為docker私有registry配置nginx反向代理

公司的Docker私有registry已經搭建好了，用官方的registry image很容易就搭建好了。現在就是要用nginx的反向代理把它放出來，以便在外網可以訪問。
我的上一篇blog 講了如何配置nginx反向代理。所以本文主要是講我在使用中遇到的問題及解決方法。

這是我最初的nginx配置

upstream my_docker_registry { server 192.168.100.48:8443; # registry.renhl.com } ## START hub.renhl.com ## server { server_name registry.renhl.com; listen 80; listen 443 ssl; ssl_certificate /etc/nginx/ssl/nginx.crt; ssl_certificate_key /etc/nginx/ssl/nginx.key; root /usr/local/nginx/html; index index.html; allow 111.206.238.12; allow 111.206.238.94; deny all; location / { proxy_pass https://my_docker_registry; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_redirect off; proxy_buffering off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } ## END hub.renhl.com ##

然后我開始push image到這個registry上，發現報錯了：

The push refers to a repository [hub.renhl.com/mediawiki] (len: 1) unable to ping registry endpoint https://hub.renhl.com/v0/ v2 ping attempt failed with error: Get https://hub.renhl.com/v2/: x509: certificate is valid for renhl.com, not hub.renhl.com v1 ping attempt failed with error: Get https://hub.renhl.com/v1/_ping: x509: certificate is valid for renhl.com, not hub.renhl.com

我已經把這個私有registry的ssl證書放在/etc/docker/certs.d下，應該不會出錯呀。仔細看了這個配置后，我發現nginx的沒有使用私有registry的ssl證書，而是使用了自己的證書/etc/nginx/ssl/nginx.crt。問題應該出在這兒,把nginx的ssl證書換成私有registry的ssl證書。

# 使用私有registry的ssl證書 ssl_certificate /opt/renhl_com_docker_registry/certs/registry_renhl_com.crt; ssl_certificate_key /opt/renhl_com_docker_registry/certs/registry_renhl_com.key;

好，重啟nginx再Push一下試試，又報錯了：

The push refers to a repository [registry.renhl.com/mediawiki] (len: 1) 846b3100eaa8: Buffering to Disk dial tcp: lookup my_docker_registry: no such host

原因很清楚，反向代理把my_docker_registry，做為host發到了客戶端了，要讓反向代理設置正確的host。把下面的一行加到nginx配置里。

proxy_set_header Host $host;

重啟nginx push一下試試，還報錯：

Error parsing HTTP response: invalid character '<' looking for beginning of value: "<html>\r\n<head><title>413 Request Entity Too Large</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>413 Request Entity Too Large</h1></center>\r\n<hr><center>nginx/1.4.6 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n"

我push的imgage太大，被nginx拒絕了。問了Google以后，在nginx的配置加入下面的兩行：

client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486) chunked_transfer_encoding on;

再push image，成功了！這是最后的配置：

upstream my_docker_registry { server 192.168.100.48:8443; # registry.renhl.com } ## START registry.renhl.com ## server { server_name registry.renhl.com; listen 80; listen 443 ssl; # 使用私有registry的ssl證書 ssl_certificate /opt/renhl_com_docker_registry/certs/registry_renhl_com.crt; ssl_certificate_key /opt/renhl_com_docker_registry/certs/registry_renhl_com.key; root /usr/local/nginx/html; index index.html; allow 111.206.238.12; allow 111.206.238.94; deny all; client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486) chunked_transfer_encoding on; location / { proxy_pass https://my_docker_registry; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_redirect off; proxy_buffering off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } ## END registry.renhl.com ##

如果你在配置docker的私有registry時碰到了同樣的問題，希望這篇博客能幫到你，：）

參考資料：
http://stackoverflow.com/questions/31730319/how-to-push-docker-images-through-reverse-proxy-to-artifactory

 

頂

0

踩

0

 

 

• 上一篇Docker容器用戶映射
• 下一篇MySQL表中存Emoji報錯Error 1366: Incorrect string value的解決方法

公司的Docker私有registry已經搭建好了，用官方的registry image很容易就搭建好了。現在就是要用nginx的反向代理把它放出來，以便在外網可以訪問。
我的上一篇blog 講了如何配置nginx反向代理。所以本文主要是講我在使用中遇到的問題及解決方法。

這是我最初的nginx配置

upstream my_docker_registry { server 192.168.100.48:8443; # registry.renhl.com } ## START hub.renhl.com ## server { server_name registry.renhl.com; listen 80; listen 443 ssl; ssl_certificate /etc/nginx/ssl/nginx.crt; ssl_certificate_key /etc/nginx/ssl/nginx.key; root /usr/local/nginx/html; index index.html; allow 111.206.238.12; allow 111.206.238.94; deny all; location / { proxy_pass https://my_docker_registry; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_redirect off; proxy_buffering off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } ## END hub.renhl.com ##

然后我開始push image到這個registry上，發現報錯了：

The push refers to a repository [hub.renhl.com/mediawiki] (len: 1) unable to ping registry endpoint https://hub.renhl.com/v0/ v2 ping attempt failed with error: Get https://hub.renhl.com/v2/: x509: certificate is valid for renhl.com, not hub.renhl.com v1 ping attempt failed with error: Get https://hub.renhl.com/v1/_ping: x509: certificate is valid for renhl.com, not hub.renhl.com

我已經把這個私有registry的ssl證書放在/etc/docker/certs.d下，應該不會出錯呀。仔細看了這個配置后，我發現nginx的沒有使用私有registry的ssl證書，而是使用了自己的證書/etc/nginx/ssl/nginx.crt。問題應該出在這兒,把nginx的ssl證書換成私有registry的ssl證書。

# 使用私有registry的ssl證書 ssl_certificate /opt/renhl_com_docker_registry/certs/registry_renhl_com.crt; ssl_certificate_key /opt/renhl_com_docker_registry/certs/registry_renhl_com.key;

好，重啟nginx再Push一下試試，又報錯了：

The push refers to a repository [registry.renhl.com/mediawiki] (len: 1) 846b3100eaa8: Buffering to Disk dial tcp: lookup my_docker_registry: no such host

原因很清楚，反向代理把my_docker_registry，做為host發到了客戶端了，要讓反向代理設置正確的host。把下面的一行加到nginx配置里。

proxy_set_header Host $host;

重啟nginx push一下試試，還報錯：

Error parsing HTTP response: invalid character '<' looking for beginning of value: "<html>\r\n<head><title>413 Request Entity Too Large</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>413 Request Entity Too Large</h1></center>\r\n<hr><center>nginx/1.4.6 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n"

我push的imgage太大，被nginx拒絕了。問了Google以后，在nginx的配置加入下面的兩行：

client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486) chunked_transfer_encoding on;

再push image，成功了！這是最后的配置：

upstream my_docker_registry { server 192.168.100.48:8443; # registry.renhl.com } ## START registry.renhl.com ## server { server_name registry.renhl.com; listen 80; listen 443 ssl; # 使用私有registry的ssl證書 ssl_certificate /opt/renhl_com_docker_registry/certs/registry_renhl_com.crt; ssl_certificate_key /opt/renhl_com_docker_registry/certs/registry_renhl_com.key; root /usr/local/nginx/html; index index.html; allow 111.206.238.12; allow 111.206.238.94; deny all; client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486) chunked_transfer_encoding on; location / { proxy_pass https://my_docker_registry; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_redirect off; proxy_buffering off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } ## END registry.renhl.com ##

如果你在配置docker的私有registry時碰到了同樣的問題，希望這篇博客能幫到你，：）

參考資料：
http://stackoverflow.com/questions/31730319/how-to-push-docker-images-through-reverse-proxy-to-artifactory

 

頂

0

踩

0

 

 

• 上一篇Docker容器用戶映射
• 下一篇MySQL表中存Emoji報錯Error 1366: Incorrect string value的解決方法