[英]Requests to docker private registry behind nginx are handled by an HTTPS vhost
我有一个泊坞窗私有注册表容器,在HTTP中在Nginx后面提供服务。
一切正常,直到我添加HTTPS服务器配置。 docker pull
和docker push
请求由此HTTPS虚拟主机而不是docker注册表虚拟主机处理(访问日志在HTTPS域下打印,docker注册表域没有任何内容)。
因此,很明显,我收到404错误。
删除此HTTPS配置可使其再次工作。
这是我在/etc/nginx/sites-enabled
下的docker Registry conf:
server {
listen 80;
server_name docker-registry.my-domain.com;
access_log /data/log/nginx/$server_name.access.log;
client_max_body_size 0;
location ~ \.*$ {
proxy_pass http://localhost:5000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $http_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass_request_headers on;
}
}
和/etc/nginx/sites-enabled
下的HTTPS虚拟主机:
server {
listen 443 ssl;
server_name foobar.my-domain.com;
ssl_certificate /etc/nginx/certs/foobar.my-domain.com/crt;
ssl_certificate_key /etc/nginx/certs/foobar.my-domain.com/key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /data/log/nginx/$server_name.access.log;
location ~ \.*$ {
proxy_pass http://localhost:9000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $http_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass_request_headers on;
}
}
server {
listen 80;
server_name foobar.my-domain.com;
return 301 https://$server_name$request_uri;
}
当我将<my-ip>:5000
用作insecure-registries
而不是docker注册表的域名时,一切正常。
当我使用curl将请求发送到http://docker-registry.my-domain.com/v2/<my-image>/manifests/latest
,Docker注册表的访问日志将按预期打印401 Unauthorized
。
我是否会错误配置Nginx?
Docker版本:
Client: Docker Engine - Community
Version: 18.09.0-ce-beta1
API version: 1.39
Go version: go1.10.4
Git commit: 78a6bdb
Built: Thu Sep 6 22:41:53 2018
OS/Arch: darwin/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 18.09.0-ce-beta1
API version: 1.39 (minimum version 1.12)
Go version: go1.10.3
Git commit: 78a6bdb
Built: Thu Sep 6 22:49:35 2018
OS/Arch: linux/amd64
Experimental: true
非常感谢!
- - - - - - - - 更新 - - - - - - - - - - - - - -
我发现如果在HTTPS配置中侦听后删除协议ssl
,它会很好地工作。
最后我发现,如果ssl
在同时启用docker-registry.my-domain.com
,一切工作正常。 我不知道为什么,但是它确实有效。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.