docker推送本地注册表https访问资源失败的问题
[英]Issue with docker push on local registry https access to ressource denied
问题描述
I have a problem with my registry docker. 
我的注册表泊坞窗有问题。 My "server" VM is on kali-linux. 我的“服务器” VM在kali-linux上。 I created the registry docker in HTTP and use a centOS VM as a client. 我在HTTP中创建了注册表docker,并使用centOS VM作为客户端。 I declared the registry insecure in the client VM and it worked perfectly. 我宣布客户端VM中的注册表不安全,并且运行良好。
Now I try to put it in HTTPS. 现在,我尝试将其放入HTTPS。 In order to do that, I use nginx as a proxy. 为了做到这一点,我使用nginx作为代理。 I followed this tutorial : Step 5 — Setting Up SSL except for Part 8 to make it a service (I don't know why but i can't do it). 我遵循了本教程: 步骤5-设置SSL ( 第8部分除外)以使其成为服务(我不知道为什么,但我不能这样做)。
Because I don't have a domain name, I used a fake one. 因为我没有域名,所以我使用了一个伪造的域名。 In order to be recognized, I added my IP (192.168.XX) and the domain name I used (myregistryexemple) to the /etc/hosts file on both VM. 为了得到识别,我在两个VM的/ etc / hosts文件中添加了我的IP(192.168.XX)和我使用的域名(myregistryexemple)。
As asked by the tutorial, I generated the certificat on my "server" VM (the kali one), and send it by scp to my client VM. 按照教程的要求,我在“服务器” VM(kali证书)上生成了证书,然后通过scp将其发送到客户端VM。 I make the centOS vm trust the certificate thanks to this commands : 由于以下命令,我使centOS vm信任证书:
yum install ca-certificates
update-ca-trust force-enable
cp cert.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust extract
I restart the service docker on the client VM. 我在客户端VM上重新启动服务docker。 And launch the docker registry and the nginx proxy with "docker-compose up" on my kali VM. 然后在我的kali VM上使用“ docker-compose up”启动docker注册表和nginx代理。
I tag and try to push an ubuntu on the registry : 我标记并尝试在注册表上推送一个ubuntu:
docker tag ubuntu myregistryexemple/ubuntu
docker push myregistryexemple/ubuntu
But I get this error : 但是我得到这个错误:
The push refers to a repository [docker.io/myregistryexemple/ubuntu]
56827159aa8b: Preparing
440e02c3dcde: Preparing
29660d0e5bb2: Preparing
85782553e37a: Preparing
745f5be9952c: Preparing
denied: requested access to the resource is denied
Then I try to push to localhost directly : 然后我尝试直接推送到本地主机:
docker tag ubuntu localhost:5000/ubuntu & docker push localhost:5000/ubuntu
then I docker login on the domain from the client VM, it worked, but when i tried to pull from my domain registry on the client VM, docker cannot find on the registry the docker images i tried to push. 然后我从客户端VM在域上登录了docker,它起作用了,但是当我尝试从客户端VM上的域注册表中拉出时,docker无法在注册表中找到我尝试推送的docker镜像。
Do someone has any idea why and knows how to help me ? 有人知道为什么会做,并且知道如何帮助我吗?
1 个解决方案
解决方案1
0 已采纳 2017-04-20 09:22:30
Ok so i found a way to make it work. 好的,所以我找到了一种使其工作的方法。
It is quite simple : Juste follow the complete tutorial I quote on the question ( https://www.digitalocean.com/community/tutorials/how-to-set-up-a-private-docker-registry-on-ubuntu-14-04#step-5-%E2%80%94-setting-up-ssl ) 这很简单:只需按照我在这个问题上引用的完整教程进行操作( https://www.digitalocean.com/community/tutorials/how-to-set-up-a-private-docker-registry-on-ubuntu- 14-04#step-5-%E2%80%94-setting-up-ssl )
After you created the repository, and before you push/pull a docker image. 创建存储库之后,以及在推送/拉动docker映像之前。
You need to go, in both client and server VM, on /etc/hosts . 您需要在客户端和服务器VM中都在/ etc / hosts上。
Add the line : domainChosen serverVmIp 添加行:domainChosen serverVmIp
Save and quit it. 保存并退出。
Now we need the client to trust the certificate generated. 现在,我们需要客户端信任生成的证书。 In order to do that, you can use this tutorial : http://kb.kerio.com/product/kerio-connect/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html . 为此,您可以使用本教程: http : //kb.kerio.com/product/kerio-connect/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server- 1605.html 。
Then restart your registry and your docker deamon. 然后重新启动注册表和docker守护进程。 And you normaly can use your domain name to push/pull in your registry in https. 通常,您可以使用域名在https中的注册表中进行推送/拉取。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.