-04

我在stackoverflow中使用了其他响应来帮助我进行故障排除 使用docker私有注册表的格式错误的HTTP响应( v2)在nginx代理后面

I have used additional responses in stackoverflow to help me troubleshoot malformed HTTP response with docker private registry (v2) behind an nginx proxy

但是说实话，我不能说我已经找到了任何可以直接理解这一点的东西. NGINX没有报告任何错误日志 在/var/log/nginx/errors.log中，每次我尝试进行docker登录时，访问日志都看起来像基本的"GETS". 码头工人登录 /var/log/upstart/docker.log报告与我在下面说明的404错误相同的错误. 还在github上关注了这个问题，看看对github com/docker/docker/issues/8410是否有帮助.任何使我能够成功执行docker登录到此私人nexus 3存储库的帮助都将是惊人的.

But honestly I can't say I've found anything that's made understanding this straight forward. NGINX isn't reporting any error logs in /var/log/nginx/errors.log, the access logs look like basic 'GETS', each time I attempt a docker login. The docker logs in /var/log/upstart/docker.log report the same errors that I'm illustrating below with the 404 errors. Also followed this issue on github to see if that was any help github com/docker/docker/issues/8410 . Any assistance to get me to able to perform a successful docker login to this private nexus 3 repo would be amazing.

现在，也许我对我正在阅读的所有内容都有些困惑，以使我的Docker客户端能够成功地与该nexus存储库一起使用，但这是否要求我设置一个docker(group)存储库，而这正是我的问题?还是只拥有一个docker(托管)存储库对我来说还可以吗?因为到目前为止，我只有一个docker(托管)存储库. Nexus文档没有给我留下这样的印象，即还需要小组回购才能使工作正常进行.

Now maybe I'm a bit confused with everything I've been reading to get my docker client to work successfully with this nexus repo, but is it required that I setup a docker(group) repo and that is the source of my issue? Or is it okay for me to just have a docker(hosted) repo. Because as of right now I only have a docker(hosted) repo. The Nexus documentation didn't give me the impression that a group repo was also required to get things to work.

最后但并非最不重要的一点，我希望我的问题足够具体，也希望大家看到我在这里做了一些努力.我确实尝试过！

Last but not least, I hope my question is specific enough, and I hope that you guys see I've made some effort here. I really did try!

登录时，我正在使用本地admin用户以及默认的admin密码. 首先让我介绍一下问题:

When I login, I am using the local admin user, with the default admin password. First let me present the issues:

如果我尝试不使用端口，则会得到以下信息-

If I try without a port, i get the following --

root:~# docker login box.company.net
Error response from daemon: Login:
<!DOCTYPE html>
<html>
<head>
  <title>404 - Nexus Repository Manager</title>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>

使用4444的HTTP端口，我得到以下信息

With the HTTP port of 4444, i get the following

root:~# docker login box.company.net:4444
Error response from daemon: Get https://box.company.net:4444/v1/users/: `http: server gave HTTP response to HTTPS client`

如果我在Nexus UI中将HTTPS添加到4445，则运行

If I add HTTPS in the Nexus UI to 4445, then I run

root:~# docker login box.company.net:4445
Error response from daemon: Get https://box.company.net:4445/v1/users/: dial tcp x.x.x.x:4445: getsockopt: connection refused

这是我的环境信息:

#cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=14.04
DISTRIB_CODENAME=trusty
DISTRIB_DESCRIPTION="Ubuntu 14.04.5 LTS"

# uname -r
3.19.0-65-generic

# nginx -v
nginx version: nginx/1.4.6 (Ubuntu)

~# docker version
Client:
 Version:      1.12.1
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   23cf638
 Built:        Thu Aug 18 05:22:43 2016
 OS/Arch:      linux/amd64

Server:
 Version:      1.12.1
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   23cf638
 Built:        Thu Aug 18 05:22:43 2016
 OS/Arch:      linux/amd64

cat /etc/nginx/conf.d/site.conf

server {

    proxy_send_timeout 120;
    proxy_read_timeout 300;
    proxy_buffering    off;
    tcp_nodelay        on;

    server_tokens off;
    client_max_body_size 1G;

    listen 80;
    server_name box.company.net;
    location / {
          rewrite ^(.*) https://box.company.net$1 permanent;
    }
}

server {
    listen 443;
    server_name box.company.net;
    keepalive_timeout 60;
    ssl on;
    ssl_certificate /etc/nginx/conf.d/net.crt;
    ssl_certificate_key /etc/nginx/conf.d/net.key;
    ssl_ciphers HIGH:!kEDH:!ADH:!MD5:@STRENGTH;
    ssl_session_cache shared:TLSSSL:16m;
    ssl_session_timeout 10m;
    ssl_prefer_server_ciphers on;

    location / {

      proxy_set_header        Host $http_host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto "https";
      proxy_pass              http://x.x.x.x:8081;
      proxy_read_timeout      90;

    }
}

以下是一些基本的卷曲结果，以获取更多信息，如果有帮助的话.

here are some basic curl results for more info, if this will help at all.

 root:~# curl -v https://box.company.net
* Rebuilt URL to: https://box.company.net
* Hostname was NOT found in DNS cache
*   Trying x.x.x.x...
* Connected to box.company.net (x.x.x.x) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
*        subject: OU=Domain Control Validated; CN=*.company.net
*        start date: 2016-04-01 14:01:38 GMT
*        expire date: 2018-04-14 15:15:04 GMT
*        subjectAltName: box.company.net matched
*        issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2
*        SSL certificate verify ok.
> GET / HTTP/1.1
> User-Agent: curl/7.35.0
> Host: box.company.net
> Accept: */*
>
< HTTP/1.1 200 OK
* Server nginx/1.4.6 (Ubuntu) is not blacklisted
< Server: nginx/1.4.6 (Ubuntu)
< Date: Thu, 25 Aug 2016 13:39:14 GMT
< Content-Type: text/html
< Content-Length: 5077
< Connection: keep-alive
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< Last-Modified: Thu, 25 Aug 2016 13:39:14 GMT
< Pragma: no-cache
< Cache-Control: post-check=0, pre-check=0
< Expires: 0

任何帮助使docker登录private.registry.net的人都会非常有帮助的.

Any help to get docker login private.registry.net would be highly helpful thanks.

推荐答案

我必须在我的nginx配置中的前一个条目的正下方添加一个额外的(服务器)条目

I had to add an additional (server) entry in my nginx config, right below the previous entry

重新启动nginx

docker客户端，将连接到端口6666，nginx会将流量路由到端口4444，

docker client, will connect to port 6666, nginx will route the traffic to port 4444 which

# correlates to your nexus http connector
server {
    listen 6666;
    server_name box.company.net;
    keepalive_timeout 60;
    ssl on;
    ssl_certificate /etc/nginx/conf.d/net.crt;
    ssl_certificate_key /etc/nginx/conf.d/net.key;
    ssl_ciphers HIGH:!kEDH:!ADH:!MD5:@STRENGTH;
    ssl_session_cache shared:TLSSSL:16m;
    ssl_session_timeout 10m;
    ssl_prefer_server_ciphers on;
    client_max_body_size 1G;
    chunked_transfer_encoding on;

    location / {

      access_log              /var/log/nginx/docker.log;
      proxy_set_header        Host $http_host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto "https";
      proxy_pass              http://x.x.x.x:4444;
      proxy_read_timeout      90;

    }
}

然后我可以做

docker login -u username -p password box.company.net:6666
docker pull box.company.net:6666/docker-image:tag
docker push box.company.net:6666/docker-image:tag

这篇关于docker登录不适用于nexus 3私有注册表的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！