nginx – 如何通过反向代理将docker图像推送到artifactory

我有一个问题是将我的docker镜像推向神器[Artifactory Pro Power Pack 3.5.2.1(rev.30160)](用作docker注册表).

我有泊坞版:

$sudo docker version
Client version: 1.5.0  
Client API version: 1.17  
Go version (client): go1.3.3  
Git commit (client): a8a31ef/1.5.0  
OS/Arch (client): linux/amd64  
Server version: 1.5.0  
Server API version: 1.17  
Go version (server): go1.3.3  
Git commit (server): a8a31ef/1.5.0  

我按照这个链接http://www.jfrog.com/confluence/display/RTF/Docker+Repositories和这一个artifactory as docker registry
我在一个名为docker-local的工件中创建了一个docker注册表,并为它启用了docker支持.
我的神器没有选项,我可以说this document中的docker v1或v2,所以我假设它使用docker v1.

Artifactory为我生成了这些:

<distributionManagement>
    <repository>
        <id>sdpvvrwm812</id>
        <name>sdpvvrwm812-releases</name>
        <url>http://sdpvvrwm812.ib.tor.company.com:8081/artifactory/docker-local</url>
    </repository>
    <snapshotRepository>
        <id>sdpvvrwm812</id>
        <name>sdpvvrwm812-snapshots</name>
        <url>http://sdpvvrwm812.ib.tor.company.com:8081/artifactory/docker-local</url>
    </snapshotRepository>
</distributionManagement>

虽然有些东西不适合这些设置.

我安装了反向代理nginx并将这些设置复制到其/etc/nginx/nginx.conf中:

http {

06002

我生成了我的ssl密钥,如http://www.akadia.com/services/ssh_test_certificate.html所示,并放在2个目录中

/etc/ssl/certs/sdpvvrwm812.ib.tor.company.com.crt;
/etc/ssl/private/sdpvvrwm812.ib.tor.company.com.key;

我不知道如何ping新的docker注册表,但这样做

 sudo docker login -u adrianus -p AT65UTJpXEFBHaXrzrdUdCS -e adrian@company.com http://sdpvvrwm812.ib.tor.company.com

给出了这个错误:

FATA[0000] Error response from daemon: v1 ping attempt failed with
error: Get 07004: dial tcp
172.25.10.44:443: connection refused. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add
--insecure-registry sdpvvrwm812.ib.tor.company.com to the daemon’s
arguments. In the case of HTTPS, if you have access to the registry’s
CA certificate, no need for the flag; simply place the CA certificate
at /etc/docker/certs.d/sdpvvrwm812.ib.tor.company.com/ca.crt

但是证书/etc/docker/certs.d/sdpvvrwm812.ib.tor.company.com/ca.crt存在,所以发生了什么?

sudo curl -k -uadrianus:AP2pKojAeMSpXEFBHaXrzrdUdCS "https://sdpvvrwm812.ib.tor.company.com"

给出了这个错误:

curl: (35) SSL connect error

我确实启动了docker client:

sudo docker -d --insecure-registry https://sdpvvrwm812.ib.tor.company.com

可能是因为我的docker注册表是http://sdpvvrwm812.ib.tor.company.com:8081/artifactory/docker-local和docker和nginx正在寻找http://sdpvvrwm812.ib.tor.company.com :8081 / artifactory的/泊坞窗本地/ V1?

任何线索如何让docker将图像推送到神器?

最佳答案
< distributionManagement />部分是为了maven.有点facepalm,Artifactory 3显示了Docker repos的maven片段(在Artifactory 4中修复,欢迎你升级),所以请忽略它.

通常使用Docker,您不能使用/ artifactory / repoName.这是Docker限制,您的注册表必须是hostname:port,没有任何其他路径.

这正是您必须配置反向代理的原因.您在nginx配置中所做的是将所有请求转发到sdpvvrwm812.ib.tor.company.com:443/v1到http://sdpvvrwm812.ib.tor.company.com:8081/artifactory/api/docker/ docker-local / v1,这是正确的事情.

请注意,证书的位置应为/etc/docker/certs.d/sdpvvrwm812.ib.tor.company.com/,而不是/ etc / ssl / certs /.

转载注明原文:nginx – 如何通过反向代理将docker图像推送到artifactory - 代码日志