docker(位于代理后面)从azure容器注册表中提取,但是从registry-1.docker.io中提取,它提供了由未知权限错误签名的证书 [英] docker (behind a proxy) pull from azure container registry works but from registry-1.docker.io, it gives certificate signed by unknown authority error
问题描述
在Ubuntu 18.04 VM中
我位于一个代理之后,我已经使用相同的代理设置了docker配置.
我创建了一个天蓝色的容器注册表,当尝试从该注册表中进行docker pull时,
但是当尝试:
$ docker run节点:6
我得到了错误:"docker:守护程序的错误响应:获取
我可以执行以下命令:
泊坞窗中心中注册表的URI为
In ubuntu 18.04 VM
I am behind a proxy, I've set up docker configuration with the same proxy.
I created an azure container registry and when trying to docker pull from the registry it works.
But when trying to:
$docker run node:6
I get the error: "docker: Error response from daemon: Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority."
I've added the registry to /etc/docker/daemon.json:
{
"insecure-registries": ["registry-1.docker.io","myazureContainerRegistry.azurecr.io"]
}
By doing the above step, "$docker run myazureContainerRegistry.azurecr.io/myimage:tag" works but "$docker run node:6" still gives the certificate error.
I've added the certificate for "*.docker.io" to /etc/docker/certs.d/docker.io and also to /usr/local/share/ca-certificate (sudo apt update-ca-certificates), still it doesn't work.
I've also tried to:
$curl -k https://registry-1.docker.io/
$wget https://registry-1.docker.io/ --no-check-certificate
Both of these steps work but with docker (to run/pull node:6 ) I still get the certificate error.
The output of "$docker --version" is: "Docker version 18.09.2"
This is how my ~/.docker/config.json looks like:
I expect "docker run node:6" to pull the image successfully but it actually gives the error
For your issue, first of all, you need to have the certificate in the ~/.docker/config.json. Then you can pull the image from the registry without login. Then you can execute the command without pulling the image before. for you, the command like this:
docker run registry-1.docker.io/node:6
In my side, the config.json will like this:
And I can execute the command like this:
The URI of registry in the docker hub is https://index.docker.io/v1/charlesjunqiang.
Update
If you use the certificate file to authenticate the Docker registry. Then you should do some steps to authenticate the Docker registry in the client machine.
One:
Add the certificate file in the directory /usr/local/share/ca-certificates/docker-dev-cert/ with the name yourname.crt. Then execute the commands:
sudo update-ca-certificates
sudo service docker restart
Secord:
Create a directory in the directory /etc/docker/certs.d with the same name as the registry, for example, myregistry.azurecr.io. Then add the certificate file in it with the name yourname.cert. Also, you should add the file as .key that automatic created when you create the certificate file.
Then you can log in the registry and run the command docker run registry-1.docker.io/node:6 as you want.
There are screenshots of the result in my side.
这篇关于docker(位于代理后面)从azure容器注册表中提取,但是从registry-1.docker.io中提取,它提供了由未知权限错误签名的证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
