Fatal编程技术网
  • ssl/
  • Ssl Docker Registry 2.0,带有Amazon S3和TLS设置

Ssl Docker Registry 2.0,带有Amazon S3和TLS设置

ssl amazon-s3 docker

Ssl Docker Registry 2.0,带有Amazon S3和TLS设置,ssl,amazon-s3,docker,repository,docker-registry,Ssl,Amazon S3,Docker,Repository,Docker Registry,我正在尝试在amazon云中为我们的公司建立内部docker注册表,它将所有内容存储在S3中,并与TLS一起工作 以下是我所做的步骤: 1) 在Amazon中创建了新的机器人帐户 2) 创建新策略并将其分配给该bot: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:ListAllMyBuckets", "Resource": "arn

我正在尝试在amazon云中为我们的公司建立内部docker注册表,它将所有内容存储在S3中,并与TLS一起工作

以下是我所做的步骤:
1) 在Amazon中创建了新的机器人帐户
2) 创建新策略并将其分配给该bot:

{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Action": "s3:ListAllMyBuckets",
        "Resource": "arn:aws:s3:::*"
    },
    {
        "Effect": "Allow",
        "Action": "s3:*",
        "Resource": [
            "arn:aws:s3:::docker-repo-storage",
            "arn:aws:s3:::docker-repo-storage/*"
        ]
    }
]
}
3) 根据策略“docker回购存储”
4) 已安装的docker:

curl -sSL https://get.docker.com/ | sh
5) 下载“/etc/docker/certs/”我们的公司wildchar证书和密钥
6) 在“/etc/docker/config/config.yml中创建了配置文件

转到S3存储桶-它的空映像没有上传到S3存储,而是本地存储在EC2实例VM上

我用docket设置了另一个节点,并尝试从该回购中提取“mytestimg”:

docker pull <my_domain>:5000/mytestimg
Using default tag: latest
Error response from daemon: unable to ping registry endpoint https://<my_domain>:5000/v0/
v2 ping attempt failed with error: Get https://<my_domain>:5000/v2/: tls: oversized record received with length 20527
v1 ping attempt failed with error: Get https://<my_domain>:5000/v1/_ping: tls: oversized record received with length 20527

docker拉力:5000/mg
使用默认标记:最新
来自守护程序的错误响应:无法ping注册表终结点https://:5000/v0/
v2 ping尝试失败,错误为:获取https://:5000/v2/:tls:接收到长度为20527的超大记录
v1 ping尝试失败,错误为:获取https://:5000/v1/_ping:tls:接收到长度为20527的超大记录
正如你所看到的,它无法发出ping。 我从配置中删除了TLS,最密集的帮助,我添加了配置并从命令行运行所有参数:

docker run -d -p 5000:5000 --restart=always --name <custom_name> -e SETTINGS_FLAVOR=s3 -e AWS_BUCKET=docker-repo-storage -e STORAGE_PATH=/registry -e AWS_KEY=<hidden> -e AWS_SECRET=<hidden> -e AWS_REGION=eu-central-1 -e STORAGE_REDIRECT=true -e SEARCH_BACKEND=sqlalchemy -v `pwd`/certs:/etc/docker/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/docker/certs/wcard.<hidden>.crt -e REGISTRY_HTTP_TLS_KEY=/etc/docker/certs/wcard.<hidden>.key registry:2

docker run-d-p 5000:5000--restart=always--name-e SETTINGS\u FLAVOR=s3-e AWS\u BUCKET=docker repo storage-e storage\u PATH=/registry-e AWS\u KEY=-e AWS\u SECRET=-e AWS\u REGION=eu-central-1-e storage\u REDIRECT=true-e SEARCH\u BACKEND=sqlalchemy-v`pwd`/certs:/etc/docker/certs/certs-e registry\u HTTP\u TLS\u CERTIFICATE=/etc/doctor=/etc/docker/CERTIFICATE注册表\u HTTP\u TLS\u KEY=/etc/docker/certs/wcard..注册表项:2
它不起作用,也不像这样:

docker run -d -p 5000:5000 --restart=always --name <custom_name> -e SETTINGS_FLAVOR=s3 -e AWS_BUCKET=docker-repo-storage -e STORAGE_PATH=/registry -e AWS_KEY=<hidden> -e AWS_SECRET=<hidden> -e AWS_REGION=eu-central-1 -e STORAGE_REDIRECT=true -e SEARCH_BACKEND=sqlalchemy registry:2

docker run-d-p 5000:5000--restart=always--name-e SETTINGS\u FLAVOR=s3-e AWS\u BUCKET=docker repo storage-e storage\u PATH=/registry-e AWS\u KEY=-e AWS\u SECRET=-e AWS\u REGION=eu-central-1-e storage\u REDIRECT=true-e SEARCH\u BACKEND=sqlalchemy registry:2
我做错了什么?为什么忽略S3而不上传到那里?为什么我无法从另一台机器连接,ping v0、v1、v2失败

请帮助

我在创建自己的私有存储库时遇到了同样的问题

当我在DOCKER主机和连接节点中导出DOCKER_OPTS环境变量时,问题得到了解决

范例 DOCKER_OPTS=--不安全注册表=xx.xxx.xxx.xxx:5000

docker pull <my_domain>:5000/mytestimg
Using default tag: latest
Error response from daemon: unable to ping registry endpoint https://<my_domain>:5000/v0/
v2 ping attempt failed with error: Get https://<my_domain>:5000/v2/: tls: oversized record received with length 20527
v1 ping attempt failed with error: Get https://<my_domain>:5000/v1/_ping: tls: oversized record received with length 20527

docker run -d -p 5000:5000 --restart=always --name <custom_name> -e SETTINGS_FLAVOR=s3 -e AWS_BUCKET=docker-repo-storage -e STORAGE_PATH=/registry -e AWS_KEY=<hidden> -e AWS_SECRET=<hidden> -e AWS_REGION=eu-central-1 -e STORAGE_REDIRECT=true -e SEARCH_BACKEND=sqlalchemy -v `pwd`/certs:/etc/docker/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/docker/certs/wcard.<hidden>.crt -e REGISTRY_HTTP_TLS_KEY=/etc/docker/certs/wcard.<hidden>.key registry:2

docker run -d -p 5000:5000 --restart=always --name <custom_name> -e SETTINGS_FLAVOR=s3 -e AWS_BUCKET=docker-repo-storage -e STORAGE_PATH=/registry -e AWS_KEY=<hidden> -e AWS_SECRET=<hidden> -e AWS_REGION=eu-central-1 -e STORAGE_REDIRECT=true -e SEARCH_BACKEND=sqlalchemy registry:2