无法登陆docker私人仓库 [英] Not able to login in docker private repositry

查看:445
本文介绍了无法登陆docker私人仓库的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我通过自己的证书配置了不安全的注册表。提供用户名和密码后,收到错误信息为守护进程的错误响应:Get https:// ip 地址:5000 / v1 / users /:x509:由未知权限签署的证书

解决方案

执行以下步骤对私人证书进行docker注册:


  1. 使用以下命令生成私有SSL证书。这将创建certs文件夹与两个文件domain.crt,domain.key 

     
     openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs / domain。 key -x509 -days 365 -out certs / domain.crt


  2. 使用以下命令启动docker注册表:

     
     docker run -d -p 5000:5000 --restart = always --name注册表\ 
     -v`pwd` / certs:/ certs \ 
     -e REGISTRY_HTTP_TLS_CERTIFICATE = / certs / domain.crt \ 
     -e REGISTRY_HTTP_TLS_KEY = / certs / domain.key \ 
    注册表:2


  3. 在另一台要拉出图像的机器上,将

     certs / domain.crt

    文件复制到

     / etc /docker/certs.d/<<DockerRegistryServerHostname>>:< DockerRegistryPort>> /ca.crt

    确保证书文件的名称是ca.crt(不是域)。 crt)。



    例如,如果docker注册表IP地址是docker.registry,并且端口是5000,那么文件夹名称将是

     / etc / docker / ce rts.d / porter.registry:5000 /


  4. 现在运行docker pull命令。你不应该面对任何问题。



I configured insecure registry by self singed certificate.After providing user name and password , getting error message as " Error response from daemon: Get https://ip address:5000/v1/users/: x509: certificate signed by unknown authority".

解决方案

Execute following steps to docker registry with private certificates:

  1. Generate private SSL Certificate with following command. This will create certs folder with two file domain.crt, domain.key 

    openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key  -x509 -days 365 -out certs/domain.crt

  2. Start docker registry with following command: 

    docker run -d -p 5000:5000 --restart=always --name registry \
-v `pwd`/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
registry:2

  3. On another machine where you want to pull the images, copy 

    certs/domain.crt

    file to 

    /etc/docker/certs.d/<<DockerRegistryServerHostname>>:<<DockerRegistryPort>>/ca.crt

    Make sure the name of certificate file is ca.crt (not domain.crt).

    For example, if docker registry IP address is docker.registry and port is 5000 then folder name will be

    /etc/docker/certs.d/docker.registry:5000/

  4. Now run docker pull command. You should not face any issue.

这篇关于无法登陆docker私人仓库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
Linux/Unix最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆