Docker Private Registry:ping尝试失败
[英]Docker Private Registry: ping attempt failed
问题描述
I'm trying to set up my private Docker Registry and I'm following the official documentation . 
我正在尝试建立我的私有Docker Registry,我正在遵循官方文档 。 I have installed Docker and I'm able to run my registry on my server. 我已经安装了Docker,我可以在我的服务器上运行我的注册表。 But I want my registry to be more widely available. 但我希望我的注册表可以更广泛地使用。 My docker-server with the private registry is installed on an AWS-instance. 我的具有私有注册表的docker-server安装在AWS实例上。 I have created my own certificate and key by using keytool: 我使用keytool创建了自己的证书和密钥:
docker run -d -p 5000:5000 --restart=always --name registry \
-v `pwd`/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
registry:2
I'm able to ping this instance by: 我可以通过以下方式ping此实例:
ping ec2-xx-xx-xx-xx.xx-west/east-1.compute.amazonaws.com
But pushing is not possible: 但推动是不可能的:
The push refers to a repository [ec2-xx-xx-xx-xx.compute.amazonaws.com:5000/ubuntu] (len: 1)
unable to ping registry endpoint https://ec2-xx-xx-xx-xx.compute.amazonaws.com:5000/v0/
v2 ping attempt failed with error: Get https://ec2-xx-xx-xx-xx.compute.amazonaws.com:5000/v2/: dial tcp 10.x.x.x:5000: i/o timeout
v1 ping attempt failed with error: Get https://ec2-xx-xx-xx-xx.amazonaws.com:5000/v1/_ping: dial tcp 10.0.x.x:5000: i/o timeout
EDIT1: After changing my aws-security group. 编辑1:更改我的aws-security组后。 Set port 5000 to TCP , the error changed: 将端口5000设置为TCP ,错误已更改:
unable to ping registry endpoint https://ec2-xx-xx-xx-xx.compute.amazonaws.com:5000/v0/
v2 ping attempt failed with error: Get https://ec2-xx-xx-xx-xx.compute.amazonaws.com:5000/v2/: dial tcp 10.0.x.x:5000: connection refused
v1 ping attempt failed with error: Get https://ec2-xx-xx-xx-xx.compute.amazonaws.com:5000/v1/_ping: dial tcp 10.0.x.x:5000: connection refused
How do I have to make my registry accessible for other aws-instances? 如何让我的注册表可以访问其他aws实例? My docker logs are showing the following. 我的docker日志显示以下内容。 They can't find my certificate. 他们找不到我的证书。
level=fatal msg="open /certs/domain.crt: no such file or directory"
Do I have to put this certificate in my container itself? 我必须将此证书放入我的容器中吗? (and generate it with keytool by myself or using an existing) (并由我自己或使用现有的keytool生成它)
EDIT2: I've generated my own certificates using this documentation . EDIT2:我使用此文档生成了自己的证书。 After generating the certificates I did restart my docker daemon. 生成证书后,我确实重新启动了我的docker守护程序。 I did not perform the copy of domain.crt to ca.crt because the path didn't exist. 我没有将domain.crt的副本执行到ca.crt,因为路径不存在。 Maybe I have to create it by myself? 也许我必须自己创造它?
new error: 新错误:
unable to ping registry endpoint https://ec2-xx-xx-xx-xx.compute.amazonaws.com:5000/v0/
v2 ping attempt failed with error: Get https://ec2-xx-xx-xx-xx.compute.amazonaws.com:5000/v2/: dial tcp 10.0.x.x:5000: no route to host
v1 ping attempt failed with error: Get https://ec2-xx-xx-xx-xx.compute.amazonaws.com:5000/v1/_ping: dial tcp 10.0.x.x:5000: no route to host
But I still get the following in my docker logs: 但我仍然在我的docker日志中得到以下信息:
level=fatal msg="open /certs/domain.crt: no such file or directory"
After trying to perform a push, there is created a new /certs folder into my existing certsfolder 尝试执行推送后,在我现有的certs文件夹中创建了一个新的/ certs文件夹
EDIT3: After finding the right directory for my certificate (/home/centos/certs/certs/*.). 编辑3:找到我的证书的正确目录(/ home / centos / certs / certs / *。)。 I get the following error: 我收到以下错误:
level=fatal msg="open /certs/domain.crt: permission denied
Even if I perform a chmod -R 777 and chown -R root:root 即使我执行chmod -R 777和chown -R root:root
1 个解决方案
解决方案1
0 2016-01-09 21:15:17
您需要将证书放在此目录中。
/etc/docker/certs.d/<your-domain-name>:5000/ca.crt
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.