Nginx docker pull push在成功登录后不工作
我目前正在尝试将nexus3配置为docker映像的私有注册表,使用nginx作为反向代理。在nexus内创建了3个回购协议,即NexusDockerProxy(docker代理)、NexusDockerHosted(docker托管,http端口:4444)和NexusDockerGroup(docker组,http端口:5555),并添加了托管和代理 nexus是用nginx配置的,我们使用的是自签名证书,并已将其添加到nginx配置文件中Nginx docker pull push在成功登录后不工作,nginx,docker,registry,reverse-proxy,Nginx,Docker,Registry,Reverse Proxy,我目前正在尝试将nexus3配置为docker映像的私有注册表,使用nginx作为反向代理。在nexus内创建了3个回购协议,即NexusDockerProxy(docker代理)、NexusDockerHosted(docker托管,http端口:4444)和NexusDockerGroup(docker组,http端口:5555),并添加了托管和代理 nexus是用nginx配置的,我们使用的是自签名证书,并已将其添加到nginx配置文件中 server { proxy_send_
server {
proxy_send_timeout 120;
proxy_read_timeout 300;
proxy_buffering off;
tcp_nodelay on;
server_tokens off;
client_max_body_size 1G;
listen 80;
server_name server908.int.org.com;
location / {
rewrite ^(.*) https://server908.int.org.com$1 permanent;
}
}
server {
listen 443;
server_name server908.int.org.com;
keepalive_timeout 60;
ssl on;
ssl_certificate /etc/ssl/certs/orgnexus.crt;
ssl_certificate_key /etc/ssl/certs/orgnexus.key;
ssl_ciphers HIGH:!kEDH:!ADH:!MD5:@STRENGTH;
ssl_session_cache shared:TLSSSL:16m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
proxy_pass http://server908.int.org.com:8082;
proxy_read_timeout 90;
}
}
# correlates to your nexus http connector
server {
listen 6666;
server_name server908.int.org.com;
keepalive_timeout 60;
ssl on;
ssl_certificate /etc/ssl/certs/orgnexus.crt;
ssl_certificate_key /etc/ssl/certs/orgnexus.key;
ssl_ciphers HIGH:!kEDH:!ADH:!MD5:@STRENGTH;
ssl_session_cache shared:TLSSSL:16m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
client_max_body_size 1G;
chunked_transfer_encoding on;
location / {
access_log /var/log/nginx/docker.log;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
#proxy_pass http://server908.int.org.com:4444;
proxy_pass http://server908.int.org.com:5555;
proxy_read_timeout 90;
}
}
我们已经用“/etc/default/docker”文件对以下条目进行了注释
登录也成功了
[root@server446 ~]$ docker login -u admin -p admin123 server908.int.org.com:6666
Login Succeeded
搜索图像也很好
[dockertest@server446 ~]$ docker search server908.int.org.com:6666/fedora
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
org.com server908.int.org.com:6666/fedora Official Docker builds of Fedora 544 [OK]
org.com server908.int.org.com:6666/fedora/apache 33 [OK]
org.com server908.int.org.com:6666/fedora/couchdb 32 [OK]
org.com server908.int.org.com:6666/fedora/firefox 23 [OK]
org.com server908.int.org.com:6666/fedora/mariadb 23 [OK]
org.com server908.int.org.com:6666/fedora/qpid 20 [OK]
org.com server908.int.org.com:6666/fedora/redis 20 [OK]
org.com server908.int.org.com:6666/fedora/ssh 20 [OK]
org.com server908.int.org.com:6666/fedora/nginx 19 [OK]
org.com server908.int.org.com:6666/fedora/memcached 18 [OK]
org.com server908.int.org.com:6666/fedora/rabbitmq 18 [OK]
org.com server908.int.org.com:6666/fedora/earthquake 17 [OK]
org.com server908.int.org.com:6666/fedora/nodejs 15 [OK]
org.com server908.int.org.com:6666/mattsch/fedora-nzbhydra Fedora NZBHydra 4 [OK]
org.com server908.int.org.com:6666/dockingbay/fedora-rust Trusted build of Rust programming language... 3 [OK]
org.com server908.int.org.com:6666/gluster/gluster-fedora Official GlusterFS image [ Fedora ( latest... 3 [OK]
org.com server908.int.org.com:6666/startx/fedora Simple container used for all startx based... 3 [OK]
org.com server908.int.org.com:6666/eminguez/flexget-fedora Flexget Docker Container based in Fedora t... 2 [OK]
org.com server908.int.org.com:6666/eminguez/transmission-fedora Transmission Fedora (fedora:latest) docker... 2 [OK]
org.com server908.int.org.com:6666/fedora/owncloud 2 [OK]
org.com server908.int.org.com:6666/gdepuille/fedora-ansible Image to test Ansible playbook with Fedora 2 [OK]
org.com server908.int.org.com:6666/kumarpraveen/fedora-sshd Fedora docker file for ssh service which m... 2 [OK]
org.com server908.int.org.com:6666/vbatts/fedora-varnish https://github.com/vbatts/laughing-octo/tr... 2 [OK]
org.com server908.int.org.com:6666/darksheer/fedora Hourly update latest Fedora Image 1 [OK]
org.com server908.int.org.com:6666/darksheer/fedora22 Base Fedora 22 Image -- Updated hourly
1 [OK]
但我们在尝试提取图像时面临以下问题
[dockertest@server446 ~]$ docker pull server908.int.org.com:6666/fedora
Using default tag: latest
Trying to pull repository server908.int.org.com:6666/fedora ...
latest: Pulling from server908.int.org.com:6666/fedora
691bc14ee274: Pulling fs layer
error pulling image configuration: unknown blob
对于nexus日志,我看到下面的认证错误
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) [na:1.8.0_91]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) [na:1.8.0_91]
at sun.security.validator.Validator.validate(Validator.java:260) [na:1.8.0_91]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) [na:1.8.0_91]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) [na:1.8.0_91]
不确定它要找什么证书,在哪里
同样使用push,我们得到404错误,如下所示
[dockertest@server446 ~]$ docker push server908.int.org.com:6666/maven:1
The push refers to a repository [server908.int.org.com:6666/maven]
701925f78142: Layer already exists
78bb4fee972f: Layer already exists
e1300844f726: Layer already exists
bfee0515af91: Preparing
2afcf4c557eb: Preparing
72cfa243711c: Waiting
9bf603e17b04: Waiting
70b22baddf90: Waiting
596ecbaf3ba4: Waiting
445ed6ee6867: Waiting
c59fa6cbcbd9: Waiting
8d4d1ab5ff74: Waiting
error parsing HTTP 404 response body: invalid character '<' looking for beginning of value:
nexus文档没有提供任何关于同一问题的明确说明。我是否遗漏了nginx、docker或nexus中的重要内容。我指的是以下参考资料
任何有助于获得docker pull的帮助都会非常有用,谢谢。我不相信Nexus是一个直通缓存。你可以直接从轮毂上拉。然后,您可以标记您的图像,并将其推送到您想要的本地注册表
docker pull centos
docker tag centos local.registry:5000/centos
docker push local.registry:5000/centos
我不相信Nexus是一个直通缓存。你可以直接从轮毂上拉。然后,您可以标记您的图像,并将其推送到您想要的本地注册表
docker pull centos
docker tag centos local.registry:5000/centos
docker push local.registry:5000/centos
我能够拉一个小的调整内nexus完成的图像。下面的链接允许我从docker hub搜索和提取nexus中不可用的图像
我能够拉一个小的调整内nexus完成的图像。下面的链接允许我从docker hub搜索和提取nexus中不可用的图像
我们暂时执行相同的操作,从hub下载并将其推送到nexus(NexusDockerHosted,即http端口4444)repo后期标记图像。当我启用nexus组端口(NexusDockerGroup,即http端口5555)时,它能够从docker hub搜索图像,但拉取失败,出现
错误拉取图像配置:未知blob
。在nexus中启用公司代理时会发生这种情况。当http代理被禁用时,我们可以从docker hub进行搜索、拉取。当代理被启用时,我是否需要向http代理添加一些东西以使拉操作生效?这比我自己的项目更深入到nexus中。这可能会得到nexus产品支持部门更好的响应。我们暂时执行相同的操作,从hub下载并将其推送到nexus(NexusDockerHosted,即http端口4444)repo后期标记图像。当我启用nexus组端口(NexusDockerGroup,即http端口5555)时,它能够从docker hub搜索图像,但拉取失败,出现错误拉取图像配置:未知blob
。在nexus中启用公司代理时会发生这种情况。当http代理被禁用时,我们可以从docker hub进行搜索、拉取。当代理被启用时,我是否需要向http代理添加一些东西以使拉操作生效?这比我自己的项目更深入到nexus中。这可能会得到nexus产品支持部门更好的响应。
docker pull centos
docker tag centos local.registry:5000/centos
docker push local.registry:5000/centos
[dockertest@server446 ~]$ docker search server908.int.org.com:6666/mac
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
org.com server908.int.org.com:6666/crate CrateDB is a distributed SQL database hand... 79 [OK]
org.com server908.int.org.com:6666/maccam912/meanjs MEANJS (not MEANIO) starting point for dev... 27 [OK]
org.com server908.int.org.com:6666/macadmins/puppetmaster Simple puppetmaster based on CentOS 6 25 [OK]
org.com server908.int.org.com:6666/macadmins/bsdpy Apple NetBoot replacement written in Pytho... 18 [OK]
org.com server908.int.org.com:6666/macadmins/reposado Host Apple Software Updates from a Docker ... 12 [OK]
org.com server908.int.org.com:6666/mackerel/mackerel-agent 11 [OK]
org.com server908.int.org.com:6666/macadmins/munkiwebadmin This Docker container runs MunkiWebAdmin. ... 8 [OK]
org.com server908.int.org.com:6666/macadmins/postgres Postgres that accepts remote connections b... 8 [OK]
org.com server908.int.org.com:6666/macropin/strider Possibly the best `Dockerfile` for Strider-CD 8 [OK]
org.com server908.int.org.com:6666/mace/openvpn-as OpenVPN Access-Server with WebUI 7 [OK]
org.com server908.int.org.com:6666/frolvlad/alpine-python-machinelearning Small Docker image with Python Machine Lea... 6 [OK]
org.com server908.int.org.com:6666/macadmins/munkireport-php Docker autobuild repository for https://re... 6 [OK]
org.com server908.int.org.com:6666/mace/qbittorrent qBittorrent build from source 6 [OK]
org.com server908.int.org.com:6666/macropin/sshd (deprecated) Use docker.io/panubo/sshd 5 [OK]
org.com server908.int.org.com:6666/macadmins/macnamer 4 [OK]
org.com server908.int.org.com:6666/macadmins/puppetmaster-whdcli Puppetmaster + WHDCLI for autosigning base... 4 [OK]
org.com server908.int.org.com:6666/macadmins/sal An image that runs [Sal](https://github.co... 4 [OK]
org.com server908.int.org.com:6666/macropin/roundcube Docker container for Roundcube webmail 4 [OK]
org.com server908.int.org.com:6666/uetchy/machinelearning Dockerfile for scientists studying Machine... 4 [OK]
org.com server908.int.org.com:6666/clearlinux/machine-learning Machine Learning Container 3 [OK]
org.com server908.int.org.com:6666/hartator/wayback-machine-downloader Download an entire archive from the Waybac... 3 [OK]
org.com server908.int.org.com:6666/macadmins/whd Docker container for SolarWinds WebHelpDesk 3 [OK]
org.com server908.int.org.com:6666/macinv/gunicorn-example A simple Gunicorn example 2 [OK]
org.com server908.int.org.com:6666/macropin/mailman Mailman all in one container 2 [OK]
org.com server908.int.org.com:6666/spacemacs/emacs25 Spacemacs running on Emacs 25. 2 [OK]
[dockertest@server446 ~]$ docker pull server908.int.org.com:6666/macadmins/puppetmaster
Using default tag: latest
Trying to pull repository server908.int.org.com:6666/macadmins/puppetmaster ...
sha256:bf7a53a0ddb6cd0371cfec3fe6131347b5a3712c2cf282400c979ed254a38f67: Pulling from server908.int.org.com:6666/macadmins/puppetmaster
0d399614d56a: Pull complete
75e4c6031170: Pull complete
12a00ed15a39: Pull complete
6fb754ec65e3: Pull complete
9b6cf7664f02: Pull complete
07db30a930a5: Pull complete
ccdd2cf9b303: Pull complete
820dfdfc6db7: Pull complete
78c5dec8ba5d: Pull complete
Digest: sha256:bf7a53a0ddb6cd0371cfec3fe6131347b5a3712c2cf282400c979ed254a38f67
Status: Downloaded newer image for server908.int.org.com:6666/macadmins/puppetmaster:latest