Docker私人注册表使用自签名证书 [英] Docker private registry using selfsigned certificates
问题描述
我想运行一个广泛可用的私有Docker注册表。
所以我将能够推拉其他服务器的图像。
I want to run a private docker registry which is widely available. So I will be able to push and pull images from other servers.
I'm following this tutorials: doc1 & doc2
我执行了3个步骤:
首先我创建了我的证书和密钥(作为CNAME我填写了我的ec2主机名)
I performed 3 steps: First I've created my certificate and key (as CNAME I filled in my ec2-hostname)
mkdir -p certs && openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
-x509 -days 365 -out certs/domain.crt
比我使用这个键创建了我的docker注册表。
Than I've created my docker registry, using this key.
docker run -d -p 5000:5000 --restart=always --name registry \
-v `pwd`/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
registry:2
比我将 domain.crt 的内容复制到 /etc/docker/certs.d/ ec2-xx-xx-xx-xx.compute.amazonaws.com:5000/ca.crt
我重新启动了docker: sudo service docker restart
当我尝试推送图像时,我会收到以下错误:
Than I copied the content of domain.crt to /etc/docker/certs.d/ec2-xx-xx-xx-xx.compute.amazonaws.com:5000/ca.crt
I restarted my docker: sudo service docker restart
When I try to push an image I get the following error:
unable to ping registry endpoint https://ec2-xx-xx-xx-xx.compute.amazonaws.com:5000/v0/
v2 ping attempt failed with error: Get https://ec2-xx-xx-xx-xx.compute.amazonaws.com:5000/v2/: net/http: TLS handshake timeout
v1 ping attempt failed with error: Get https://ec2-xx-xx-xx-xx.compute.amazonaws.com:5000/v1/_ping: net/http: TLS handshake timeout
我真的不知道我失踪了做错了有人可以帮帮我吗。谢谢
I really don't know what I'm missing or doing wrong. Can someone please help me. Thanks
推荐答案
错误信息说TLS握手超时。这表示没有任何进程正在监听端口5000(使用netstat检查)或端口是从您尝试推送映像的位置(AWS安全组中的打开端口)关闭。
The error message says "TLS handshake timeout". This indicates that either no process is listening on port 5000 (check using netstat) or the port is closed from the location where you are trying to push the image (open port in the AWS security group).
这篇关于Docker私人注册表使用自签名证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
