无法访问 docker 注册表
Cannot access the docker registry
我在 Linux Lubuntu 16.04 上停止了 docker 服务并在调试模式下重新启动它:
sudo service docker stop
Edited the /etc/init.d/docker file to have DOCKER_OPTS="--debug"
sudo service docker start
我使用以下命令启动了注册表:
stephane@ubuntu-512mb-fra1-01:~/dev/certificates$ ll
total 20K
-rw-rw-r-- 1 stephane 962 Oct 22 20:34 certificates.txt
drwxr-xr-x 3 root 4.0K Oct 22 20:46 home/
-rw-rw-r-- 1 stephane 316 Oct 22 20:57 registry-start.sh
-rw-r--r-- 1 root 1.8K Oct 22 20:44 thalasoft.com.crt
-rw-r--r-- 1 root 1.7K Oct 22 20:44 thalasoft.com.key
stephane@ubuntu-512mb-fra1-01:~/dev/certificates$ sudo docker run -d \
> --restart=always \
> --name registry \
> -v `pwd`:/certs \
> -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
> -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/thalasoft.com.crt \
> -e REGISTRY_HTTP_TLS_KEY=/certs/thalasoft.com.key \
> -p 443:443 \
> registry:2
e9ac1a734212779dec14674957efd8daaa034fcd7972c9c0ae9ad6fd8ef89efb
然后我尝试将图像推送到其中,但由于连接被拒绝而失败:
stephane@ubuntu-512mb-fra1-01:~/dev/certificates$ sudo docker push localhost:5000/alpine
The push refers to a repository [localhost:5000/alpine]
Get http://localhost:5000/v2/: dial tcp 127.0.0.1:5000: getsockopt: connection refused
docker 守护程序日志是这样说的:
Oct 23 20:23:39 ubuntu-512mb-fra1-01 systemd[1]: Started Docker Application Container Engine.
Oct 23 20:23:39 ubuntu-512mb-fra1-01 dockerd[23449]: time="2017-10-23T20:23:39.253867742Z" level=info msg="API listen on /var/run/docker.soc
Oct 23 20:23:44 ubuntu-512mb-fra1-01 dockerd[23449]: time="2017-10-23T20:23:44.918635986Z" level=info msg="Attempting next endpoint for push
Oct 23 20:23:44 ubuntu-512mb-fra1-01 dockerd[23449]: time="2017-10-23T20:23:44.919271470Z" level=info msg="Attempting next endpoint for push
注册表容器日志显示:
time="2017-10-23T20:23:39Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable." go.version=go1.7.6 instance.id=af32ad34-7fb5-419a-ad0c-66ef04471caa version=v2.6.2
time="2017-10-23T20:23:39Z" level=info msg="redis not configured" go.version=go1.7.6 instance.id=af32ad34-7fb5-419a-ad0c-66ef04471caa version=v2.6.2
time="2017-10-23T20:23:39Z" level=info msg="Starting upload purge in 35m0s" go.version=go1.7.6 instance.id=af32ad34-7fb5-419a-ad0c-66ef04471caa version=v2.6.2
time="2017-10-23T20:23:39Z" level=info msg="using inmemory blob descriptor cache" go.version=go1.7.6 instance.id=af32ad34-7fb5-419a-ad0c-66ef04471caa version=v2.6.2
time="2017-10-23T20:23:39Z" level=info msg="listening on [::]:443, tls" go.version=go1.7.6 instance.id=af32ad34-7fb5-419a-ad0c-66ef04471caa version=v2.6.2
我的 docker 版本是:
Client:
Version: 17.09.0-ce
API version: 1.32
Go version: go1.8.3
Git commit: afdb6d4
Built: Tue Sep 26 22:42:18 2017
OS/Arch: linux/amd64
Server:
Version: 17.09.0-ce
API version: 1.32 (minimum version 1.12)
Go version: go1.8.3
Git commit: afdb6d4
Built: Tue Sep 26 22:40:56 2017
OS/Arch: linux/amd64
Experimental: false
docker 信息说:
Containers: 1
Running: 1
Paused: 0
Stopped: 0
Images: 2
Server Version: 17.09.0-ce
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 8
Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 06b9cb35161009dcb7123345749fef02f7cea8e0
runc version: 3f2f8b84a77f73d38244dd690525642a72156c64
init version: 949e6fa
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.4.0-93-generic
Operating System: Ubuntu 16.04.3 LTS
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 488.3MiB
Name: ubuntu-512mb-fra1-01
ID: FTOG:OZBQ:SDIQ:VDF6:Z4UW:7LCA:BOY2:E532:V44N:KECN:TQDR:TUIJ
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
注册表版本为:
registry github.com/docker/distribution v2.6.2
我用 letsencrypt.org
创建了证书和密钥
您使用 -p 443:443 运行 注册表容器,然后尝试在 localhost:5000 上访问它。您应该使用端口 443 和您拥有证书的完整域名(假设 DNS 指向此服务器)。如果不使用完整域名,首先设置 SSL 是没有意义的。
我在 Linux Lubuntu 16.04 上停止了 docker 服务并在调试模式下重新启动它:
sudo service docker stop
Edited the /etc/init.d/docker file to have DOCKER_OPTS="--debug"
sudo service docker start
我使用以下命令启动了注册表:
stephane@ubuntu-512mb-fra1-01:~/dev/certificates$ ll
total 20K
-rw-rw-r-- 1 stephane 962 Oct 22 20:34 certificates.txt
drwxr-xr-x 3 root 4.0K Oct 22 20:46 home/
-rw-rw-r-- 1 stephane 316 Oct 22 20:57 registry-start.sh
-rw-r--r-- 1 root 1.8K Oct 22 20:44 thalasoft.com.crt
-rw-r--r-- 1 root 1.7K Oct 22 20:44 thalasoft.com.key
stephane@ubuntu-512mb-fra1-01:~/dev/certificates$ sudo docker run -d \
> --restart=always \
> --name registry \
> -v `pwd`:/certs \
> -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
> -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/thalasoft.com.crt \
> -e REGISTRY_HTTP_TLS_KEY=/certs/thalasoft.com.key \
> -p 443:443 \
> registry:2
e9ac1a734212779dec14674957efd8daaa034fcd7972c9c0ae9ad6fd8ef89efb
然后我尝试将图像推送到其中,但由于连接被拒绝而失败:
stephane@ubuntu-512mb-fra1-01:~/dev/certificates$ sudo docker push localhost:5000/alpine
The push refers to a repository [localhost:5000/alpine]
Get http://localhost:5000/v2/: dial tcp 127.0.0.1:5000: getsockopt: connection refused
docker 守护程序日志是这样说的:
Oct 23 20:23:39 ubuntu-512mb-fra1-01 systemd[1]: Started Docker Application Container Engine.
Oct 23 20:23:39 ubuntu-512mb-fra1-01 dockerd[23449]: time="2017-10-23T20:23:39.253867742Z" level=info msg="API listen on /var/run/docker.soc
Oct 23 20:23:44 ubuntu-512mb-fra1-01 dockerd[23449]: time="2017-10-23T20:23:44.918635986Z" level=info msg="Attempting next endpoint for push
Oct 23 20:23:44 ubuntu-512mb-fra1-01 dockerd[23449]: time="2017-10-23T20:23:44.919271470Z" level=info msg="Attempting next endpoint for push
注册表容器日志显示:
time="2017-10-23T20:23:39Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable." go.version=go1.7.6 instance.id=af32ad34-7fb5-419a-ad0c-66ef04471caa version=v2.6.2
time="2017-10-23T20:23:39Z" level=info msg="redis not configured" go.version=go1.7.6 instance.id=af32ad34-7fb5-419a-ad0c-66ef04471caa version=v2.6.2
time="2017-10-23T20:23:39Z" level=info msg="Starting upload purge in 35m0s" go.version=go1.7.6 instance.id=af32ad34-7fb5-419a-ad0c-66ef04471caa version=v2.6.2
time="2017-10-23T20:23:39Z" level=info msg="using inmemory blob descriptor cache" go.version=go1.7.6 instance.id=af32ad34-7fb5-419a-ad0c-66ef04471caa version=v2.6.2
time="2017-10-23T20:23:39Z" level=info msg="listening on [::]:443, tls" go.version=go1.7.6 instance.id=af32ad34-7fb5-419a-ad0c-66ef04471caa version=v2.6.2
我的 docker 版本是:
Client:
Version: 17.09.0-ce
API version: 1.32
Go version: go1.8.3
Git commit: afdb6d4
Built: Tue Sep 26 22:42:18 2017
OS/Arch: linux/amd64
Server:
Version: 17.09.0-ce
API version: 1.32 (minimum version 1.12)
Go version: go1.8.3
Git commit: afdb6d4
Built: Tue Sep 26 22:40:56 2017
OS/Arch: linux/amd64
Experimental: false
docker 信息说:
Containers: 1
Running: 1
Paused: 0
Stopped: 0
Images: 2
Server Version: 17.09.0-ce
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 8
Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 06b9cb35161009dcb7123345749fef02f7cea8e0
runc version: 3f2f8b84a77f73d38244dd690525642a72156c64
init version: 949e6fa
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.4.0-93-generic
Operating System: Ubuntu 16.04.3 LTS
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 488.3MiB
Name: ubuntu-512mb-fra1-01
ID: FTOG:OZBQ:SDIQ:VDF6:Z4UW:7LCA:BOY2:E532:V44N:KECN:TQDR:TUIJ
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
注册表版本为:
registry github.com/docker/distribution v2.6.2
我用 letsencrypt.org
创建了证书和密钥您使用 -p 443:443 运行 注册表容器,然后尝试在 localhost:5000 上访问它。您应该使用端口 443 和您拥有证书的完整域名(假设 DNS 指向此服务器)。如果不使用完整域名,首先设置 SSL 是没有意义的。