vps上用docker搭建了一个nexus,顺便用来做docker私人仓库
修改/etc/docker/daemon.json,加入insecure-registry:xxxx:port,也就是nexus docker hosted的地址,但是在登录的时候一直报:
Error response from daemon: Get https://bj1.com:8082/v2/: http: server gave HTTP response to HTTPS client
google百度搜了一堆,网上说/etc/docker/daemon.json insecure-registry私服地址不要加https就可以了,然而我并没有加https,还是报这个错,算了nginx给配置一个https转http的代理
这样总行了吧?使用docker启动nginx:
docker run --rm -d --network host --name my_nginx nginx
然后进入nginx,复制出配置文件到home目录下,因为后面要修改nginx的配置文件
docker cp nginx:/etc/nginx /home/
指定目录生成证书和秘钥/hone/nginx/serc目录下(我这里生成证书相关的信息是随便乱填的,会有问题,后面有提到)
#生成秘钥 openssl genrsa -out privkey.pem 2048 #生成证书 openssl req -new -x509 -key privkey.pem -out server.pem -days 365
编辑nginx配置文件,配置http反向代理https->http,在nginx/conf.d目录下创建一个nexus.conf配置文件:
server {
listen 18082 ssl;
server_name bj1.com;
#证书位置
ssl_certificate /etc/nginx/serc/server.pem; # 路径为证书生成的路径
ssl_certificate_key /etc/nginx/serc/privkey.pem; # 路径为证书生成的路径
# ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
#协议配置
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
# 转发到http
location / {
proxy_pass http://bj1.com:8082;
}
}
重新启动nginx(不要忘了挂载/home/nginx):
#--network host 直接使用宿主机网络,因为考虑到后面可能有其他应用要做反向代理,避免做端口映射 docker run -it -v /home/nginx:/etc/nginx/ --name nginx --network host nginx
可以看到https已经代理到原有的8082 http端口了,接下来继续配置docker私服,docker login,还是报错了:
Username: admin Password: Error response from daemon: Get https://xxx.com:18082/v2/: x509: certificate is not valid for any names, but wanted to match xxx.com
curl一下,应该是证书问题
root@DESKTOP-KMP2DN2:/home/zyq# curl https://xxx1.com:18082/v2/ curl: (60) SSL certificate problem: self signed certificate More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.
信任证书后还是失败,应该是创建证书的时候没有对应域名:
root@DESKTOP-KMP2DN2:/home/serc# sudo cp bj1server.crt /usr/local/share/ca-certificates root@DESKTOP-KMP2DN2:/home/serc# update-ca-certificates Updating certificates in /etc/ssl/certs... 1 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done. root@DESKTOP-KMP2DN2:/home/serc# curl https://bj1.com:18082/v2/ curl: (51) SSL: unable to obtain common name from peer certificate root@DESKTOP-KMP2DN2:/home/serc# docker login bj1.com:18082 Username: admin Password: Error response from daemon: Get https://bj1.com:18082/v2/: x509: certificate is not valid for any names, but wanted to match bj1.com
换ip 登录了一下,还是失败:
root@DESKTOP-KMP2DN2:/home/serc# docker login 49xxx48:18082 Username: admin Password: Error response from daemon: Get https://4xxx8.148:18082/v2/: x509: cannot validate certificate for 4xxxxxx.148 because it doesn‘t contain any IP SANs root@DESKTOP-KMP2DN2:/home/serc#
重新创建证书吧,对应好域名bj1.com,这次不能乱填了
root@VM-0-9-ubuntu:/home/nginx/serc/new# openssl genrsa -out privkey.pem 2048 Generating RSA private key, 2048 bit long modulus (2 primes) ..........................+++++ .+++++ e is 65537 (0x010001) root@VM-0-9-ubuntu:/home/nginx/serc/new# openssl req -new -x509 -key privkey.pem -out server.pem -days 365 Can‘t load /root/.rnd into RNG 140629673918912:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.‘, the field will be left blank. ----- Country Name (2 letter code) [AU]:a string is too short, it needs to be at least 2 bytes long Country Name (2 letter code) [AU]:a string is too short, it needs to be at least 2 bytes long Country Name (2 letter code) [AU]:a string is too short, it needs to be at least 2 bytes long Country Name (2 letter code) [AU]:df State or Province Name (full name) [Some-State]:fd Locality Name (eg, city) []:fd Organization Name (eg, company) [Internet Widgits Pty Ltd]:fd Organizational Unit Name (eg, section) []:fd Common Name (e.g. server FQDN or YOUR name) []:bj1.com Email Address []:df
注意创建证书的时候,Common Name (e.g. server FQDN or YOUR name) []:bj1.com,这里填对,然后按照之前的操作重新弄一次
root@DESKTOP-KMP2DN2:/home/serc# curl https://bj1.com:18082/v2/
{"errors":[{"code":"UNAUTHORIZED","message":"access to the requested resource is not authorized","detail":null}]}
root@DESKTOP-KMP2DN2:/home/serc# docker login bj1.com:18082
Username: admin
Password:
Error response from daemon: Get https://bj1.com:18082/v2/: x509: certificate signed by unknown authority
root@DESKTOP-KMP2DN2:/home/serc#
curl没问题了,但是docker login报未知机构创建的证书
改/etc/docker/daemon.json,-"insecure-registry":["bj.com:18082"],因为这里我之前换成了ip,重启docker后重新登录,还是登录失败:
root@DESKTOP-KMP2DN2:/etc# docker login bj1.com:18082 Username: admin Password: Error response from daemon: login attempt to https://bj1.com:18082/v2/ failed with status: 401 Unauthorized
终于登录成功了:
root@DESKTOP-KMP2DN2:/etc# docker login bj1.com:18082 Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded root@DESKTOP-KMP2DN2:/etc#
上传一个镜像试试看
docker tag bj1.com:18080/zouyq/springcloud-config bj1.com:18082/zouyq/springcloud-config docker push bj1.com:18082/zouyq/springcloud-config
又报错了:
edf1195b0d39: Pushing [==================================================>] 30.63MB/30.63MB 22fad1a62612: Pushing [==================================================>] 2.56kB 1a5572e30f8e: Pushing [==================================================>] 2.56kB f2deb1ddcd80: Pushing [==================================================>] 2.56kB 3d1f9bd75481: Pushing [==================================================>] 104.6MB/104.6MB 4558483e2b61: Waiting ac06742e2f8b: Waiting 73bfa217d66f: Waiting 91ecdd7165d3: Waiting e4b20fcc48f4: Waiting error parsing HTTP 413 response body: invalid character ‘<‘ looking for beginning of value: "<html> \r\n<head><title>413 Request Entity Too Large</title></head>\r\n<body>\r\n<center><h1>413 Request Entity Too Large</h1> </center>\r\n<hr ><center>nginx/1.17.6</center>\r\n</body>\r\n</html>\r\n"
上传文件太大了,百度了一下,试着修改一下nginx配置,nginx.conf http节点下加入client_max_body_size 500m,最大500m,然后docker重启nginx,重新push就没报错了
已经推上去了
原文:https://www.cnblogs.com/CatMage/p/12057133.html