stackoom
  简体   繁体   中英

Requests to docker private registry behind nginx are handled by an HTTPS vhost

 原文  2018-10-31 10:59:42       docker/ nginx/ https

Question

I have a docker private registry container serving behind Nginx in HTTP.

Everythings works fine until I add an HTTPS server configuration. docker pull and docker push requests are handled by this HTTPS vhost rather than the docker registry vhost (access logs are printed under HTTPS domain, docker registry domain got nothing).

So, obviously, I got 404 errors.

Deleting this HTTPS config makes it work again.

This is my docker registry conf under /etc/nginx/sites-enabled : 

server {
    listen 80;
    server_name docker-registry.my-domain.com;
    access_log /data/log/nginx/$server_name.access.log;
    client_max_body_size 0;

    location ~ \.*$ {
        proxy_pass http://localhost:5000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $http_x_forwarded_for;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass_request_headers on;
    }
}

And the HTTPS vhost under /etc/nginx/sites-enabled : 

server {
    listen 443 ssl;
    server_name foobar.my-domain.com;
    ssl_certificate /etc/nginx/certs/foobar.my-domain.com/crt;
    ssl_certificate_key /etc/nginx/certs/foobar.my-domain.com/key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;
    access_log /data/log/nginx/$server_name.access.log;

    location ~ \.*$ {
        proxy_pass http://localhost:9000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $http_x_forwarded_for;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass_request_headers on;
    }
}

server {
    listen 80;
    server_name foobar.my-domain.com;
    return 301 https://$server_name$request_uri;
}

When I use <my-ip>:5000 as insecure-registries rather than the domain name of docker registry, everything works also fine.

When I use curl to send request to http://docker-registry.my-domain.com/v2/<my-image>/manifests/latest , access log of docker registry prints 401 Unauthorized as expected.

Do I misconfigure Nginx?

Docker version: 

Client: Docker Engine - Community
 Version:           18.09.0-ce-beta1
 API version:       1.39
 Go version:        go1.10.4
 Git commit:        78a6bdb
 Built:             Thu Sep  6 22:41:53 2018
 OS/Arch:           darwin/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.0-ce-beta1
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.3
  Git commit:       78a6bdb
  Built:            Thu Sep  6 22:49:35 2018
  OS/Arch:          linux/amd64
  Experimental:     true

Many thanks!

--------------- Updates ---------------------------

I find that it works fine if I remove the protocol ssl after listen in HTTPS config.

1 answers

solution1
 0  2018-11-01 07:37:03

Finally I found, if ssl is also enabled in docker-registry.my-domain.com , everything works fine. I don't know why, but it really works.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Deploy an https docker registry behind nginx on AWS malformed HTTP response with docker private registry (v2) behind an nginx proxy Error docker registry behind nginx, push and pull Use https for accessing Docker private registry Docker private registry with multiple registry urls using nginx Use Maven and Docker + Nexus 3 behind NGinx with HTTPS docker the docker registry (a private installation of it) use https (tls/ssl) Logging in to private docker registry v2 behind haproxy docker login behind proxy on private registry gives TLS handshake timeout Run nginx in docker with custom vhost
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM