私人Docker注册表不能与Shell& Web管理界面?
要在路径 c:\dkrreg 上设置私人码头服务器注册表服务器使用 Docker for Windows 安装的 Windows 10(x64)系统上的em> localhost 已成功 尝试以下命令: p>
To setup a private docker registry server at path c:\dkrreg on localhost on Windows 10 (x64) system, installed with Docker for Windows, have successfully tried following commands:
docker run --detach --publish 1005:5000 --name docker-registry --volume /c/dkrreg:/var/lib/registry registry:2
docker pull hello-world:latest
docker tag hello-world:latest localhost:1005/hello-world:latest
docker push localhost:1005/hello-world:latest
docker pull localhost:1005/hello-world:latest
推拉 localhost:1005 / hello-world:最新的
通过命令行也成功。
Push and Pull from localhost:1005/hello-world:latest
via command line succeeds too.
如果我使用我的IP地址通过 docker pull 192.168.43.239:1005/hello-world:latest
它在命令shell中给出以下错误:
If i use my IP address via docker pull 192.168.43.239:1005/hello-world:latest
it gives following error in command shell:
Error response from daemon: Get https://192.168.43.239:1005/v1/_ping: http: server gave HTTP response to HTTPS client
当使用第三方Docker UI Manager通过 docker run --detach portainer:最新的
它也显示连接错误:
When using 3rd party Docker UI Manager via docker run --detach portainer:latest
it also shows error to connect as:
2017/04/19 14:30:24 http: proxy error: dial tcp [::1]:1005: getsockopt: connection refused
还尝试了其他东西。如何使用Docker管理UI工具从LAN连接我的私人注册表服务器( localhost:1005
?
Tried other stuff also. How can I connect my private registry server that is localhost:1005
from LAN using any Docker Management UI tool ?
最后找到解决这个棘手的解决方案
At last find solution to this which was tricky
-
生成的CA私钥和证书作为
ca-cert-mycompany.pem
和ca-cert-key-companyname.pem
。并在这些位置配置 docker-compose.yml 将这两个文件另存为 :ro :/ usr / local / share / ca-certificates
,/ etc / ssl / certs /
,/etc/docker/certs.d/mysite .COM
。但是我也只尝试将证书复制到/ usr / local / share / ca-certificates
就足够了,因为docker会忽略重复的CA证书。这个额外的复制是因为在许多被放置的docker的同事推荐相同。我没有执行命令:update-ca-certificates
这次在注册表容器中,但是做的更早,因为许多建议。
Generated CA private key and certificate as
ca-cert-mycompany.pem
andca-cert-key-companyname.pem
. And configured docker-compose.yml to save both files as :ro in these locations:/usr/local/share/ca-certificates
,/etc/ssl/certs/
,/etc/docker/certs.d/mysite.com
. But I also tried only copying certificate to/usr/local/share/ca-certificates
was enough as docker will ignore duplicate CA certificates. This extra copying is because at many placed docker fellow recommended the same. I did not executed command:update-ca-certificates
this time in registry container but was doing earlier as against what is suggested by many.
在 docker-compose.yml 中定义:随机数为 REGISTRY_HTTP_SECRET
,服务器的链接证书(附加到其末尾的CA证书)到 REGISTRY_HTTP_TLS_CERTIFICATE
amd服务器的公钥为 REGISTRY_HTTP_TLS_KEY
。已禁用HTTP身份验证。特别是在容器文件夹中使用其他证书的文件名命名为 mysite.com_server-chained-certificate.crt
,而不是仅仅 certificate.crt
。
Defined in docker-compose.yml: random number as REGISTRY_HTTP_SECRET
, and server's chained certificate (CA certificate appended to end of it) to REGISTRY_HTTP_TLS_CERTIFICATE
amd server's public key to REGISTRY_HTTP_TLS_KEY
. Had disabled HTTP authentication. Especially used some naming for file names as found with other certificates in container folder as mysite.com_server-chained-certificate.crt
instead of just certificate.crt
.
V-Imp: 将证书推送到受信任的根目录Windows使用命令 certutil.exe -addstore root .\Keys\ca-certificate.crt
,然后重新启动 Docker for Windows ,然后使用 docker-compos up -d
创建容器。这是最重要的一步,没有任何效果。
V-Imp: pushed certificate to trusted root in windows using command certutil.exe -addstore root .\Keys\ca-certificate.crt
followed with restarting Docker for Windows from taskbar icon and then creating container using docker-compose up -d
. This is most important step without this nothing worked.
现在可以执行 docker pull mysite。 com:1005 / my-repo:my-tag
。