对Nginx背后的Docker私有注册表的请求由HTTPS虚拟主机处理
[英]Requests to docker private registry behind nginx are handled by an HTTPS vhost
问题描述
I have a docker private registry container serving behind Nginx in HTTP. 
我有一个泊坞窗私有注册表容器,在HTTP中在Nginx后面提供服务。
Everythings works fine until I add an HTTPS server configuration. 一切正常,直到我添加HTTPS服务器配置。 docker pull and docker push requests are handled by this HTTPS vhost rather than the docker registry vhost (access logs are printed under HTTPS domain, docker registry domain got nothing). docker pull和docker push请求由此HTTPS虚拟主机而不是docker注册表虚拟主机处理(访问日志在HTTPS域下打印,docker注册表域没有任何内容)。
So, obviously, I got 404 errors. 因此,很明显,我收到404错误。
Deleting this HTTPS config makes it work again. 删除此HTTPS配置可使其再次工作。
This is my docker registry conf under /etc/nginx/sites-enabled : 这是我在/etc/nginx/sites-enabled下的docker Registry conf:
server {
listen 80;
server_name docker-registry.my-domain.com;
access_log /data/log/nginx/$server_name.access.log;
client_max_body_size 0;
location ~ \.*$ {
proxy_pass http://localhost:5000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $http_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass_request_headers on;
}
}
And the HTTPS vhost under /etc/nginx/sites-enabled : 和/etc/nginx/sites-enabled下的HTTPS虚拟主机:
server {
listen 443 ssl;
server_name foobar.my-domain.com;
ssl_certificate /etc/nginx/certs/foobar.my-domain.com/crt;
ssl_certificate_key /etc/nginx/certs/foobar.my-domain.com/key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /data/log/nginx/$server_name.access.log;
location ~ \.*$ {
proxy_pass http://localhost:9000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $http_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass_request_headers on;
}
}
server {
listen 80;
server_name foobar.my-domain.com;
return 301 https://$server_name$request_uri;
}
When I use <my-ip>:5000 as insecure-registries rather than the domain name of docker registry, everything works also fine. 当我将<my-ip>:5000用作insecure-registries而不是docker注册表的域名时,一切正常。
When I use curl to send request to http://docker-registry.my-domain.com/v2/<my-image>/manifests/latest , access log of docker registry prints 401 Unauthorized as expected. 当我使用curl将请求发送到http://docker-registry.my-domain.com/v2/<my-image>/manifests/latest ,Docker注册表的访问日志将按预期打印401 Unauthorized 。
Do I misconfigure Nginx? 我是否会错误配置Nginx?
Docker version: Docker版本:
Client: Docker Engine - Community
Version: 18.09.0-ce-beta1
API version: 1.39
Go version: go1.10.4
Git commit: 78a6bdb
Built: Thu Sep 6 22:41:53 2018
OS/Arch: darwin/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 18.09.0-ce-beta1
API version: 1.39 (minimum version 1.12)
Go version: go1.10.3
Git commit: 78a6bdb
Built: Thu Sep 6 22:49:35 2018
OS/Arch: linux/amd64
Experimental: true
Many thanks! 非常感谢!
--------------- Updates --------------------------- - - - - - - - - 更新 - - - - - - - - - - - - - -
I find that it works fine if I remove the protocol ssl after listen in HTTPS config. 我发现如果在HTTPS配置中侦听后删除协议ssl ,它会很好地工作。
1 个解决方案
解决方案1
0 2018-11-01 07:37:03
Finally I found, if ssl is also enabled in docker-registry.my-domain.com , everything works fine. 最后我发现,如果ssl在同时启用docker-registry.my-domain.com ,一切工作正常。 I don't know why, but it really works. 我不知道为什么,但是它确实有效。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.