Ssl Docker:TLS握手超时
我已经创建了自己的私有注册表(privateregistry),但无法将图像推送到其中。 然后我得到以下错误:Ssl Docker:TLS握手超时,ssl,docker,handshake,docker-registry,Ssl,Docker,Handshake,Docker Registry,我已经创建了自己的私有注册表(privateregistry),但无法将图像推送到其中。 然后我得到以下错误: The push refers to a repository [private-registry:5000/ubuntu] (len: 1) unable to ping registry endpoint https://private-registry:5000/v0/ v2 ping attempt failed with error: Get https://private-
The push refers to a repository [private-registry:5000/ubuntu] (len: 1)
unable to ping registry endpoint https://private-registry:5000/v0/
v2 ping attempt failed with error: Get https://private-registry:5000/v2/: net/http: TLS handshake timeout
v1 ping attempt failed with error: Get https://private-registry:5000/v1/_ping: net/http: TLS handshake timeout
正在运行的注册表的日志显示以下内容:
time="2015-12-14T07:59:21Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable." go.version=go1.5.2 instance.id=a77e1955-3688-4fe3-a06e-0341787f8d0f version=v2.2.1
time="2015-12-14T07:59:21Z" level=info msg="redis not configured" go.version=go1.5.2 instance.id=a77e1955-3688-4fe3-a06e-0341787f8d0f version=v2.2.1
time="2015-12-14T07:59:21Z" level=info msg="using inmemory blob descriptor cache" go.version=go1.5.2 instance.id=a77e1955-3688-4fe3-a06e-0341787f8d0f version=v2.2.1
time="2015-12-14T07:59:21Z" level=info msg="listening on [::]:5000, tls" go.version=go1.5.2 instance.id=a77e1955-3688-4fe3-a06e-0341787f8d0f version=v2.2.1
time="2015-12-14T07:59:21Z" level=info msg="Starting upload purge in 47m0s" go.version=go1.5.2 instance.id=a77e1955-3688-4fe3-a06e-0341787f8d0f version=v2.2.1
我无法卷曲我的注册表(超时)。
以下是我执行的步骤:
首先,我创建了自签名证书:
mkdir -p certs && openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
-x509 -days 365 -out certs/domain.crt
docker run -d -p 5000:5000 --restart=always --name private-registry \
-v `pwd`/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=certs/domain.key \
registry:2
我已创建注册表,它将使用以下证书:
mkdir -p certs && openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
-x509 -days 365 -out certs/domain.crt
docker run -d -p 5000:5000 --restart=always --name private-registry \
-v `pwd`/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=certs/domain.key \
registry:2
我授予了正确的权限:
chcon -Rt svirt_sandbox_file_t ~certs/
我创建了:/etc/docker/etc.d/private registry:5000/
我在里面复制了我的域.crt
。
我编辑了我的/etc/hosts
,并添加了:
10.0.0.X私有注册表
(我的内部ip和注册表名)
我还重新启动了docker和我的注册表
编辑:
您可能需要将证书放入此目录中
/etc/docker/certs.d/private-registry.com:5000/ca.crt
上面关于Curling的更新可能会超过一个拉取图像由许多容器组成的请求量。几分钟后试着重新运行。