[英]Requests to docker private registry behind nginx are handled by an HTTPS vhost
我有一個泊塢窗私有注冊表容器,在HTTP中在Nginx后面提供服務。
一切正常,直到我添加HTTPS服務器配置。 docker pull
和docker push
請求由此HTTPS虛擬主機而不是docker注冊表虛擬主機處理(訪問日志在HTTPS域下打印,docker注冊表域沒有任何內容)。
因此,很明顯,我收到404錯誤。
刪除此HTTPS配置可使其再次工作。
這是我在/etc/nginx/sites-enabled
下的docker Registry conf:
server {
listen 80;
server_name docker-registry.my-domain.com;
access_log /data/log/nginx/$server_name.access.log;
client_max_body_size 0;
location ~ \.*$ {
proxy_pass http://localhost:5000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $http_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass_request_headers on;
}
}
和/etc/nginx/sites-enabled
下的HTTPS虛擬主機:
server {
listen 443 ssl;
server_name foobar.my-domain.com;
ssl_certificate /etc/nginx/certs/foobar.my-domain.com/crt;
ssl_certificate_key /etc/nginx/certs/foobar.my-domain.com/key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /data/log/nginx/$server_name.access.log;
location ~ \.*$ {
proxy_pass http://localhost:9000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $http_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass_request_headers on;
}
}
server {
listen 80;
server_name foobar.my-domain.com;
return 301 https://$server_name$request_uri;
}
當我將<my-ip>:5000
用作insecure-registries
而不是docker注冊表的域名時,一切正常。
當我使用curl將請求發送到http://docker-registry.my-domain.com/v2/<my-image>/manifests/latest
,Docker注冊表的訪問日志將按預期打印401 Unauthorized
。
我是否會錯誤配置Nginx?
Docker版本:
Client: Docker Engine - Community
Version: 18.09.0-ce-beta1
API version: 1.39
Go version: go1.10.4
Git commit: 78a6bdb
Built: Thu Sep 6 22:41:53 2018
OS/Arch: darwin/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 18.09.0-ce-beta1
API version: 1.39 (minimum version 1.12)
Go version: go1.10.3
Git commit: 78a6bdb
Built: Thu Sep 6 22:49:35 2018
OS/Arch: linux/amd64
Experimental: true
非常感謝!
- - - - - - - - 更新 - - - - - - - - - - - - - -
我發現如果在HTTPS配置中偵聽后刪除協議ssl
,它會很好地工作。
最后我發現,如果ssl
在同時啟用docker-registry.my-domain.com
,一切工作正常。 我不知道為什么,但是它確實有效。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.