docker 推送时 TLS 超时?
TLS timeout on docker push?
我正在尝试将 docker 图像推送到使用 SSL 保护的人工制品。 artifactory 服务器由配置如下的 nginx 负载均衡器支持
upstream artifactory_lb {
server myLb.company.com:8081;
server myLb.company.com:8081 backup;
}
log_format upstreamlog '[$time_local] $remote_addr - $remote_user - $server_name to: $upstream_addr: $request upstream_response_time $upstream_response_time msec $msec request_time $request_time';
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/my-certs/myCert.pem;
ssl_certificate_key /etc/nginx/ssl/my-certs/myserver.key;
client_max_body_size 2048M;
location / {
proxy_set_header Host $host:$server_port;
proxy_pass http://artifactory_lb;
proxy_read_timeout 90;
}
access_log /var/log/nginx/access.log upstreamlog;
location /basic_status {
stub_status on;
allow all;
}
}
# Server configuration
server {
listen 2222 ssl;
server_name myLb.company.com;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
rewrite ^/(v1|v2)/(.*) /api/docker/my_local_repo_key//;
client_max_body_size 0;
chunked_transfer_encoding on;
location / {
proxy_read_timeout 900;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
proxy_pass http://artifactory_lb;
proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
当我使用以下 docker 发出 docker pyush 时
docker push mylb.comapny.com:2222/my_local_repo_key/ubuntu
我收到以下错误
unable to ping registry endpoint https://mylb.comapny.com:2222/v0/
v2 ping attempt failed with error: Get https:/mylb.comapny.com:2222/v2/: net/http: TLS handshake timeout
v1 ping attempt failed with error: Get https://mylb.comapny.com:2222/v1/_ping: net/http: TLS handshake timeout
更新:Nginx错误日志显示如下错误
no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: ip, server: 0.0.0.0:2222
我错过了什么?
您在侦听 2222 的虚拟主机中缺少 SSL cert/key 定义。
ssl_certificate/etc/nginx/ssl/my-certs/myCert.pem;
ssl_certificate_key /etc/nginx/ssl/my-certs/myserver.key;
我正在尝试将 docker 图像推送到使用 SSL 保护的人工制品。 artifactory 服务器由配置如下的 nginx 负载均衡器支持
upstream artifactory_lb {
server myLb.company.com:8081;
server myLb.company.com:8081 backup;
}
log_format upstreamlog '[$time_local] $remote_addr - $remote_user - $server_name to: $upstream_addr: $request upstream_response_time $upstream_response_time msec $msec request_time $request_time';
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/my-certs/myCert.pem;
ssl_certificate_key /etc/nginx/ssl/my-certs/myserver.key;
client_max_body_size 2048M;
location / {
proxy_set_header Host $host:$server_port;
proxy_pass http://artifactory_lb;
proxy_read_timeout 90;
}
access_log /var/log/nginx/access.log upstreamlog;
location /basic_status {
stub_status on;
allow all;
}
}
# Server configuration
server {
listen 2222 ssl;
server_name myLb.company.com;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
rewrite ^/(v1|v2)/(.*) /api/docker/my_local_repo_key//;
client_max_body_size 0;
chunked_transfer_encoding on;
location / {
proxy_read_timeout 900;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
proxy_pass http://artifactory_lb;
proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
当我使用以下 docker 发出 docker pyush 时
docker push mylb.comapny.com:2222/my_local_repo_key/ubuntu
我收到以下错误
unable to ping registry endpoint https://mylb.comapny.com:2222/v0/
v2 ping attempt failed with error: Get https:/mylb.comapny.com:2222/v2/: net/http: TLS handshake timeout
v1 ping attempt failed with error: Get https://mylb.comapny.com:2222/v1/_ping: net/http: TLS handshake timeout
更新:Nginx错误日志显示如下错误
no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: ip, server: 0.0.0.0:2222
我错过了什么?
您在侦听 2222 的虚拟主机中缺少 SSL cert/key 定义。
ssl_certificate/etc/nginx/ssl/my-certs/myCert.pem; ssl_certificate_key /etc/nginx/ssl/my-certs/myserver.key;