[英]Redirecting http to https using nginx behind AWS load balancer
[英]Deploy an https docker registry behind nginx on AWS
我正在尝试在弹性负载均衡器后面的EC2实例上部署通用注册表实例(npm私有注册表+ docker私有注册表),并使用nginx作为反向代理。 这样做,我希望能够通过https并通过身份验证将npm软件包和docker.mydomain.org
映像分别推送到registry.mydomain.org
和docker.mydomain.org
。
为此,我遵循以下步骤:
docker-compose.yml
文件(我将verdaccio用作npm私有注册表,将Registry:2用作docker注册表: version: '3' services: nginx: image: nginx:alpine container_name: nginx restart: always ports: - "80:80" volumes: - ./nginx:/etc/nginx/conf.d/ - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro links: - verdaccio:verdaccio - docker:docker verdaccio: image: verdaccio/verdaccio:latest container_name: verdaccio restart: always ports: - "4873:4873" volumes: - ./registry:/verdaccio/conf - ./database/verdaccio:/verdaccio/storage docker: image: registry:2 container_name: docker restart: always ports: - "5000:5000" volumes: - ./database/docker:/var/lib/registry
events { worker_connections 1024; } http { upstream docker-registry { server docker:5000; } upstream npm-registry { server verdaccio:4873; } ## Set a variable to help us decide if we need to add the ## 'Docker-Distribution-Api-Version' header. ## The registry always sets this header. ## In the case of nginx performing auth, the header will be unset ## since nginx is auth-ing before proxying. map $upstream_http_docker_distribution_api_version $docker_distribution_api_version { '' 'registry/2.0'; } # Healtcheck server { listen 80; location /healthcheck { access_log off; return 200; } } server { # Server options listen 80; charset utf-8; client_max_body_size 0; server_name registry.mydomain.org; # Proxy settings location / { access_log /var/log/nginx/verdaccio.log; proxy_pass http://npm-registry; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-NginX-Proxy true; proxy_ssl_session_reuse off; proxy_redirect off; } } server { # Server options listen 80; charset utf-8; client_max_body_size 0; # required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486) chunked_transfer_encoding on; server_name docker.mydomain.org; # Authentication auth_basic "Registry realm"; auth_basic_user_file /etc/nginx/conf.d/nginx.htpasswd; # Proxy settings location / { if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) { return 404; } ## If $docker_distribution_api_version is empty, the header will not be added. ## See the map directive above where this variable is defined. add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always; access_log /var/log/nginx/docker.log; proxy_pass http://docker-registry; proxy_read_timeout 900; } } }
nginx.htpasswd
文件。 现在,注册表运行正常。 因此,如果我访问https://registry.mydomain.org
我可以看到它,并且可以通过npm login --registry=https://registry.mydomain.org --scope=@myscope
将npm软件包推送到它
但是,关于Docker注册表 ,虽然我绝对可以使用docker login -u user -p password
登录到它,但是当我尝试向其推送映像时,docker客户端进入无限循环并继续尝试上传映像(使用没有成功)。 在服务器端,由于所有请求都以202 HTTP状态结束,因此Docker注册表的日志不会显示有关正在进行的操作的有用信息。
关于如何解决的任何提示?
我想到了。 我缺少一个proxy_set_header Host $host;
在Nginx代理配置中。
这样做:
server {
# Server options
listen 80;
charset utf-8;
client_max_body_size 0;
# required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486)
chunked_transfer_encoding on;
server_name docker.cubbit.net;
# Authentication
auth_basic "Registry realm";
auth_basic_user_file /etc/nginx/conf.d/nginx.htpasswd;
# Proxy settings
location / {
# Do not allow connections from docker 1.5 and earlier
# docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
return 404;
}
## If $docker_distribution_api_version is empty, the header will not be added.
## See the map directive above where this variable is defined.
add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;
access_log /var/log/nginx/docker.log;
proxy_pass http://docker-registry;
proxy_set_header Host $host;
proxy_read_timeout 900;
}
}
它开始完美运行。 希望这可以帮助某人。 我花了两天时间。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.