如何在 Apache httpd 后面公开 Docker-Registry?
How to expose Docker-Registry behind Apache httpd?
我是 运行 私有 docker-registry v2,具有以下 docker-compose.yml 文件:
registry:
restart: always
image: registry:2
ports:
- 5000:5000
environment:
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/server-cert.pem
REGISTRY_HTTP_TLS_KEY: /certs/server-key.pem
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
volumes:
- /data/docker-registry:/var/lib/registry
- /certs/docker-registry:/certs
- /auth/docker-registry:/auth
并且我能够在 http://localhost:5000.
进行本地登录(SSH、Jenkins 等)
现在我想用 Apache httpd 公开这个注册表。
我是 运行 CentOS 7 上的以下 httpd 版本:
[root@dev-machine conf.d]# httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built: Jun 27 2018 13:48:59
这是我的vhosts.conf:
<VirtualHost *:443>
ServerName dev-machine.com
ServerAlias www.dev-machine.com
ErrorLog logs/dev-machine.com-error_log
CustomLog logs/dev-machine.com-access_log common
SSLEngine on
SSLCertificateFile /certs/docker-registry/server-cert.pem
SSLCertificateKeyFile /certs/docker-registry/server-key.pem
Header set Host "dev-machine.com"
Header set "Docker-Distribution-Api-Version" "registry/2.0"
RequestHeader set X-Forwarded-Proto "https"
ProxyRequests off
ProxyPreserveHost on
ProxyPass /registry http://127.0.0.1:5000/
ProxyPassReverse /registry http://127.0.0.1:5000/
<Location /registry>
Order deny,allow
Allow from all
AuthName "Registry Authentication"
AuthType basic
AuthUserFile "/auth/htpasswd"
Require valid-user
</Location>
</VirtualHost>
我面临的问题是,当我尝试登录注册表时出现以下错误:
izio@1z10:~$ docker login https://dev-machine.com/registry
Username: user
Password:
Error response from daemon: login attempt to https://dev-machine/v2/ failed with status: 404 Not Found
似乎重定向到 /v2 而不是在虚拟主机中使用分配的 url。此配置缺少什么或有什么问题?
像这样更新你的httpd.conf
ProxyPass /注册表http://127.0.0.1:5000/v2
ProxyPassReverse /registry http://127.0.0.1:5000/v2
我是 运行 私有 docker-registry v2,具有以下 docker-compose.yml 文件:
registry:
restart: always
image: registry:2
ports:
- 5000:5000
environment:
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/server-cert.pem
REGISTRY_HTTP_TLS_KEY: /certs/server-key.pem
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
volumes:
- /data/docker-registry:/var/lib/registry
- /certs/docker-registry:/certs
- /auth/docker-registry:/auth
并且我能够在 http://localhost:5000.
进行本地登录(SSH、Jenkins 等)现在我想用 Apache httpd 公开这个注册表。 我是 运行 CentOS 7 上的以下 httpd 版本:
[root@dev-machine conf.d]# httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built: Jun 27 2018 13:48:59
这是我的vhosts.conf:
<VirtualHost *:443>
ServerName dev-machine.com
ServerAlias www.dev-machine.com
ErrorLog logs/dev-machine.com-error_log
CustomLog logs/dev-machine.com-access_log common
SSLEngine on
SSLCertificateFile /certs/docker-registry/server-cert.pem
SSLCertificateKeyFile /certs/docker-registry/server-key.pem
Header set Host "dev-machine.com"
Header set "Docker-Distribution-Api-Version" "registry/2.0"
RequestHeader set X-Forwarded-Proto "https"
ProxyRequests off
ProxyPreserveHost on
ProxyPass /registry http://127.0.0.1:5000/
ProxyPassReverse /registry http://127.0.0.1:5000/
<Location /registry>
Order deny,allow
Allow from all
AuthName "Registry Authentication"
AuthType basic
AuthUserFile "/auth/htpasswd"
Require valid-user
</Location>
</VirtualHost>
我面临的问题是,当我尝试登录注册表时出现以下错误:
izio@1z10:~$ docker login https://dev-machine.com/registry
Username: user
Password:
Error response from daemon: login attempt to https://dev-machine/v2/ failed with status: 404 Not Found
似乎重定向到 /v2 而不是在虚拟主机中使用分配的 url。此配置缺少什么或有什么问题?
像这样更新你的httpd.conf
ProxyPass /注册表http://127.0.0.1:5000/v2
ProxyPassReverse /registry http://127.0.0.1:5000/v2