使用nexus作為docker的私人倉庫

本文轉載自查看原文 2019-12-17 17:30 828

vps上用docker搭建了一個nexus，順便用來做docker私人倉庫

修改/etc/docker/daemon.json，加入insecure-registry:xxxx:port，也就是nexus docker hosted的地址，但是在登錄的時候一直報：

Error response from daemon: Get https://bj1.com:8082/v2/: http: server gave HTTP response to HTTPS client

google百度搜了一堆，網上說/etc/docker/daemon.json insecure-registry私服地址不要加https就可以了，然而我並沒有加https，還是報這個錯，算了nginx給配置一個https轉http的代理

這樣總行了吧？使用docker啟動nginx:

docker run --rm -d --network host --name my_nginx nginx

然后進入nginx,復制出配置文件到home目錄下，因為后面要修改nginx的配置文件

docker cp nginx:/etc/nginx /home/

指定目錄生成證書和秘鑰/hone/nginx/serc目錄下（我這里生成證書相關的信息是隨便亂填的，會有問題，后面有提到）

#生成秘鑰
openssl genrsa -out privkey.pem 2048
#生成證書
openssl req -new -x509 -key privkey.pem -out server.pem -days 365

編輯nginx配置文件，配置http反向代理https->http，在nginx/conf.d目錄下創建一個nexus.conf配置文件：

server {
        listen  18082 ssl;
        server_name  bj1.com;
    #證書位置
        ssl_certificate      /etc/nginx/serc/server.pem; # 路徑為證書生成的路徑
        ssl_certificate_key  /etc/nginx/serc/privkey.pem; # 路徑為證書生成的路徑

    #    ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
        #協議配置
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;

        # 轉發到http
        location / {
           proxy_pass http://bj1.com:8082;
        }
 }

重新啟動nginx(不要忘了掛載/home/nginx)：

#--network host 直接使用宿主機網絡，因為考慮到后面可能有其他應用要做反向代理，避免做端口映射
docker run -it -v /home/nginx:/etc/nginx/ --name nginx --network host nginx

可以看到https已經代理到原有的8082 http端口了，接下來繼續配置docker私服,docker login，還是報錯了：

Username: admin
Password: 
Error response from daemon: Get https://xxx.com:18082/v2/: x509: certificate is not valid for any names, but wanted to match xxx.com

curl一下，應該是證書問題

root@DESKTOP-KMP2DN2:/home/zyq# curl  https://xxx1.com:18082/v2/
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

信任證書后還是失敗，應該是創建證書的時候沒有對應域名：

root@DESKTOP-KMP2DN2:/home/serc# sudo cp bj1server.crt /usr/local/share/ca-certificates
root@DESKTOP-KMP2DN2:/home/serc#  update-ca-certificates
Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
root@DESKTOP-KMP2DN2:/home/serc# curl  https://bj1.com:18082/v2/
curl: (51) SSL: unable to obtain common name from peer certificate
root@DESKTOP-KMP2DN2:/home/serc# docker login bj1.com:18082
Username: admin
Password: 
Error response from daemon: Get https://bj1.com:18082/v2/: x509: certificate is not valid for any names, but wanted to match bj1.com

換ip 登錄了一下，還是失敗：

root@DESKTOP-KMP2DN2:/home/serc# docker login 49xxx48:18082
Username: admin
Password: 
Error response from daemon: Get https://4xxx8.148:18082/v2/: x509: cannot validate certificate for 4xxxxxx.148 because it doesn't contain any IP SANs
root@DESKTOP-KMP2DN2:/home/serc#

重新創建證書吧，對應好域名bj1.com，這次不能亂填了

root@VM-0-9-ubuntu:/home/nginx/serc/new# openssl genrsa -out privkey.pem 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
..........................+++++
.+++++
e is 65537 (0x010001)
root@VM-0-9-ubuntu:/home/nginx/serc/new# openssl req -new -x509 -key privkey.pem -out server.pem -days 365
Can't load /root/.rnd into RNG
140629673918912:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:a
string is too short, it needs to be at least 2 bytes long
Country Name (2 letter code) [AU]:a
string is too short, it needs to be at least 2 bytes long
Country Name (2 letter code) [AU]:a
string is too short, it needs to be at least 2 bytes long
Country Name (2 letter code) [AU]:df
State or Province Name (full name) [Some-State]:fd
Locality Name (eg, city) []:fd
Organization Name (eg, company) [Internet Widgits Pty Ltd]:fd
Organizational Unit Name (eg, section) []:fd
Common Name (e.g. server FQDN or YOUR name) []:bj1.com
Email Address []:df

注意創建證書的時候，Common Name (e.g. server FQDN or YOUR name) []:bj1.com，這里填對，然后按照之前的操作重新弄一次

root@DESKTOP-KMP2DN2:/home/serc# curl  https://bj1.com:18082/v2/
{"errors":[{"code":"UNAUTHORIZED","message":"access to the requested resource is not authorized","detail":null}]}
root@DESKTOP-KMP2DN2:/home/serc# docker login bj1.com:18082
Username: admin
Password: 
Error response from daemon: Get https://bj1.com:18082/v2/: x509: certificate signed by unknown authority
root@DESKTOP-KMP2DN2:/home/serc#

curl沒問題了，但是docker login報未知機構創建的證書

改/etc/docker/daemon.json,-"insecure-registry":["bj.com:18082"]，因為這里我之前換成了ip，重啟docker后重新登錄，還是登錄失敗：

root@DESKTOP-KMP2DN2:/etc# docker login bj1.com:18082
Username: admin
Password: 
Error response from daemon: login attempt to https://bj1.com:18082/v2/ failed with status: 401 Unauthorized

原來還有一步（https://stackoverflow.com/questions/54826047/401-unauthorized-error-while-login-into-nexus-docker-registry）

終於登錄成功了：

root@DESKTOP-KMP2DN2:/etc# docker login bj1.com:18082
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
root@DESKTOP-KMP2DN2:/etc#

上傳一個鏡像試試看

docker tag bj1.com:18080/zouyq/springcloud-config bj1.com:18082/zouyq/springcloud-config
docker push bj1.com:18082/zouyq/springcloud-config

又報錯了：

edf1195b0d39: Pushing [==================================================>]  30.63MB/30.63MB
22fad1a62612: Pushing [==================================================>]   2.56kB
1a5572e30f8e: Pushing [==================================================>]   2.56kB
f2deb1ddcd80: Pushing [==================================================>]   2.56kB
3d1f9bd75481: Pushing [==================================================>]  104.6MB/104.6MB
4558483e2b61: Waiting 
ac06742e2f8b: Waiting 
73bfa217d66f: Waiting 
91ecdd7165d3: Waiting 
e4b20fcc48f4: Waiting 
error parsing HTTP 413 response body: invalid character 
'<' looking for beginning of value: "<html>
\r\n<head><title>413 
Request Entity Too Large</title></head>\r\n<body>\r\n<center><h1>413 Request Entity Too Large</h1>
</center>\r\n<hr
><center>nginx/1.17.6</center>\r\n</body>\r\n</html>\r\n"

上傳文件太大了，百度了一下，試着修改一下nginx配置，nginx.conf http節點下加入client_max_body_size 500m，最大500m，然后docker重啟nginx，重新push就沒報錯了

已經推上去了

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 創建docker私人倉庫構建私人docker倉庫給自己的nexus私人倉庫添加缺少的jar包 Linux搭建Nexus+Maven私人倉庫使用Nexus3搭建Docker私有倉庫使用Docker搭建Nexus私有倉庫使用nexus3配置docker私有倉庫 docker --Nexus倉庫 <二>企業級開源倉庫nexus3實戰應用–使用nexus3配置docker私有倉庫 Docker - 使用 Nexus3 搭設私有 NuGet 倉庫