[英]Docker private registry | TLS certificate issue
我尝试按照以下教程在AWS Centos计算机上设置自己的私有注册表(v2)。
我已经自行签署了TLS证书,并将其放在/etc/docker/certs.d/MACHINE_STATIS_IP:5000/
当尝试登录注册表(docker登录MACHINE_IP:5000)或推送标记的存储库(MACHINE_IP:5000 / ubuntu:latest)时,出现以下错误:
Error response from daemon: Get https://MACHINE_IP:5000/v1/users/: x509: cannot validate certificate for MACHINE_IP because it doesn't contain any IP SANs
试图搜索答案为2天,但是我找不到任何答案。 我已将证书CN(通用名称)设置为MACHINE_STATIC_IP:5000
使用自签名TLS证书的docker守护程序要求您将证书添加到已知证书中。
使用keytool命令获取证书:
keytool -printcert -sslserver ${NEXUS_DOMAIN}:${SSL_PORT} -rfc > ${NEXUS_DOMAIN}.crt
并将其复制到客户端计算机的SSL证书目录(在我的情况下为ubuntu):
sudo cp ${NEXUS_DOMAIN}.crt /usr/local/share/ca-certificates/${NEXUS_DOMAIN}.crt && sudo update-ca-certificates
现在重新加载docker daemon,您就可以开始了:
sudo systemctl restart docker
您也可以使用以下命令暂时信任证书,而无需将其添加到系统证书中。
docker --tlscert <the downloaded tls cert> pull <whatever you want to pull>
如何使用自签名证书通过TLS将Docker应用程序包推送到私有注册表
[英]How to push a Docker Application Package to private registry via TLS using a self-signed certificate
如何使Drone Docker插件通过具有自签名TLS证书的自托管注册表进行身份验证
[英]How to make Drone Docker plugin to authenticate with a self-hosted registry having a self-signed TLS certificate
启用TLS的反向代理(Traefik)后的Docker注册表-远程错误:错误的证书
[英]Docker Registry behind TLS enabled reverse proxy (Traefik) - Remote Error: Bad Certificate
使用私有 CA 签名的 TLS 证书引用 repo 时,`docker buildx build` 失败
[英]`docker buildx build` failing when referring repo with TLS certificate signed with private CA
在Docker映像中从私有注册表中提供SSL证书还是在每次启动时创建一个证书?
[英]Provide SSL certificate in Docker image from private registry or create one at every start?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.