个人中心
gpt4 book ai didi

nginx - Gitlab docker注册表拉失败EOF

转载 作者:行者123 更新时间:2023-12-01 12:20:42 25 4
gpt4 key购买 nike

一、简介

我已经使用 docker 镜像设置了 Gitlab https://github.com/sameersbn/docker-gitlab (sameersbn/docker-gitlab) 并想设置 gitlab 私有(private)注册表。

1.1 问题

所有这一切都在使用 nginx 的反向代理负载均衡器后面。 .我能够插入注册表,但拉有一些我无法解决的问题。

输出告诉我retrying in 5sec然后随着时间的推移而增加,但大约一分钟后它输出 Download complete在某些层上。当所有层输出Download complete .然后提取结果,如 Unexpected EOF .

基础设施是这样的:

Proxy load balancer -----> gitlab registry
|
|
Another proxy load balancer -----> Gitlab

2. 终端输出

Docker 登录和推送工作正常。问题在于拉力。

2.1 Docker 拉取

2.1.1 预期结果

root@server:~# docker pull registry.dalten.com/docker/php5.6-cli/image
Using default tag: latest
latest: Pulling from docker/php5.6-cli/image
10a267c67f42: Already exists 
370377701f89: Pulling fs layer 
455c73a122bc: Pulling fs layer 
2cdcd82f5338: Pulling fs layer 
3ac634f20449: Waiting 
a19eeb6546ae: Waiting 
4ca536f5a464: Waiting 
4788559f39db: Waiting 
cc1917e72a80: Waiting 
42feb0ca362a: Pull complete 
f74f29b91bbc: Pull complete 
d104213bfd22: Pull complete 
6db9d2d35d48: Pull complete 
806b8ac2f0b7: Pull complete 
661bb76178ac: Pull complete 
3727be25d45f: Pull complete 
04fed213644a: Pull complete 
a78f18e044f7: Pull complete 
849a2f576c66: Pull complete 
259300decf26: Pull complete 
0d9f42b121be: Pull complete 
2483d273017a: Pull complete 
3dfaf57e1d54: Pull complete 
92fbf8438206: Pull complete 
7d5100ec575c: Pull complete 
52b1dff7320d: Pull complete 
500fa7f84392: Pull complete 
aff937c2773b: Pull complete 
92f8bc1201f3: Pull complete 
Digest: sha256:d3d06d2cebd333af21565639503ddded64db47d5641ee9ff93167200b5fcad7a
Status: Downloaded newer image for registry.dalten.com/docker/php5.6-cli/image:latest

2.1.2 实际行为 
docker pull registry.dalten.com/docker/php5.6-cli/image
Using default tag: latest
latest: Pulling from docker/php5.6-cli/image
10a267c67f42: Already exists 
370377701f89: Pulling fs layer 
455c73a122bc: Pulling fs layer 
2cdcd82f5338: Pulling fs layer 
3ac634f20449: Waiting 
a19eeb6546ae: Waiting 
a19eeb6546ae: Downloading 4.398 MB/4.398 MB
4788559f39db: Downloading 102.6 MB/102.6 MB
cc1917e72a80: Download complete 
42feb0ca362a: Download complete 
f74f29b91bbc: Download complete 
d104213bfd22: Download complete 
6db9d2d35d48: Download complete 
806b8ac2f0b7: Download complete 
661bb76178ac: Download complete 
3727be25d45f: Download complete 
04fed213644a: Download complete 
a78f18e044f7: Download complete 
849a2f576c66: Download complete 
259300decf26: Download complete 
0d9f42b121be: Download complete 
2483d273017a: Downloading 24.12 MB/24.12 MB
3dfaf57e1d54: Download complete 
92fbf8438206: Download complete 
7d5100ec575c: Download complete 
52b1dff7320d: Download complete 
500fa7f84392: Download complete 
aff937c2773b: Download complete 
92f8bc1201f3: Download complete 
unexpected EOF

2.3 Docker登录 
sudo docker login registry.dalten.com
Username (xxxxxx): 
Password: 
Login Succeeded

2.4 Docker推送 
sudo docker push registry.dalten.com/docker/php5.6-cli/image
The push refers to a repository [registry.dalten.com/docker/php5.6-cli/image]
d8b353eb3025: Pushed 
f2e85bc0b7b1: Pushed 
fc9e1e5e38f7: Pushed 
fe9a3f9c4559: Pushed 
6a8bf8c8edbd: Pushed 
latest: digest: sha256:ea1d854d38be82f54d39efe2c67000bed1b03348bcc2f3dc094f260855dff368 size: 1357

3. 配置

配置包含我用于运行服务的 docker-compose.yml 文件。 Gitlab 运行良好。每个配置都有效。唯一的问题是注册表。

另一件事是注册表在不安全状态下工作。问题必须隐藏在负载均衡器(nginx)配置中的某个地方。 (某些 header 尚未发送,超出限制等)

3.1 Gitlab Docker-compose

注:我删减了无关信息 
version: '2'
services:
  registry:
    image: registry:latest
    environment:
      REGISTRY_AUTH_TOKEN_ISSUER: gitlab-issuer
      REGISTRY_AUTH_TOKEN_REALM: https://git.dalten.cz/jwt/auth
      REGISTRY_AUTH_TOKEN_SERVICE: container_registry
      REGISTRY_LOG_LEVEL: debug
      REGISTRY_STORAGE_DELETE_ENABLED: 'true'
      REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE: /certs/fullchain.pem
      REGISTRY_HTTP_SECRET: secret
    volumes:
    - /mnt/storage/srv/gitlab1/data/shared/registry:/registry
    - /mnt/storage/srv/gitlab1/certs:/certs
    ports:
    - 5000:5000/tcp
  gitlab:
    image: sameersbn/gitlab:latest
    hostname: git.dalten.cz
    environment:
      GITLAB_REGISTRY_ENABLED: 'true'
      GITLAB_REGISTRY_HOST: registry.dalten.com
      GITLAB_REGISTRY_API_URL: http://registry:5000
      GITLAB_REGISTRY_ISSUER: gitlab-issuer
      GITLAB_REGISTRY_CERT_PATH: /certs/fullchain.pem
      GITLAB_REGISTRY_KEY_PATH: /certs/privkey.pem
    volumes:
    - /mnt/storage/srv/gitlab1/certs:/certs
    - /mnt/storage/srv/gitlab1/data:/home/git/data/
    ports:
    - 8643:80/tcp
    - 1022:22/tcp

3.2 Nginx 注册表 docker-compose 
version: '2'
services:
  nginx:
    image: sameersbn/nginx:1.10.3
    volumes:
    - /srv/nginx/sites-enabled:/etc/nginx/sites-enabled
    - /mnt/storage/lb/letsencrypt:/etc/nginx/ssl
    ports:
    - 80:80/tcp
    - 443:443/tcp

3.2.1 Nginx 虚拟主机文件

我使用 Nginx 进行反向代理配置(负载均衡器)。存储了 https 流量的所有证书。 
    # For versions of Nginx > 1.3.9 that include chunked transfer encoding
# support Replace with appropriate values where necessary
upstream docker-registry {
 server 10.126.0.242:5000;
}

server {
  listen 80;
  server_name registry.dalten.com
  return 301 https://$http_host:$request_uri;
  access_log /var/log/nginx/access.log;
  error_log  /var/log/nginx/error.log;
}

server {
 listen 443 default_server;
 server_name registry.dalten.com

 add_header Docker-Distribution-Api-Version registry/2.0 always;

 ssl on;
 ssl_certificate /etc/nginx/ssl/live/registry.dalten.com/fullchain.pem;
 ssl_certificate_key /etc/nginx/ssl/live/registry.dalten.com/privkey.pem;

  ssl_session_timeout 5m;

 client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image
uploads
 # required to avoid HTTP 411: see Issue #1486
 # (https://github.com/dotcloud/docker/issues/1486)
 chunked_transfer_encoding on;
 proxy_set_header X-Original-URI $request_uri;
 proxy_set_header Docker-Distribution-Api-Version registry/2.0;

access_log /var/log/nginx/access.log;
 error_log /var/log/nginx/error.log;

location /
{
     # let Nginx know about our auth file
     proxy_pass http://docker-registry;
     proxy_set_header Host $host; # required for docker client's sake
     proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
 }
 location /_ping {
     proxy_pass http://docker-registry;
 }
 location /v1/_ping {
     proxy_pass http://docker-registry;
 }
 location /v2/ {
     # To add basic authentication to v2 use auth_basic setting plus
     # add_header
     add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always;
     proxy_pass http://docker-registry;
     proxy_set_header Host $http_host; # required for docker client's sake
     proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
     proxy_read_timeout 900;
 }
}

3. 日志

如果您需要更多日志,请随时询问!

3.1 Docker pull

4. 谢谢大家的帮助!

最佳答案

通过添加 proxy_max_temp_file_size 0; 解决了问题里面的nginx虚拟主机配置!

关于nginx - Gitlab docker注册表拉失败EOF,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44370253/

25 4 0
文章推荐: java - 如何用Java与网页上的表格进行交互?
文章推荐: sass - 如何在 SCSS 中使用另一个变量中的变量
文章推荐: java - Gradle 如何构建包含某些子项目输出的 Rpm?
文章推荐: scala - 如何在 Play Framework 上配置 ssl 证书?
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com