Docker:私有注册表访问
[英]Docker: private registry access
问题描述
I'm trying to push an image to my docker private repository: 
我正在尝试将映像推送到我的docker私有存储库:
docker pull busybox
docker tag busybox living-registry.com:5000/busybox
docker push living-registry.com:5000/busybox
Docker tells me: Docker告诉我:
The push refers to a repository [living-registry.com:5000/busybox] Get https://living-registry.com:5000/v1/_ping : read tcp 195.83.122.16:39714->195.83.122.16:5000: read: connection reset by peer
These commands are being performed on a CoreOS. 这些命令在CoreOS上执行。
In another machine, I've started my registry using this command: 在另一台计算机上,我使用以下命令启动了注册表:
docker run -d -p 5000:5000 --restart=always --name registry \
-v /root/docker-registry/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-v /root/docker-registry/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registry.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/registry.key \
-v /root/docker-registry/data:/var/lib/registry \
registry:2
Everything seems to be right: 一切似乎都是正确的:
# netstat -tupln | grep 5000
tcp6 0 0 :::5000 :::* LISTEN 3160/docker-proxy
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
27e79f6a504c registry:2 "/bin/registry serve " About an hour ago Restarting (2) 36 minutes ago 0.0.0.0:5000->5000/tcp registry
So, when I'm trying to log in: 因此,当我尝试登录时:
[root@jenkins certs]# docker login living-registry.com:5000
Username: xxxx
Password: xxxx
Error response from daemon: Get https://living-registry.com:5000/v1/users/ : read tcp 195.83.122.16:39756->195.83.122.16:5000: read: connection reset by peer
Any ideas? 有任何想法吗?
EDIT 编辑
I've already added the certificate ( ca.crt ) in /etc/ssl/certs and in /etc/docker/certs.d/xxxx:5000/ . 我已经在/etc/ssl/certs和/etc/docker/certs.d/xxxx:5000/添加了证书( ca.crt )。
From this CoreOS instance, I'm trying to perform that: 我正在这个CoreOS实例中尝试执行以下操作:
$ docker login https://xxxx:5000 Username: xxx Password: Email: xxx@mail.com And it tells me: $ docker login https://xxxx:5000 Username: xxx Password: Email: xxx@mail.com它告诉我:
Error response from daemon: invalid registry endpoint https://xxxx:5000/v0/ : unable to ping registry endpoint https://xxxx:5000/v0/ v2 ping attempt failed with error: Get https://xxxx:5000/v2/ : EOF v1 ping attempt failed with error: Get https://xxxx:5000/v1/_ping : EOF.
--insecure-registry xxxx:5000to the daemon's arguments.--insecure-registry xxxx:5000。 In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag;
I've also tried to get the connection directly with openssl : 我也尝试过直接与openssl建立连接:
openssl s_client -connect x.x.x.x:5000
The output is: 输出为:
CONNECTED(00000003)
140180300502672:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 308 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1467812448
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
1 个解决方案
解决方案1
0 2016-07-06 23:04:25
For self-signed certificates, the crt must be copied into 对于自签名证书,必须将crt复制到
/etc/docker/cert.d/hostname:port/ca.crt
cf : https://docs.docker.com/engine/security/certificates/ cf: https : //docs.docker.com/engine/security/certificates/
I create certificates : 我创建证书:
openssl req -x509 -nodes -days 3650d -newkey rsa:2048 -keyout /root/docker-registry/certs/registry.key -out /root/docker-registry/certs/registry.crt -days 3650d
cp /root/docker-registry/certs/registry.crt /etc/docker/cert.d/x.x.x.x:5000/ca.crt
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.