windows上的docker工具箱然后docker run hello-world获取x509:由未知权限签名的证书

时间:2016-11-30 18:50:49

标签: windows docker boot2docker toolbox

尝试了很多例子,但没有一个适合我。

我的Docker版本:

C:\>docker version
Client:
 Version:      1.12.2
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   bb80604
 Built:        Tue Oct 11 17:00:50 2016
 OS/Arch:      windows/amd64
Server:
 Version:      1.12.3
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   6b644ec
 Built:        Wed Oct 26 23:26:11 2016
 OS/Arch:      linux/amd64

我确实将证书(* .pem)复制到了/etc/docker/certs.d位置但没有效果。

docker@default:~$ l /etc/docker/certs.d/
total 24
drwxr-xr-x    2 root     root          4096 Nov 30 17:59 ./
drwxr-xr-x    3 root     root          4096 Nov 30 17:16 ../
-rwxr-xr-x    1 root     root          1679 Nov 30 17:59 ca-key.pem
-rwxr-xr-x    1 root     root          1038 Nov 30 17:59 ca.pem
-rwxr-xr-x    1 root     root          1078 Nov 30 17:59 cert.pem
-rwxr-xr-x    1 root     root          1675 Nov 30 17:59 key.pem

证书是在创建虚拟机时生成的证书。

感谢您对此的帮助。花了一天时间试图解决这个问题。

运行docker run hello-world时会生成消息 Log来自位于/ var / lib / boot2docker /

中的docker.log 
time="2016-11-30T18:25:14.233037149Z" level=debug msg="Client and server don't have the same version (client: 1.12.2, server: 1.12.3 )"
time="2016-11-30T18:25:14.233712555Z" level=error msg="Handler for POST /v1.24/containers/create returned error: No such image: hello-world:latest"
time="2016-11-30T18:25:14.244589790Z" level=debug msg="Calling GET /v1.24/info"
time="2016-11-30T18:25:14.244626594Z" level=debug msg="Client and server don't have the same version (client: 1.12.2, server: 1.12.3)"
time="2016-11-30T18:25:14.249913910Z" level=debug msg="Calling POST /v1.24/images/create?fromImage=hello-world&tag=latest"
time="2016-11-30T18:25:14.249943955Z" level=debug msg="Client and server don't have the same version (client: 1.12.2, server: 1.12.3)"
time="2016-11-30T18:25:14.250041478Z" level=debug msg="Trying to pull hello-world from https://registry-1.docker.io v2"
time="2016-11-30T18:25:14.327535482Z" level=warning msg="Error getting v2 registry: Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority"
time="2016-11-30T18:25:14.327561850Z" level=error msg="Attempting next endpoint for pull after error: Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority"
time="2016-11-30T18:25:14.327574917Z" level=debug msg="Trying to pull hello-world from https://index.docker.io v1"
time="2016-11-30T18:25:14.327587833Z" level=debug msg="hostDir: /etc/docker/certs.d/docker.io"
time="2016-11-30T18:25:14.327858818Z" level=debug msg="[registry] Calling GET https://index.docker.io/v1/repositories/library/hello-world/images"
time="2016-11-30T18:25:14.501831878Z" level=error msg="Not continuing with pull after error: Error while pulling image: Get https://index.docker.io/v1/repositories/library/hello-world/images: x509: certificate signed by unknown authority"

2 个答案:

答案 0 :(得分:1)

你可能在代理人后面。试试这个 sudo vi / var / lib / boot2docker / profile

在配置文件的末尾添加以下内容

# replace with your office's proxy environment
export "HTTP_PROXY=http://PROXY:PORT"
export "HTTPS_PROXY=http://PROXY:PORT"
# you can add more no_proxy with your environment. 
export "NO_PROXY=192.168.99.*,*.local,169.254/16,*.example.com,192.168.59.*"

然后重启boot2docker

上述步骤对我有用。我在窗户上。

答案 1 :(得分:1)

原来我们支持代理,但这些设置不适用于我们的Zscalar代理系统。 Zscalar插入自己的证书和事件将这些证书添加到Docker的设置是行不通的。 Zscalar确实有SSL旁路设置,可以免除给定URL这种SSL处理。

对于Docker,您必须使用.docker.io和.cloudfront.net

的网址
相关问题
最新问题