我正在尝试运行私有(private) Docker 注册表。
docker run -d -p 5000:5000 --name registry \
-v /opt/registry/config.yml:/etc/docker/registry/config.yml \
registry
config.yml:
version: 0.1
log:
level: debug
storage:
azure:
accountname: ...
accountkey: ...
container: registry
然后是注册表
docker logs -f registry
有以下输出:
time="2017-02-21T16:29:45.584228329Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable." go.version=go1.7.3 instance.id=99dc49a2-d0c5-4d5f-8e2f-1b1ed77ec012 version=v2.6.0
time="2017-02-21T16:29:45.584439534Z" level=info msg="redis not configured" go.version=go1.7.3 instance.id=99dc49a2-d0c5-4d5f-8e2f-1b1ed77ec012 version=v2.6.0
time="2017-02-21T16:29:45.595020552Z" level=info msg="Starting upload purge in 10m0s" go.version=go1.7.3 instance.id=99dc49a2-d0c5-4d5f-8e2f-1b1ed77ec012 version=v2.6.0
time="2017-02-21T16:29:45.623443737Z" level=info msg="listening on [::]:45908" go.version=go1.7.3 instance.id=99dc49a2-d0c5-4d5f-8e2f-1b1ed77ec012 version=v2.6.0
time="2017-02-21T16:39:45.595199645Z" level=info msg="PurgeUploads starting: olderThan=2017-02-14 16:39:45.595164544 +0000 UTC, actuallyDelete=true"
time="2017-02-21T16:39:45.641492799Z" level=debug msg="azure.List(\"/docker/registry/v2/repositories\")" go.version=go1.7.3 instance.id=99dc49a2-d0c5-4d5f-8e2f-1b1ed77ec012 trace.duration=46.132851ms trace.file="/go/src/github.com/docker/distribution/registry/storage/driver/base/base.go" trace.func="github.com/docker/distribution/registry/storage/driver/base.(*Base).List" trace.id=22a8eafa-43d4-4de4-9971-290cd9b12df6 trace.line=150 version=v2.6.0
time="2017-02-21T16:39:45.641583901Z" level=info msg="Purge uploads finished. Num deleted=0, num errors=1"
time="2017-02-21T16:39:45.641605301Z" level=info msg="Starting upload purge in 24h0m0s" go.version=go1.7.3 instance.id=99dc49a2-d0c5-4d5f-8e2f-1b1ed77ec012 version=v2.6.0
nginx:
server {
listen 80;
server_name registry.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name registry.example.com;
ssl_certificate /opt/certificates/fullchain.pem;
ssl_certificate_key /opt/certificates/privkey.pem;
ssl on;
ssl_session_cache shared:SSL:10m;
location / {
proxy_pass http://localhost:5000/;
proxy_redirect default;
proxy_set_header Docker-Distribution-Api-Version registry/2.0;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
client_max_body_size 0;
}
}
但是,当我想将镜像推送到注册表或访问 https://registry.example.com 时,我不断收到“502 Bad Gateway”消息
最佳答案
- 我将删除 http->https 重定向作为第一个调试步骤
```
server {
listen 80;
server_name registry.example.com;
return 301 https://$host$request_uri;
}
使用
curl localhost:5000命令仔细检查注册表路径您还需要更新代理 header :
```
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
- 您还应该考虑添加身份验证 header 以保护您的注册表
auth_basic "注册表领域";
auth_basic_user_file/etc/nginx/conf.d/nginx.htpasswd;
此外,我可以从日志中看到您的注册表正在本地运行。当 nginx-proxy 目标资源未正确响应时,Nginx 会抛出 502 错误。您还可以在代理通行证下尝试127.0.0.1:5000。还有一种 docker-compose 方式可以在以下 link 上进行端口映射。 .
关于azure - 具有 Azure 存储和 Nginx 的私有(private) Docker 注册表 : 502 Bad Gateway,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/42373318/