我有一个 docker 注册表,我正在使用客户端 ssl 证书进行身份验证的 nginx 代理后面访问它。
当我尝试推送到这个注册表时,我需要 docker 守护进程将客户端证书发送到 nginx。
根据: https://docs.docker.com/engine/security/certificates/
应该有一个名为/etc/docker 的目录,这些证书可以放在其中。此目录在 Docker for Mac 上不存在。
所以我想我会尝试通过以下方式将证书放入虚拟机本身:
docker-machine ssh 默认值
这导致 docker 提示: 来自守护进程的错误响应:crypto/tls:私钥与公钥不匹配
我不认为我的 key 对有任何问题,而且我已经在 Linux 上完成了相同的设置(更容易),没有任何问题。
最佳答案
4 年后 Google 仍然把我带到这里。
我在官方文档中找到了答案: https://docs.docker.com/desktop/mac/#add-client-certificates
引用来源:
You can put your client certificates in
~/.docker/certs.d/<MyRegistry>:<Port>/client.cert
and~/.docker/certs.d/<MyRegistry>:<Port>/client.key
.When the Docker for Mac application starts up, it copies the
~/.docker/certs.d
folder on your Mac to the/etc/docker/certs.d
directory on Moby (the Docker for Macxhyve
virtual machine).
- You need to restart Docker for Mac after making any changes to the keychain or to the
~/.docker/certs.d
directory in order for the
changes to take effect.- The registry cannot be listed as an insecure registry (see Docker Engine). Docker for Mac will ignore certificates listed under
insecure registries, and will not send client certificates. Commands
like docker run that attempt to pull from the registry will produce
error messages on the command line, as well as on the registry.
关于macos - 在哪里为 Docker for Mac 添加客户端证书?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/40822912/