docker 登录不适用于 nexus 3 私有注册表 [英] docker login not working with nexus 3 private registry
问题描述
我在 Linux VM 上运行 Nexus Repository Manager OSS 3.0.1-01在那个虚拟机上,我让 nginx 将代理 http 请求保留为 https.我的 SSL 密钥由受信任的 CA 签名我创建了一个 Maven 存储库,只要我有客户端机器发布到它,它就可以正常工作.
I am running Nexus Repository Manager OSS 3.0.1-01 on a linux VM On that VM, I have nginx working to reserve proxy http requests as https. My SSL key is signed by a trusted CA I created a maven repository, which works without issues, whenever I have a client machine publish to it.
也在这台客户端机器上,当我使用我的 docker 客户端并进行 docker 登录时.我收到各种错误.
Also on this client machine, when I use my docker client, and do a docker login. I am receiving all kinds of errors.
我正在遵循这些说明 https://books.sonatype.com/nexus-book/3.0/reference/docker.html#_accessing_repositories特别是第 9.2 节,老实说,我在过去 2 天里一无所获.
I am following these instructions https://books.sonatype.com/nexus-book/3.0/reference/docker.html#_accessing_repositories Specifically Section 9.2 and honestly, I've spent the last 2 days getting nowhere.
我已经阅读了这里提到的所有内容:无法连接到存储的 Docker 注册表在 Azure VM 上的 Nexus 3 预览版但是用户解释的那个设置让我很困惑.
I've read over everything that's mentioned here: Trouble connecting to Docker registry stored on Nexus 3 Preview on Azure VM But that setup the user explains confuses me.
对于我们试图通过将 --insecure-registry 添加到 /etc/default/docker 文件来实现不安全设置的设置,根本不是一个选项.
For the setup we are trying to achieve insecure settings by adding --insecure-registry to /etc/default/docker file, is simply not
an option.
我尝试学习多个教程只是为了了解 docker 注册表的内部工作原理,但我一直无法理解它在一起.我在一定程度上研究了以下内容:https://www.digitalocean.com/community/tutorials/how-to-set-up-a-private-docker-registry-on-ubuntu-14-04
I've tried to follow multiple tutorials just to understand the inner workings of the docker registry but I haven't been able to piece it together. I've looked at following this to a certain extent:https://www.digitalocean.com/community/tutorials/how-to-set-up-a-private-docker-registry-on-ubuntu-14-04
我在 stackoverflow 中使用了额外的响应来帮助我进行故障排除带有 docker 私有注册表的格式错误的 HTTP 响应(v2) 在 nginx 代理后面
I have used additional responses in stackoverflow to help me troubleshoot malformed HTTP response with docker private registry (v2) behind an nginx proxy
但老实说,我不能说我找到了任何可以直接理解这一点的东西.NGINX 不报告任何错误日志在 /var/log/nginx/errors.log 中,每次我尝试 docker 登录时,访问日志看起来都像基本的GETS".码头工人登录/var/log/upstart/docker.log 报告我在下面用 404 错误说明的相同错误.还在 github 上关注了这个问题,看看这是否有任何帮助 github com/docker/docker/issues/8410 .任何让我能够成功执行 docker 登录到这个私有 nexus 3 存储库的帮助都会很棒.
But honestly I can't say I've found anything that's made understanding this straight forward. NGINX isn't reporting any error logs
in /var/log/nginx/errors.log, the access logs look like basic 'GETS', each time I attempt a docker login.
The docker logs in
/var/log/upstart/docker.log report the same errors that I'm illustrating below with the 404 errors.
Also followed this issue on github to see if that was any help github com/docker/docker/issues/8410 . Any assistance to get me to able to perform a successful docker login to this private nexus 3 repo would be amazing.
现在我可能对我为了让我的 docker 客户端成功使用这个 nexus 存储库而阅读的所有内容感到有些困惑,但是是否需要我设置一个 docker(组)存储库,这就是我的问题?或者我可以只拥有一个 docker(托管)存储库.因为截至目前我只有一个 docker(托管)存储库.Nexus 文档并没有给我的印象是还需要一个组存储库才能使工作正常进行.
Now maybe I'm a bit confused with everything I've been reading to get my docker client to work successfully with this nexus repo, but is it required that I setup a docker(group) repo and that is the source of my issue? Or is it okay for me to just have a docker(hosted) repo. Because as of right now I only have a docker(hosted) repo. The Nexus documentation didn't give me the impression that a group repo was also required to get things to work.
最后但并非最不重要的一点,我希望我的问题足够具体,我希望你们看到我在这里做了一些努力.我真的试过了!
Last but not least, I hope my question is specific enough, and I hope that you guys see I've made some effort here. I really did try!
当我登录时,我使用的是本地管理员用户,使用默认管理员密码.首先让我提出问题:
When I login, I am using the local admin user, with the default admin password. First let me present the issues:
如果我在没有端口的情况下尝试,我会得到以下结果 --
If I try without a port, i get the following --
root:~# docker login box.company.net
Error response from daemon: Login:
<!DOCTYPE html>
<html>
<head>
<title>404 - Nexus Repository Manager</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
使用 4444 的 HTTP 端口,我得到以下内容
With the HTTP port of 4444, i get the following
root:~# docker login box.company.net:4444
Error response from daemon: Get https://box.company.net:4444/v1/users/: `http: server gave HTTP response to HTTPS client`
如果我在 Nexus UI 中将 HTTPS 添加到 4445,那么我运行
If I add HTTPS in the Nexus UI to 4445, then I run
root:~# docker login box.company.net:4445
Error response from daemon: Get https://box.company.net:4445/v1/users/: dial tcp x.x.x.x:4445: getsockopt: connection refused
这是我的环境信息:
#cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=14.04
DISTRIB_CODENAME=trusty
DISTRIB_DESCRIPTION="Ubuntu 14.04.5 LTS"
# uname -r
3.19.0-65-generic
# nginx -v
nginx version: nginx/1.4.6 (Ubuntu)
~# docker version
Client:
Version: 1.12.1
API version: 1.24
Go version: go1.6.3
Git commit: 23cf638
Built: Thu Aug 18 05:22:43 2016
OS/Arch: linux/amd64
Server:
Version: 1.12.1
API version: 1.24
Go version: go1.6.3
Git commit: 23cf638
Built: Thu Aug 18 05:22:43 2016
OS/Arch: linux/amd64
cat /etc/nginx/conf.d/site.conf
server {
proxy_send_timeout 120;
proxy_read_timeout 300;
proxy_buffering off;
tcp_nodelay on;
server_tokens off;
client_max_body_size 1G;
listen 80;
server_name box.company.net;
location / {
rewrite ^(.*) https://box.company.net$1 permanent;
}
}
server {
listen 443;
server_name box.company.net;
keepalive_timeout 60;
ssl on;
ssl_certificate /etc/nginx/conf.d/net.crt;
ssl_certificate_key /etc/nginx/conf.d/net.key;
ssl_ciphers HIGH:!kEDH:!ADH:!MD5:@STRENGTH;
ssl_session_cache shared:TLSSSL:16m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
proxy_pass http://x.x.x.x:8081;
proxy_read_timeout 90;
}
}
这里是一些基本的卷曲结果以获取更多信息,如果这会有所帮助的话.
here are some basic curl results for more info, if this will help at all.
root:~# curl -v https://box.company.net
* Rebuilt URL to: https://box.company.net
* Hostname was NOT found in DNS cache
* Trying x.x.x.x...
* Connected to box.company.net (x.x.x.x) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
* subject: OU=Domain Control Validated; CN=*.company.net
* start date: 2016-04-01 14:01:38 GMT
* expire date: 2018-04-14 15:15:04 GMT
* subjectAltName: box.company.net matched
* issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2
* SSL certificate verify ok.
> GET / HTTP/1.1
> User-Agent: curl/7.35.0
> Host: box.company.net
> Accept: */*
>
< HTTP/1.1 200 OK
* Server nginx/1.4.6 (Ubuntu) is not blacklisted
< Server: nginx/1.4.6 (Ubuntu)
< Date: Thu, 25 Aug 2016 13:39:14 GMT
< Content-Type: text/html
< Content-Length: 5077
< Connection: keep-alive
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< Last-Modified: Thu, 25 Aug 2016 13:39:14 GMT
< Pragma: no-cache
< Cache-Control: post-check=0, pre-check=0
< Expires: 0
获得 docker 登录 private.registry.net 的任何帮助都会非常有帮助,谢谢.
Any help to get docker login private.registry.net would be highly helpful thanks.
推荐答案
我不得不在我的 nginx 配置中添加一个额外的(服务器)条目,就在上一个条目的正下方
I had to add an additional (server) entry in my nginx config, right below the previous entry
重启nginx
docker 客户端,将连接到端口 6666,nginx 会将流量路由到端口 4444,其中
docker client, will connect to port 6666, nginx will route the traffic to port 4444 which
# correlates to your nexus http connector
server {
listen 6666;
server_name box.company.net;
keepalive_timeout 60;
ssl on;
ssl_certificate /etc/nginx/conf.d/net.crt;
ssl_certificate_key /etc/nginx/conf.d/net.key;
ssl_ciphers HIGH:!kEDH:!ADH:!MD5:@STRENGTH;
ssl_session_cache shared:TLSSSL:16m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
client_max_body_size 1G;
chunked_transfer_encoding on;
location / {
access_log /var/log/nginx/docker.log;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
proxy_pass http://x.x.x.x:4444;
proxy_read_timeout 90;
}
}
那我就可以了
docker login -u username -p password box.company.net:6666
docker pull box.company.net:6666/docker-image:tag
docker push box.company.net:6666/docker-image:tag
这篇关于docker 登录不适用于 nexus 3 私有注册表的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
