无法访问dockerregistry
我停止了我的Linux Lubuntu 16.04上的docker服务,并以debugging模式重新启动它:
sudo service docker stop Edited the /etc/init.d/docker file to have DOCKER_OPTS="--debug" sudo service docker start 我使用以下命令启动了我的registry:
stephane@ubuntu-512mb-fra1-01:~/dev/certificates$ ll total 20K -rw-rw-r-- 1 stephane 962 Oct 22 20:34 certificates.txt drwxr-xr-x 3 root 4.0K Oct 22 20:46 home/ -rw-rw-r-- 1 stephane 316 Oct 22 20:57 registry-start.sh -rw-r--r-- 1 root 1.8K Oct 22 20:44 thalasoft.com.crt -rw-r--r-- 1 root 1.7K Oct 22 20:44 thalasoft.com.key stephane@ubuntu-512mb-fra1-01:~/dev/certificates$ sudo docker run -d \ > --restart=always \ > --name registry \ > -v `pwd`:/certs \ > -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \ > -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/thalasoft.com.crt \ > -e REGISTRY_HTTP_TLS_KEY=/certs/thalasoft.com.key \ > -p 443:443 \ > registry:2 e9ac1a734212779dec14674957efd8daaa034fcd7972c9c0ae9ad6fd8ef89efb
然后,我尝试将图像插入,但由于连接被拒绝而失败:
stephane@ubuntu-512mb-fra1-01:~/dev/certificates$ sudo docker push localhost:5000/alpine The push refers to a repository [localhost:5000/alpine] Get http://localhost:5000/v2/: dial tcp 127.0.0.1:5000: getsockopt: connection refused
docker员deamon日志有这样的说:
Oct 23 20:23:39 ubuntu-512mb-fra1-01 systemd[1]: Started Docker Application Container Engine. Oct 23 20:23:39 ubuntu-512mb-fra1-01 dockerd[23449]: time="2017-10-23T20:23:39.253867742Z" level=info msg="API listen on /var/run/docker.soc Oct 23 20:23:44 ubuntu-512mb-fra1-01 dockerd[23449]: time="2017-10-23T20:23:44.918635986Z" level=info msg="Attempting next endpoint for push Oct 23 20:23:44 ubuntu-512mb-fra1-01 dockerd[23449]: time="2017-10-23T20:23:44.919271470Z" level=info msg="Attempting next endpoint for push
registry容器日志说:
time="2017-10-23T20:23:39Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable." go.version=go1.7.6 instance.id=af32ad34-7fb5-419a-ad0c-66ef04471caa version=v2.6.2 time="2017-10-23T20:23:39Z" level=info msg="redis not configured" go.version=go1.7.6 instance.id=af32ad34-7fb5-419a-ad0c-66ef04471caa version=v2.6.2 time="2017-10-23T20:23:39Z" level=info msg="Starting upload purge in 35m0s" go.version=go1.7.6 instance.id=af32ad34-7fb5-419a-ad0c-66ef04471caa version=v2.6.2 time="2017-10-23T20:23:39Z" level=info msg="using inmemory blob descriptor cache" go.version=go1.7.6 instance.id=af32ad34-7fb5-419a-ad0c-66ef04471caa version=v2.6.2 time="2017-10-23T20:23:39Z" level=info msg="listening on [::]:443, tls" go.version=go1.7.6 instance.id=af32ad34-7fb5-419a-ad0c-66ef04471caa version=v2.6.2
我的docker版本是:
Client: Version: 17.09.0-ce API version: 1.32 Go version: go1.8.3 Git commit: afdb6d4 Built: Tue Sep 26 22:42:18 2017 OS/Arch: linux/amd64 Server: Version: 17.09.0-ce API version: 1.32 (minimum version 1.12) Go version: go1.8.3 Git commit: afdb6d4 Built: Tue Sep 26 22:40:56 2017 OS/Arch: linux/amd64 Experimental: false
docker信息说:
Containers: 1 Running: 1 Paused: 0 Stopped: 0 Images: 2 Server Version: 17.09.0-ce Storage Driver: aufs Root Dir: /var/lib/docker/aufs Backing Filesystem: extfs Dirs: 8 Dirperm1 Supported: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 06b9cb35161009dcb7123345749fef02f7cea8e0 runc version: 3f2f8b84a77f73d38244dd690525642a72156c64 init version: 949e6fa Security Options: apparmor seccomp Profile: default Kernel Version: 4.4.0-93-generic Operating System: Ubuntu 16.04.3 LTS OSType: linux Architecture: x86_64 CPUs: 1 Total Memory: 488.3MiB Name: ubuntu-512mb-fra1-01 ID: FTOG:OZBQ:SDIQ:VDF6:Z4UW:7LCA:BOY2:E532:V44N:KECN:TQDR:TUIJ Docker Root Dir: /var/lib/docker Debug Mode (client): false Debug Mode (server): false Registry: https://index.docker.io/v1/ Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false WARNING: No swap limit support
registry版本是:
registry github.com/docker/distribution v2.6.2
我已经用letsencrypt.org创build了证书和密钥
您使用-p 443:443运行registry容器,然后尝试在localhost:5000上访问它。 您应该使用端口443和您拥有证书的完整域名(假设DNS指向此服务器)。 如果不使用完整的域名,首先设置SSL是没有意义的。