私人Docker注册表不能与Shell& Web管理界面? [英] Private Docker Registry Not Connectible to Shell & Web Management UI?
问题描述
要在路径 c:\dkrreg 上设置私人码头服务器注册表服务器使用 Docker for Windows 安装的 Windows 10(x64)系统上的em> localhost 已成功 尝试以下命令: p>
To setup a private docker registry server at path c:\dkrreg on localhost on Windows 10 (x64) system, installed with Docker for Windows, have successfully tried following commands:
docker run --detach --publish 1005:5000 --name docker-registry --volume /c/dkrreg:/var/lib/registry registry:2
docker pull hello-world:latest
docker tag hello-world:latest localhost:1005/hello-world:latest
docker push localhost:1005/hello-world:latest
docker pull localhost:1005/hello-world:latest
推拉 localhost:1005 / hello-world:最新的通过命令行也成功。
Push and Pull from localhost:1005/hello-world:latest via command line succeeds too.
如果我使用我的IP地址通过 docker pull 192.168.43.239:1005/hello-world:latest 它在命令shell中给出以下错误:
If i use my IP address via docker pull 192.168.43.239:1005/hello-world:latest it gives following error in command shell:
Error response from daemon: Get https://192.168.43.239:1005/v1/_ping: http: server gave HTTP response to HTTPS client
当使用第三方Docker UI Manager通过 docker run --detach portainer:最新的它也显示连接错误:
When using 3rd party Docker UI Manager via docker run --detach portainer:latest it also shows error to connect as:
2017/04/19 14:30:24 http: proxy error: dial tcp [::1]:1005: getsockopt: connection refused
还尝试了其他东西。如何使用Docker管理UI工具从LAN连接我的私人注册表服务器( localhost:1005 ?
Tried other stuff also. How can I connect my private registry server that is localhost:1005 from LAN using any Docker Management UI tool ?
推荐答案
最后找到解决这个棘手的解决方案
At last find solution to this which was tricky
-
生成的CA私钥和证书作为
ca-cert-mycompany.pem和ca-cert-key-companyname.pem。并在这些位置配置 docker-compose.yml 将这两个文件另存为 :ro :/ usr / local / share / ca-certificates,/ etc / ssl / certs /,/etc/docker/certs.d/mysite .COM。但是我也只尝试将证书复制到/ usr / local / share / ca-certificates就足够了,因为docker会忽略重复的CA证书。这个额外的复制是因为在许多被放置的docker的同事推荐相同。我没有执行命令:update-ca-certificates这次在注册表容器中,但是做的更早,因为许多建议。
Generated CA private key and certificate as
ca-cert-mycompany.pemandca-cert-key-companyname.pem. And configured docker-compose.yml to save both files as :ro in these locations:/usr/local/share/ca-certificates,/etc/ssl/certs/,/etc/docker/certs.d/mysite.com. But I also tried only copying certificate to/usr/local/share/ca-certificateswas enough as docker will ignore duplicate CA certificates. This extra copying is because at many placed docker fellow recommended the same. I did not executed command:update-ca-certificatesthis time in registry container but was doing earlier as against what is suggested by many.
在 docker-compose.yml 中定义:随机数为 REGISTRY_HTTP_SECRET ,服务器的链接证书(附加到其末尾的CA证书)到 REGISTRY_HTTP_TLS_CERTIFICATE amd服务器的公钥为 REGISTRY_HTTP_TLS_KEY 。已禁用HTTP身份验证。特别是在容器文件夹中使用其他证书的文件名命名为 mysite.com_server-chained-certificate.crt ,而不是仅仅 certificate.crt 。
Defined in docker-compose.yml: random number as REGISTRY_HTTP_SECRET, and server's chained certificate (CA certificate appended to end of it) to REGISTRY_HTTP_TLS_CERTIFICATE amd server's public key to REGISTRY_HTTP_TLS_KEY. Had disabled HTTP authentication. Especially used some naming for file names as found with other certificates in container folder as mysite.com_server-chained-certificate.crt instead of just certificate.crt.
V-Imp: 将证书推送到受信任的根目录Windows使用命令 certutil.exe -addstore root .\Keys\ca-certificate.crt ,然后重新启动 Docker for Windows ,然后使用 docker-compos up -d 创建容器。这是最重要的一步,没有任何效果。
V-Imp: pushed certificate to trusted root in windows using command certutil.exe -addstore root .\Keys\ca-certificate.crt followed with restarting Docker for Windows from taskbar icon and then creating container using docker-compose up -d. This is most important step without this nothing worked.
现在可以执行 docker pull mysite。 com:1005 / my-repo:my-tag 。
这篇关于私人Docker注册表不能与Shell& Web管理界面?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
