docker(位于代理后面)从azure容器注册表中提取,但是从registry-1.docker.io中提取,它提供了由未知权限错误签名的证书 [英] docker (behind a proxy) pull from azure container registry works but from registry-1.docker.io, it gives certificate signed by unknown authority error
问题描述
在Ubuntu 18.04 VM中
我位于一个代理之后,我已经使用相同的代理设置了docker配置.
我创建了一个天蓝色的容器注册表,当尝试从该注册表中进行docker pull时,
但是当尝试:
$ docker run节点:6
我得到了错误:"docker:守护程序的错误响应:获取
我可以执行以下命令:
泊坞窗中心中注册表的URI为
In ubuntu 18.04 VM
I am behind a proxy, I've set up docker configuration with the same proxy.
I created an azure container registry and when trying to docker pull from the registry it works.
But when trying to:
$docker run node:6
I get the error: "docker: Error response from daemon: Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority."
I've added the registry to /etc/docker/daemon.json:
{
"insecure-registries": ["registry-1.docker.io","myazureContainerRegistry.azurecr.io"]
}
By doing the above step, "$docker run myazureContainerRegistry.azurecr.io/myimage:tag" works but "$docker run node:6" still gives the certificate error.
I've added the certificate for "*.docker.io" to /etc/docker/certs.d/docker.io and also to /usr/local/share/ca-certificate (sudo apt update-ca-certificates), still it doesn't work.
I've also tried to:
$curl -k https://registry-1.docker.io/
$wget https://registry-1.docker.io/ --no-check-certificate
Both of these steps work but with docker (to run/pull node:6 ) I still get the certificate error.
The output of "$docker --version" is: "Docker version 18.09.2"
This is how my ~/.docker/config.json looks like:
I expect "docker run node:6" to pull the image successfully but it actually gives the error
For your issue, first of all, you need to have the certificate in the ~/.docker/config.json. Then you can pull the image from the registry without login. Then you can execute the command without pulling the image before. for you, the command like this:
docker run registry-1.docker.io/node:6
In my side, the config.json will like this:
And I can execute the command like this:
The URI of registry in the docker hub is https://index.docker.io/v1/charlesjunqiang.
Update
If you use the certificate file to authenticate the Docker registry. Then you should do some steps to authenticate the Docker registry in the client machine.
One:
Add the certificate file in the directory /usr/local/share/ca-certificates/docker-dev-cert/
with the name yourname.crt
. Then execute the commands:
sudo update-ca-certificates
sudo service docker restart
Secord:
Create a directory in the directory /etc/docker/certs.d
with the same name as the registry, for example, myregistry.azurecr.io. Then add the certificate file in it with the name yourname.cert
. Also, you should add the file as .key that automatic created when you create the certificate file.
Then you can log in the registry and run the command docker run registry-1.docker.io/node:6
as you want.
There are screenshots of the result in my side.
这篇关于docker(位于代理后面)从azure容器注册表中提取,但是从registry-1.docker.io中提取,它提供了由未知权限错误签名的证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!