在pull docker镜像时报Error response from daemon: invalid registry endpoint https://docker-domain.com
来源:互联网 发布:在淘宝店怎么发布宝贝 编辑:程序博客网 时间:2024/06/05 17:34
在本地服务器搭建一个docker-registry时,如果不准备为此花钱去购买一个SSL密钥,可以使用自己授权的 SSL key让registry支持HTTPS加密访问。
生成SSL证书只要两行命令,将signdomain的值换成实际域名即可:
把生成的key和crt文件配给nginx就可以提供https访问了,只是因为是没有权威认证的自签名证书,使用docker访问时会提示下面的错误:
提示给出了解决方法,就是把上面生成的$signdomain.cr复制到 /etc/docker/certs.d/docker.webmaster.me/ca.crt 。按照这个方法做的话,docker pull 可以正常工作,但是如果我们的docker-registry开启了HTTP验证的话,pull之前需要先login,而实际证明docker login目前还不识别上面复制的CA证书。会提示certificate signed by unknown authority:
正确的方法是,将我们生成的crt文件内容放入系统的CA bundle文件当中,使操作系统信任我们的自签名证书,docker自然也就没问题了。CentOS 6 / 7中bundle文件的位置在 /etc/pki/tls/certs/ca-bundle.crt:
如果是其他Linux发行版,该文件的位置可能是下面这些,视情况而定:
/etc/ssl/certs/ca-certificates.crt
/etc/ssl/ca-bundle.pem
/etc/ssl/cert.pem
/usr/local/share/certs/ca-root-nss.crt
/etc/init.d/docker restart
修改完成后,必须重启客户端的docker服务。重启后再来docker login和docker pull ,成功了!
生成SSL证书只要两行命令,将signdomain的值换成实际域名即可:
signdomain=https://docker-reg.emotibot.com.cn:55688
openssl req -nodes \
-subj "/C=CN/ST=BeiJing/L=Dongcheng/CN=$signdomain" \
-newkey rsa:4096 -keyout $signdomain.key -out $signdomain.csr
openssl x509 -req -days 3650 -in $signdomain.csr -signkey $signdomain.key -out $signdomain.crt
把生成的key和crt文件配给nginx就可以提供https访问了,只是因为是没有权威认证的自签名证书,使用docker访问时会提示下面的错误:
docker pull docker.webmaster.me/centos:centos6
Error: Invalid registry endpoint https://docker.webmaster.me/v1/: Get https://docker.webmaster.me/v1/_ping: x509: certificate signed by unknown authority. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry docker.webmaster.me` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/docker.webmaster.me/ca.crt
提示给出了解决方法,就是把上面生成的$signdomain.cr复制到 /etc/docker/certs.d/docker.webmaster.me/ca.crt 。按照这个方法做的话,docker pull 可以正常工作,但是如果我们的docker-registry开启了HTTP验证的话,pull之前需要先login,而实际证明docker login目前还不识别上面复制的CA证书。会提示certificate signed by unknown authority:
docker login docker.webmaster.me
Username: webmaster
Password:
Email: admin@webmaster.me
2014/12/27 23:41:23 Error response from daemon: Server Error: Post https://docker.webmaster.me/v1/users/: x509: certificate signed by unknown authority
正确的方法是,将我们生成的crt文件内容放入系统的CA bundle文件当中,使操作系统信任我们的自签名证书,docker自然也就没问题了。CentOS 6 / 7中bundle文件的位置在 /etc/pki/tls/certs/ca-bundle.crt:
cat $signdomain.crt >> /etc/pki/tls/certs/ca-bundle.crt
如果是其他Linux发行版,该文件的位置可能是下面这些,视情况而定:
/etc/ssl/certs/ca-certificates.crt
/etc/ssl/ca-bundle.pem
/etc/ssl/cert.pem
/usr/local/share/certs/ca-root-nss.crt
/etc/init.d/docker restart
修改完成后,必须重启客户端的docker服务。重启后再来docker login和docker pull ,成功了!
[root@localhost ~]# docker login docker.webmaster.me
Username: webmaster
Password:
Email: admin@webmaster.me
Login Succeeded
[root@localhost ~]# docker pull docker.tvmining.com/centos:centos6
Pulling repository docker.tvmining.com/centos
48a737539afd: Download complete
511136ea3c5a: Download complete
5b12ef8fd570: Download complete
70441cac1ed5: Download complete
Status: Downloaded newer image for docker.tvmining.com/centos:centos6
阅读全文
0 0
- 在pull docker镜像时报Error response from daemon: invalid registry endpoint https://docker-domain.com
- docker pull images:Error response from daemon: Get https://registry-1.docker.io/v2/: Unauthorized
- docker: Error response from daemon: service endpoint with name XXX already exists.
- 修改docker-仓库资源地址Error response from daemon: Get https://index.docker.io/v1/search
- docker 出现 Error response from daemon
- docker 网络 不好用 docker: Error response from daemon: failed to create endpoint jovial_wing on network b
- Docker 官方镜像加速 registry.docker-cn.com
- Docker Error response from daemon: client is newer than server
- docker: Error response from daemon: unauthorized: incorrect username or password.
- docker init hello world 遇到docker:Error response from daemon TLS handshake timeout
- Docker获取镜像报错 docker: Error response from daemon: unauthorized: incorrect username or password.
- Docker:《三》Docker registry 镜像仓库
- docker registry 镜像删除
- Docker:Error response from daemon: Cannot restart container lnmp: oci runtime error: container_linux
- Error response from daemon: client is newer than server with Docker 1.9 RC3
- Docker:删除images报错(Error response from daemon: conflict: unable to remove repository reference)
- docker: Error response from daemon: Container command could not be invoked..
- docker rm -f Error response from daemon: Driver overlay failed to remove root filesystem
- codeforces 847G University Classes
- 关于java编程该学什么?如何学?
- object c++
- tomcat setenv.sh
- 记一次vuex的mapGetters无效原因
- 在pull docker镜像时报Error response from daemon: invalid registry endpoint https://docker-domain.com
- PDF页面大小不一致怎么办?
- 为什么java如此经久不衰
- 加载图片小结
- 【Linux】Linux文件目录结构详解
- C#学习回顾笔记四:C#的通配符是什么
- 扩展jquery插件--格式化时间
- inetaddressutils 爆红,找不到包
- ActiveMQ系列—ActiveMQ性能优化(中1)(处理规则和优化)