个人中心
gpt4 book ai didi

ssl - Docker:TLS握手超时

转载 作者:IT老高 更新时间:2023-10-28 21:24:01 29 4
gpt4 key购买 nike

我已经创建了自己的私有(private)注册表(private-registry),但我无法将图像推送到它。比我得到以下错误:

The push refers to a repository [private-registry:5000/ubuntu] (len: 1)
unable to ping registry endpoint https://private-registry:5000/v0/
v2 ping attempt failed with error: Get https://private-registry:5000/v2/: net/http: TLS handshake timeout
 v1 ping attempt failed with error: Get https://private-registry:5000/v1/_ping: net/http: TLS handshake timeout

运行注册表的日志显示如下:

time="2015-12-14T07:59:21Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable." go.version=go1.5.2 instance.id=a77e1955-3688-4fe3-a06e-0341787f8d0f version=v2.2.1 
time="2015-12-14T07:59:21Z" level=info msg="redis not configured" go.version=go1.5.2 instance.id=a77e1955-3688-4fe3-a06e-0341787f8d0f version=v2.2.1 
time="2015-12-14T07:59:21Z" level=info msg="using inmemory blob descriptor cache" go.version=go1.5.2 instance.id=a77e1955-3688-4fe3-a06e-0341787f8d0f version=v2.2.1 
time="2015-12-14T07:59:21Z" level=info msg="listening on [::]:5000, tls" go.version=go1.5.2 instance.id=a77e1955-3688-4fe3-a06e-0341787f8d0f version=v2.2.1 
time="2015-12-14T07:59:21Z" level=info msg="Starting upload purge in 47m0s" go.version=go1.5.2 instance.id=a77e1955-3688-4fe3-a06e-0341787f8d0f version=v2.2.1

我无法 curl 我的注册表(超时)。这是我执行的步骤:

首先我创建了自签名证书:

mkdir -p certs && openssl req \
  -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
  -x509 -days 365 -out certs/domain.crt

我已经创建了我的注册表,它将使用这些证书:

docker run -d -p 5000:5000 --restart=always --name private-registry \
  -v `pwd`/certs:/certs \
  -e REGISTRY_HTTP_TLS_CERTIFICATE=certs/domain.crt \
  -e REGISTRY_HTTP_TLS_KEY=certs/domain.key \
  registry:2

我授予了正确的权限:

chcon -Rt svirt_sandbox_file_t ~certs/

我创建了:/etc/docker/etc.d/private-registry:5000/我在其中复制了我的 domain.crt。我编辑了我的 /etc/hosts 并添加了:10.0.0.X private-registry(我的内部ip和我的注册表名称)

我还重新启动了 docker 和我的注册表。

编辑:

[centos@ ~]$ curl -v private-registry:5000
* About to connect() to private-registry port 5000 (#0)
*   Trying 10.0.0.xx...
* Connected to private-registry (10.0.0.xx) port 5000 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: private-registry:5000
> Accept: */*
> 

* Connection #0 to host private-registry left intact
[centos@~]$ curl -v https://private-registry:5000
* About to connect() to private-registry port 5000 (#0)
*   Trying 10.0.0.xx...
* Connected to private-registry (10.0.0.xx) port 5000 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
      CApath: none
    * NSS error -5990 (PR_IO_TIMEOUT_ERROR)
* I/O operation timed out
* Closing connection 0
curl: (35) I/O operation timed out

最佳答案

您可能需要将证书放入此目录。

    /etc/docker/certs.d/private-registry.com:5000/ca.crt

关于ssl - Docker:TLS握手超时,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34262275/

29 4 0
文章推荐: 仅使用 SSH key 和 dockerfile 进行部署
文章推荐: amazon-web-services - 使用 Dockerrun.aws.json 通过 CLI deploy 命令部署到 elasticbeanstalk
文章推荐: amazon-web-services - Docker 挂载 S3 容器
文章推荐: ruby-on-rails - 在 rails docker 容器中找不到 rake-11.1.2
IT老高
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com