Nexus UI配置
我在Linux VM上运行Nexus Repository Manager OSS 3.0.1-01,在该VM上,我让nginx致力于将代理http请求保留为https。我的SSL密钥由受信任的CA签名,我创建了一个maven存储库,只要有客户端计算机发布,它就可以正常工作。
同样在此客户端计算机上,当我使用docker客户端并进行docker登录时。我收到各种错误。
我正在遵循以下说明https://books.sonatype.com/nexus- book/3.0/reference/docker.html#_accessing_repositories 特别是9.2节,老实说,我已经花了最后两天了。
我已经阅读了这里提到的所有内容: 无法连接到存储在Azure VM上Nexus 3 Preview上的Docker注册表,但是用户进行的设置使我感到困惑。
对于设置,我们试图通过添加--insecure-registry到/etc/default/docker文件来实现不安全的设置,这根本不是一种选择。
--insecure-registry
/etc/default/docker
我试图遵循多个教程,只是为了了解docker注册表的内部工作原理,但是我无法将其组合在一起。我已经在一定程度上关注了此问题:https : //www.digitalocean.com/community/tutorials/how-to-set-up-a-private-docker- registry-on- ubuntu-14-04
我在stackoverflow中使用了其他响应来帮助我解决 nginx代理后面的docker private Registry(v2)格式错误的HTTP响应
但是说实话,我不能说我已经找到了可以理解这一点的任何东西。NGINX没有报告任何错误登录/var/log/nginx/errors.log,每次我尝试进行docker登录时,访问日志都看起来像基本的“ GETS”。码头工人登录后/var/log/upstart/docker.log报告的错误与我在下面说明的404错误相同。还在github上关注了这个问题,看看对githubcom / docker / docker / issues / 8410是否有帮助。任何帮助我能够成功执行docker登录到此私人nexus3存储库的帮助都将是惊人的。
/var/log/nginx/errors.log
/var/log/upstart/docker.log
现在,也许我对正在阅读的所有内容都感到有些困惑,以使我的docker客户端能够成功地与该仓库回购一起工作,但这是否要求我设置一个docker(group)回购,这就是问题的根源吗?还是让我拥有一个docker(托管)回购协议就可以了。因为到目前为止,我只有一个docker(托管)仓库。Nexus文档给我的印象是,还需要小组回购才能使工作正常进行。
最后但并非最不重要的一点是,我希望我的问题足够具体,也希望大家看到我在这里做了一些努力。我确实尝试过!
登录时,我正在使用本地admin用户以及默认的admin密码。首先让我介绍一下这些问题:
如果我尝试不使用端口,则会得到以下结果-
root:~# docker login box.company.net Error response from daemon: Login: <!DOCTYPE html> <html> <head> <title>404 - Nexus Repository Manager</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
使用4444的HTTP端口,我得到以下信息
root:~# docker login box.company.net:4444 Error response from daemon: Get https://box.company.net:4444/v1/users/: `http: server gave HTTP response to HTTPS client`
如果我在Nexus UI中将HTTPS添加到4445,则运行
root:~# docker login box.company.net:4445 Error response from daemon: Get https://box.company.net:4445/v1/users/: dial tcp x.x.x.x:4445: getsockopt: connection refused
这是我的环境信息:
#cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=14.04 DISTRIB_CODENAME=trusty DISTRIB_DESCRIPTION="Ubuntu 14.04.5 LTS" # uname -r 3.19.0-65-generic # nginx -v nginx version: nginx/1.4.6 (Ubuntu) ~# docker version Client: Version: 1.12.1 API version: 1.24 Go version: go1.6.3 Git commit: 23cf638 Built: Thu Aug 18 05:22:43 2016 OS/Arch: linux/amd64 Server: Version: 1.12.1 API version: 1.24 Go version: go1.6.3 Git commit: 23cf638 Built: Thu Aug 18 05:22:43 2016 OS/Arch: linux/amd64 cat /etc/nginx/conf.d/site.conf server { proxy_send_timeout 120; proxy_read_timeout 300; proxy_buffering off; tcp_nodelay on; server_tokens off; client_max_body_size 1G; listen 80; server_name box.company.net; location / { rewrite ^(.*) https://box.company.net$1 permanent; } } server { listen 443; server_name box.company.net; keepalive_timeout 60; ssl on; ssl_certificate /etc/nginx/conf.d/net.crt; ssl_certificate_key /etc/nginx/conf.d/net.key; ssl_ciphers HIGH:!kEDH:!ADH:!MD5:@STRENGTH; ssl_session_cache shared:TLSSSL:16m; ssl_session_timeout 10m; ssl_prefer_server_ciphers on; location / { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto "https"; proxy_pass http://x.x.x.x:8081; proxy_read_timeout 90; } }
如果有任何帮助,以下是一些基本的卷曲结果,以获取更多信息。
root:~# curl -v https://box.company.net * Rebuilt URL to: https://box.company.net * Hostname was NOT found in DNS cache * Trying x.x.x.x... * Connected to box.company.net (x.x.x.x) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server key exchange (12): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using ECDHE-RSA-AES256-GCM-SHA384 * Server certificate: * subject: OU=Domain Control Validated; CN=*.company.net * start date: 2016-04-01 14:01:38 GMT * expire date: 2018-04-14 15:15:04 GMT * subjectAltName: box.company.net matched * issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2 * SSL certificate verify ok. > GET / HTTP/1.1 > User-Agent: curl/7.35.0 > Host: box.company.net > Accept: */* > < HTTP/1.1 200 OK * Server nginx/1.4.6 (Ubuntu) is not blacklisted < Server: nginx/1.4.6 (Ubuntu) < Date: Thu, 25 Aug 2016 13:39:14 GMT < Content-Type: text/html < Content-Length: 5077 < Connection: keep-alive < X-Frame-Options: SAMEORIGIN < X-Content-Type-Options: nosniff < Last-Modified: Thu, 25 Aug 2016 13:39:14 GMT < Pragma: no-cache < Cache-Control: post-check=0, pre-check=0 < Expires: 0
任何帮助使docker登录private.registry.net的帮助都将非常有帮助。
我必须在我的nginx配置中的前一个条目的正下方添加一个附加的(服务器)条目
重新启动nginx
docker客户端,将连接到端口6666,nginx会将流量路由到端口4444
# correlates to your nexus http connector server { listen 6666; server_name box.company.net; keepalive_timeout 60; ssl on; ssl_certificate /etc/nginx/conf.d/net.crt; ssl_certificate_key /etc/nginx/conf.d/net.key; ssl_ciphers HIGH:!kEDH:!ADH:!MD5:@STRENGTH; ssl_session_cache shared:TLSSSL:16m; ssl_session_timeout 10m; ssl_prefer_server_ciphers on; client_max_body_size 1G; chunked_transfer_encoding on; location / { access_log /var/log/nginx/docker.log; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto "https"; proxy_pass http://x.x.x.x:4444; proxy_read_timeout 90; } }
那我就可以
docker login -u username -p password box.company.net:6666 docker pull box.company.net:6666/docker-image:tag docker push box.company.net:6666/docker-image:tag