如何使用Apache和CA证书配置Docker Registry V2?
我已经在谷歌搜索中阅读了这里和外面的所有引用,无法使用CA签名的证书访问我的注册表。以下是我所拥有的: Apache代理(已尝试了各种配置,但均未对docker产生任何影响): 听dockerepo.xxxxx.xxxxx.xxxxx.com:5000 https 服务器名dockerepo.xxxxx.xxxxx.xxxxx.com 斯伦金安 SSLCertificateFile/etc/httpd/certs/dockerepocakecycert.crt SSLCACertificateFile/etc/httpd/certs/dockerepocakecycert.crt SSLCertificateKeyFile/etc/httpd/certs/dockerepocakecycert.crt SSLCipherSuite AES128-SHA、AES256-SHA、AES128-GCM-SHA256、AES256-GCM-SHA384 SSLProtocol all-SSLv3-SSLv2-TLSv1如何使用Apache和CA证书配置Docker Registry V2?,apache,docker,certificate,docker-registry,Apache,Docker,Certificate,Docker Registry,我已经在谷歌搜索中阅读了这里和外面的所有引用,无法使用CA签名的证书访问我的注册表。以下是我所拥有的: Apache代理(已尝试了各种配置,但均未对docker产生任何影响): 听dockerepo.xxxxx.xxxxx.xxxxx.com:5000 https 服务器名dockerepo.xxxxx.xxxxx.xxxxx.com 斯伦金安 SSLCertificateFile/etc/httpd/certs/dockerepocakecycert.crt SSLCACertificate
Header always set "Docker-Distribution-Api-Version" "registry/2.0"
Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0"
RequestHeader set X-Forwarded-Proto "https"
ProxyPreserveHost on
ProxyPass /v2 http://127.0.0.1:5000/v2
ProxyPassReverse /v2 http://127.0.0.1:5000/v2
Header always set "Docker-Distribution-Api-Version" "registry/2.0"
Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0"
RequestHeader set X-Forwarded-Proto "https"
ProxyPreserveHost on
ProxyPass /v2 http://127.0.0.1:5000/v2
ProxyPassReverse /v2 http://127.0.0.1:5000/v2
斯伦金安
SSLCertificateFile/etc/httpd/certs/dockerepocakecycert.crt
SSLCACertificateFile/etc/httpd/certs/dockerepocakecycert.crt
SSLCertificateKeyFile/etc/httpd/certs/dockerepocakecycert.crt
SSLCipherSuite AES128-SHA、AES256-SHA、AES128-GCM-SHA256、AES256-GCM-SHA384
SSLProtocol all-SSLv3-SSLv2-TLSv1
Header always set "Docker-Distribution-Api-Version" "registry/2.0"
Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0"
RequestHeader set X-Forwarded-Proto "https"
ProxyPreserveHost on
ProxyPass /v2 http://127.0.0.1:5000/v2
ProxyPassReverse /v2 http://127.0.0.1:5000/v2
Header always set "Docker-Distribution-Api-Version" "registry/2.0"
Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0"
RequestHeader set X-Forwarded-Proto "https"
ProxyPreserveHost on
ProxyPass /v2 http://127.0.0.1:5000/v2
ProxyPassReverse /v2 http://127.0.0.1:5000/v2
我启动注册表:
prod=注册表
ver=2.1.1
docker加载——输入/home/docker/docker_${prod}-${ver}.tar
docker run-d--privileged=true-e GUNICORN_OPTS=“[--preload]”-p 127.0.0.1:5000:5000--restart=always-v/home/docker/certs:/ce
rts-e注册表\u HTTP\u TLS\u证书=/certs/dockerepocacert.crt-e注册表\u HTTP\u TLS\u密钥=/certs/client私钥NoPassphase
.pem-v/home/docker/prodRepo/data:/tmp/registry dev--name docker registry${prod}:${ver}
注册表和apache启动良好。当我推的时候,我得到这个:
[root@dockerrepoDockerEPO:5000]#docker推送DockerEPO.xxxxx.xxxxx.xxxxx.com:5000/注册表:2.1.1
推送引用存储库[dockerepo.internal.acp.arris.com:5000/registry](len:1)
无法ping注册表终结点
v2 ping尝试失败,错误为:获取https://dockerepo.xxxxx.xxxxx.com:5000/v2/:x509:由签名的证书
未知权威
v1 ping尝试失败,错误为:Get https://dockerepo.xxxxx.xxxxx.xxxxx.com:5000/v1/\u ping:x509:由未知授权机构签署的证书
我尝试过在所有组合中组合域、中间/子证书和根证书,但我似乎无法实现这一点。我怀疑我在做傻事,但我看不出是什么。感谢您的帮助
检查后,我意识到我没有将我的证书添加到CA信任。执行此操作后,我现在得到以下错误:
[root@dockerrepoanchors]#docker push Dockerpo.xxxxx.xxxxx.xxxxx.com:5000/注册表:2.1.1
推送引用存储库[dockerepo.xxxxx.xxxxx.xxxxx.com:5000/registry](len:1)
1e847b14150e:缓冲到磁盘
收到意外的HTTP状态:502代理错误
您是否确保CA证书位于主机上的以下目录中
/etc/docker/certs.d/<registry-host>:<registry-port>/
/etc/docker/certs.d/:/