如何使用Apache和CA证书配置Docker Registry V2？_Apache_Docker_Certificate_Docker Registry

如何使用Apache和CA证书配置Docker Registry V2？

apache docker certificate

如何使用Apache和CA证书配置Docker Registry V2？,apache,docker,certificate,docker-registry,Apache,Docker,Certificate,Docker Registry,我已经在谷歌搜索中阅读了这里和外面的所有引用，无法使用CA签名的证书访问我的注册表。以下是我所拥有的： Apache代理（已尝试了各种配置，但均未对docker产生任何影响）：听dockerepo.xxxxx.xxxxx.xxxxx.com:5000 https 服务器名dockerepo.xxxxx.xxxxx.xxxxx.com 斯伦金安 SSLCertificateFile/etc/httpd/certs/dockerepocakecycert.crt SSLCACertificate

我已经在谷歌搜索中阅读了这里和外面的所有引用，无法使用CA签名的证书访问我的注册表。以下是我所拥有的：

Apache代理（已尝试了各种配置，但均未对docker产生任何影响）：

听dockerepo.xxxxx.xxxxx.xxxxx.com:5000 https 服务器名dockerepo.xxxxx.xxxxx.xxxxx.com

斯伦金安 SSLCertificateFile/etc/httpd/certs/dockerepocakecycert.crt SSLCACertificateFile/etc/httpd/certs/dockerepocakecycert.crt SSLCertificateKeyFile/etc/httpd/certs/dockerepocakecycert.crt SSLCipherSuite AES128-SHA、AES256-SHA、AES128-GCM-SHA256、AES256-GCM-SHA384 SSLProtocol all-SSLv3-SSLv2-TLSv1

Header always set "Docker-Distribution-Api-Version" "registry/2.0"
Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0"
RequestHeader set X-Forwarded-Proto "https"

ProxyPreserveHost on
ProxyPass   /v2 http://127.0.0.1:5000/v2
ProxyPassReverse /v2  http://127.0.0.1:5000/v2

Header always set "Docker-Distribution-Api-Version" "registry/2.0"
Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0"
RequestHeader set X-Forwarded-Proto "https"

ProxyPreserveHost on
ProxyPass   /v2 http://127.0.0.1:5000/v2
ProxyPassReverse /v2  http://127.0.0.1:5000/v2

Header always set "Docker-Distribution-Api-Version" "registry/2.0"
Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0"
RequestHeader set X-Forwarded-Proto "https"

ProxyPreserveHost on
ProxyPass   /v2 http://127.0.0.1:5000/v2
ProxyPassReverse /v2  http://127.0.0.1:5000/v2

Header always set "Docker-Distribution-Api-Version" "registry/2.0"
Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0"
RequestHeader set X-Forwarded-Proto "https"

ProxyPreserveHost on
ProxyPass   /v2 http://127.0.0.1:5000/v2
ProxyPassReverse /v2  http://127.0.0.1:5000/v2

我启动注册表：

prod=注册表 ver=2.1.1 docker加载——输入/home/docker/docker_${prod}-${ver}.tar docker run-d--privileged=true-e GUNICORN_OPTS=“[--preload]”-p 127.0.0.1:5000:5000--restart=always-v/home/docker/certs:/ce rts-e注册表\u HTTP\u TLS\u证书=/certs/dockerepocacert.crt-e注册表\u HTTP\u TLS\u密钥=/certs/client私钥NoPassphase .pem-v/home/docker/prodRepo/data:/tmp/registry dev--name docker registry${prod}:${ver}

注册表和apache启动良好。当我推的时候，我得到这个：

[root@dockerrepoDockerEPO:5000]#docker推送DockerEPO.xxxxx.xxxxx.xxxxx.com:5000/注册表：2.1.1

推送引用存储库[dockerepo.internal.acp.arris.com:5000/registry]（len:1）

无法ping注册表终结点

v2 ping尝试失败，错误为：获取https://dockerepo.xxxxx.xxxxx.com:5000/v2/：x509:由签名的证书未知权威

v1 ping尝试失败，错误为：Get https://dockerepo.xxxxx.xxxxx.xxxxx.com:5000/v1/\u ping:x509:由未知授权机构签署的证书

我尝试过在所有组合中组合域、中间/子证书和根证书，但我似乎无法实现这一点。我怀疑我在做傻事，但我看不出是什么。感谢您的帮助

检查后，我意识到我没有将我的证书添加到CA信任。执行此操作后，我现在得到以下错误：

[root@dockerrepoanchors]#docker push Dockerpo.xxxxx.xxxxx.xxxxx.com:5000/注册表：2.1.1

推送引用存储库[dockerepo.xxxxx.xxxxx.xxxxx.com:5000/registry]（len:1）

1e847b14150e：缓冲到磁盘

收到意外的HTTP状态：502代理错误

您是否确保CA证书位于主机上的以下目录中

   /etc/docker/certs.d/<registry-host>:<registry-port>/

/etc/docker/certs.d/：/