Gitlabdockerregistry拉失败EOF

1.介绍

我有Gitlab设置使用docker图像https://github.com/sameersbn/docker-gitlab（sameersbn / docker-gitlab），并希望设置gitlab私人registry。

1.1问题

所有这一切都在使用nginx反向代理负载均衡器之后。 我能够推入registry，但拉有一些问题，我无法解决。

输出告诉我retrying in 5sec后retrying in 5sec然后随着时间的推移而增加，但是在大约一分钟之后，它输出在某些层Download complete 。 当所有图层输出Download complete 。 拉结果然后像Unexpected EOF 。

基础设施是这样的：

Proxy load balancer -----> gitlab registry | | Another proxy load balancer -----> Gitlab

2.terminal输出

dockerlogin和推送工作正常。 问题在于拉。

2.1 Docker拉

2.1.1预期的结果

 root@server:~# docker pull registry.dalten.com/docker/php5.6-cli/image Using default tag: latest latest: Pulling from docker/php5.6-cli/image 10a267c67f42: Already exists 370377701f89: Pulling fs layer 455c73a122bc: Pulling fs layer 2cdcd82f5338: Pulling fs layer 3ac634f20449: Waiting a19eeb6546ae: Waiting 4ca536f5a464: Waiting 4788559f39db: Waiting cc1917e72a80: Waiting 42feb0ca362a: Pull complete f74f29b91bbc: Pull complete d104213bfd22: Pull complete 6db9d2d35d48: Pull complete 806b8ac2f0b7: Pull complete 661bb76178ac: Pull complete 3727be25d45f: Pull complete 04fed213644a: Pull complete a78f18e044f7: Pull complete 849a2f576c66: Pull complete 259300decf26: Pull complete 0d9f42b121be: Pull complete 2483d273017a: Pull complete 3dfaf57e1d54: Pull complete 92fbf8438206: Pull complete 7d5100ec575c: Pull complete 52b1dff7320d: Pull complete 500fa7f84392: Pull complete aff937c2773b: Pull complete 92f8bc1201f3: Pull complete Digest: sha256:d3d06d2cebd333af21565639503ddded64db47d5641ee9ff93167200b5fcad7a Status: Downloaded newer image for registry.dalten.com/docker/php5.6-cli/image:latest 

2.1.2实际行为

 docker pull registry.dalten.com/docker/php5.6-cli/image Using default tag: latest latest: Pulling from docker/php5.6-cli/image 10a267c67f42: Already exists 370377701f89: Pulling fs layer 455c73a122bc: Pulling fs layer 2cdcd82f5338: Pulling fs layer 3ac634f20449: Waiting a19eeb6546ae: Waiting a19eeb6546ae: Downloading 4.398 MB/4.398 MB 4788559f39db: Downloading 102.6 MB/102.6 MB cc1917e72a80: Download complete 42feb0ca362a: Download complete f74f29b91bbc: Download complete d104213bfd22: Download complete 6db9d2d35d48: Download complete 806b8ac2f0b7: Download complete 661bb76178ac: Download complete 3727be25d45f: Download complete 04fed213644a: Download complete a78f18e044f7: Download complete 849a2f576c66: Download complete 259300decf26: Download complete 0d9f42b121be: Download complete 2483d273017a: Downloading 24.12 MB/24.12 MB 3dfaf57e1d54: Download complete 92fbf8438206: Download complete 7d5100ec575c: Download complete 52b1dff7320d: Download complete 500fa7f84392: Download complete aff937c2773b: Download complete 92f8bc1201f3: Download complete unexpected EOF 

2.3 Dockerlogin

 sudo docker login registry.dalten.com Username (xxxxxx): Password: Login Succeeded 

2.4 Docker推送

 sudo docker push registry.dalten.com/docker/php5.6-cli/image The push refers to a repository [registry.dalten.com/docker/php5.6-cli/image] d8b353eb3025: Pushed f2e85bc0b7b1: Pushed fc9e1e5e38f7: Pushed fe9a3f9c4559: Pushed 6a8bf8c8edbd: Pushed latest: digest: sha256:ea1d854d38be82f54d39efe2c67000bed1b03348bcc2f3dc094f260855dff368 size: 1357 

3.configuration

configuration包含docker-compose.yml文件，我用它来运行服务。 Gitlab运行良好。 每一个configuration的作品 唯一的问题是与registry。

另一件事是registry工作在不安全的状态。 这个问题必须隐藏在负载平衡器（nginx）configuration的某个地方。 （一些头还没有被发送，超出限制等等）

3.1 Gitlab Docker-compose

注：我剪下了无关的信息

 version: '2' services: registry: image: registry:latest environment: REGISTRY_AUTH_TOKEN_ISSUER: gitlab-issuer REGISTRY_AUTH_TOKEN_REALM: https://git.dalten.cz/jwt/auth REGISTRY_AUTH_TOKEN_SERVICE: container_registry REGISTRY_LOG_LEVEL: debug REGISTRY_STORAGE_DELETE_ENABLED: 'true' REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE: /certs/fullchain.pem REGISTRY_HTTP_SECRET: secret volumes: - /mnt/storage/srv/gitlab1/data/shared/registry:/registry - /mnt/storage/srv/gitlab1/certs:/certs ports: - 5000:5000/tcp gitlab: image: sameersbn/gitlab:latest hostname: git.dalten.cz environment: GITLAB_REGISTRY_ENABLED: 'true' GITLAB_REGISTRY_HOST: registry.dalten.com GITLAB_REGISTRY_API_URL: http://registry:5000 GITLAB_REGISTRY_ISSUER: gitlab-issuer GITLAB_REGISTRY_CERT_PATH: /certs/fullchain.pem GITLAB_REGISTRY_KEY_PATH: /certs/privkey.pem volumes: - /mnt/storage/srv/gitlab1/certs:/certs - /mnt/storage/srv/gitlab1/data:/home/git/data/ ports: - 8643:80/tcp - 1022:22/tcp 

3.2 Nginx的registrydocker-compose

 version: '2' services: nginx: image: sameersbn/nginx:1.10.3 volumes: - /srv/nginx/sites-enabled:/etc/nginx/sites-enabled - /mnt/storage/lb/letsencrypt:/etc/nginx/ssl ports: - 80:80/tcp - 443:443/tcp 

3.2.1 Nginx虚拟主机文件

我使用Nginx进行反向代理configuration（Load Balancer）。 存储了httpsstream量的所有证书。

  # For versions of Nginx > 1.3.9 that include chunked transfer encoding # support Replace with appropriate values where necessary upstream docker-registry { server 10.126.0.242:5000; } server { listen 80; server_name registry.dalten.com return 301 https://$http_host:$request_uri; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; } server { listen 443 default_server; server_name registry.dalten.com add_header Docker-Distribution-Api-Version registry/2.0 always; ssl on; ssl_certificate /etc/nginx/ssl/live/registry.dalten.com/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/live/registry.dalten.com/privkey.pem; ssl_session_timeout 5m; client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads # required to avoid HTTP 411: see Issue #1486 # (https://github.com/dotcloud/docker/issues/1486) chunked_transfer_encoding on; proxy_set_header X-Original-URI $request_uri; proxy_set_header Docker-Distribution-Api-Version registry/2.0; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; location / { # let Nginx know about our auth file proxy_pass http://docker-registry; proxy_set_header Host $host; # required for docker client's sake proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /_ping { proxy_pass http://docker-registry; } location /v1/_ping { proxy_pass http://docker-registry; } location /v2/ { # To add basic authentication to v2 use auth_basic setting plus # add_header add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always; proxy_pass http://docker-registry; proxy_set_header Host $http_host; # required for docker client's sake proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 900; } } 

3.日志

如果你需要更多的日志，随时问！

3.1 docker拉

谢谢你的帮助！

• 将本地目录挂载到不作为VOLUME公开的Docker容器path中
• 错误：未find存储库超文本/结构工具：不存在或不存取

• 如何代理泊坞窗容器端口+ http到一个子url？
• 使docker使用具有两个以太网端口的主机中的特定networking接口（通过名称或IP）
• 使用nginx-proxy容器（如前端服务器）访问同一主机上的多个容器时出现错误503
• 在Artifactory的docker repos的Nginxconfiguration
• 如果我在Docker容器中运行Node.js，是否需要反向代理？
• docker自定义networking连接之间拒绝
• Pentaho + apache反向代理+代理SSL集成
• nginx反向代理泊坞窗 – 按位置过滤
• Nginx的docker容器将不会代理Web应用程序容器