Docker推送-Net / http：TLS握手超时 [英] Docker push - net/http: TLS handshake timeout

问题描述

我已在AWS EC2 Ubuntu 14.04实例上部署了私有Docker映像注册表。使用我们的加密证书来保护注册表的安全。

I've deployed a private docker image registry on an AWS EC2 Ubuntu 14.04 instance. The registry is secured using Let's Encrypt certificate.

不幸的是，我收到 net / http：TLS握手超时进行了超过300秒钟的 docker push 操作：

Unfortunately, I'm getting net/http: TLS handshake timeout for docker push operations that take longer than 300s:

这是 timedd 命令的输出：

[luqo33@home-pc containers]$ time docker push <my-registry-domain:5000>/nginx                                                    
The push refers to a repository [<my-registry-domain:5000>/nginx]
dda5a806f0b0: Layer already exists
ec35cfccb7f7: Layer already exists
94c1a232bb3f: Layer already exists
6d6b9812c8ae: Layer already exists
695da0025de6: Retrying in 1 second
fe4c16cbf7a4: Pushing [================================================>  ]   119 MB/123 MB
net/http: TLS handshake timeout

real    5m0.847s
user    0m0.097s
sys     0m0.017s

regsitry：2 容器的日志未显示任何错误-除了接收数据时出现意外的EOF通知。我也可以推送少于5分钟的图片，而不会出现问题。

Logs of the regsitry:2 container do not show any errors - other than the notification that there was an unexpected EOF while receiving data. I can also push images that take less than 5min to push without problems.

我怀疑这是系统设置的罪魁祸首，因为一旦操作进行，超时总是发生超过300秒。没有任何负载平衡器或其他代理。 < my-registry-domain：5000> 直接指向服务器IP。

I'm suspecting that it's a system setting at blame as the timeout happens always once the operations goes beyond 300 seconds. There isn't any load balancer or other proxy. <my-registry-domain:5000> points directly at the server IP.

如何进一步调查

EDIT

当我按下镜像到其他服务器提供商（DigitalOcean），AWS ECS注册表甚至Docker Hub！我很难相信Docker客户端会有300s的内置握手超时。

The same happens when I push images to other server providers (DigitalOcean), AWS ECS registry or even Docker Hub! I find it hard to believe that the Docker client would have a built-in handshake timeout of 300s.

我在想，也许我应该从以下位置开始寻找解决方案：网络级别-使用我的硬件（无线路由器）或ISP。

I'm thinking that perhaps I should start look for the solution at the network level - with my hardware (wi-fi router) or my ISP.

有人知道这里发生了什么吗？

Anybody has a clue what is happening here?

推荐答案

我遇到了同样的问题，这个问题可能是由于您的互联网连接造成的，我通过将并发上传（下载获取）减少到1来解决。
通过使用以下args：

I got the same issue, this issue is may be from your internet connection, I solved it by decrementing the concurrency uploads (downloads for get) to 1 in dockerd. By using these args:

--max-concurrent-downloads  (default: 3)    Set the max concurrent downloads for each pull

--max-concurrent-uploads    (default: 5)    Set the max concurrent uploads for each push

如果带宽较低，则同时上传5张图像可能会导致超时。

uploading 5 images in same time may result a timeout if you have a low bandwidth.

> https://docs.docker.com/engine/reference/commandline/dockerd/

这篇关于Docker推送-Net / http：TLS握手超时的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！