[英]how do you securely push an image to a docker 1.13 registry:2 service from outside the swarm?
I am running a docker registry service in a locally-hosted docker-machine VM in a docker 1.13 swarm on OSX via: 我正在通过以下方式在OSX上的docker 1.13群中的本地托管docker-machine VM中运行docker Registry服务:
docker service create --name registry --with-registry-auth --publish
5000:5000 registry:2
The service is running and I can push/pull images on a swarm manager however when I try to push images to the service from the machine hosting the swarm VM using port 5000: 服务正在运行,我可以在群集管理器上推/拉映像,但是当我尝试使用端口5000从托管群集VM的计算机将映像推到服务时:
Get https://<IP of swarm manager>:5000/v1/_ping: http: server gave HTTP response to HTTPS client
Does anyone know how to securely access a docker registry service from outside the swarm? 有谁知道如何从群外安全地访问docker Registry服务? Possibly a FAQ, but I haven't found an article addressing it on the docker site.
可能是常见问题解答,但我在Docker站点上找不到解决该问题的文章。 They all seem to deal with container TLS settings or accessing the server from within the swarm (which is rather nice).
它们似乎都处理容器TLS设置或从群集内部访问服务器(这很不错)。
thanks! 谢谢!
The documentation on securing the registry socket deal with TLS settings because that's exactly what you need to configure. 有关保护注册表套接字的文档涉及TLS设置,因为这正是您需要配置的内容。 The registry documentation discusses this at a high level.
注册表文档在较高级别上对此进行了讨论。 The same steps to create a TLS CA, key, and certificate for the docker socket can be used for the registry socket and are documented on docker's site .
为docker套接字创建TLS CA,密钥和证书的相同步骤可用于注册表套接字,并记录在docker的站点上 。
Note that if you generate your own certificates from your own CA, you'll need to trust your CA. 请注意,如果您从自己的CA生成自己的证书,则需要信任您的CA。 There are various ways to do this just for docker, but the easier (and possibly less secure) solution is to add it to the list of root CA's on your host.
有多种方法可以仅针对docker来执行此操作,但更简单(且可能不太安全)的解决方案是将其添加到主机上的根CA列表中。 This procedure varies per linux distribution.
此过程因Linux发行版而异。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.