ssl - docker push 上的 TLS 超时？

Question

我正在尝试将 docker 镜像推送到使用 SSL 保护的 Artifactory 。 artifactory 服务器由配置如下的 nginx 负载均衡器支持

   upstream artifactory_lb {
            server myLb.company.com:8081;
            server myLb.company.com:8081 backup;
    }

    log_format upstreamlog '[$time_local] $remote_addr - $remote_user - $server_name  to: $upstream_addr: $request upstream_response_time $upstream_response_time msec $msec request_time $request_time';

    server {
            listen 80;
            listen 443 ssl;

            ssl_certificate  /etc/nginx/ssl/my-certs/myCert.pem;
            ssl_certificate_key /etc/nginx/ssl/my-certs/myserver.key;
            client_max_body_size 2048M;
            location / {
                    proxy_set_header Host $host:$server_port;
                    proxy_pass http://artifactory_lb;
                    proxy_read_timeout 90;
            }
            access_log /var/log/nginx/access.log upstreamlog;
            location /basic_status {
                    stub_status on;
                    allow all;
                    }
    }

    # Server configuration

    server {
        listen 2222 ssl;

        server_name myLb.company.com;
        if ($http_x_forwarded_proto = '') {
            set $http_x_forwarded_proto  $scheme;
        }

        rewrite ^/(v1|v2)/(.*) /api/docker/my_local_repo_key/$1/$2;
        client_max_body_size 0;
        chunked_transfer_encoding on;
        location / {
        proxy_read_timeout  900;
        proxy_pass_header   Server;
        proxy_cookie_path ~*^/.* /;
        proxy_pass         http://artifactory_lb;
        proxy_set_header   X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host;
        proxy_set_header    X-Forwarded-Port  $server_port;
        proxy_set_header    X-Forwarded-Proto $http_x_forwarded_proto;
        proxy_set_header    Host              $http_host;
        proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
        }
    }

当我使用以下命令发出 docker pyush 时

docker push mylb.comapny.com:2222/my_local_repo_key/ubuntu

我得到以下错误

unable to ping registry endpoint https://mylb.comapny.com:2222/v0/
v2 ping attempt failed with error: Get https:/mylb.comapny.com:2222/v2/: net/http: TLS handshake timeout
 v1 ping attempt failed with error: Get https://mylb.comapny.com:2222/v1/_ping: net/http: TLS handshake timeout

更新:Nginx错误日志显示如下错误

no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: ip, server: 0.0.0.0:2222

我错过了什么？

Answer 1

您在监听 2222 的虚拟主机中缺少 SSL 证书/ key 定义。

ssl_certificate/etc/nginx/ssl/my-certs/myCert.pem; ssl_certificate_key/etc/nginx/ssl/my-certs/myserver.key;