尝试使用nginx服务器设置私有远程docker-registry,我对它的SSL访问感到困惑......
Get https://mydockerregistry.mydomain.com/v1/_ping: read tcp
188.166.114.100:443: i/o timeout. If this private registry supports
only HTTP or HTTPS with an unknown CA certificate, please add `--
insecure-registry mydockerregistry.mydomain.com` to the daemon's
arguments. In the case of HTTPS, if you have access to the registry's
CA certificate, no need for the flag; simply place the CA certificate
at /etc/docker/certs.d/mydockerregistry.mydomain.com/ca.crt
出于测试目的,我使用的是自签名证书(我不应该这样做吗?) 我写在/etc/nginx/sites-available/mydockerregistry.mydomain.com
server {
server_name mydockerregistry.mydomain.com;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_ciphers 'AES256+EECDH:AES256+EDH::!EECDH+aRSA+RC4:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:10m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=31536000;
add_header X-Frame-Options DENY;
我的SSL设置有什么问题......?
答案 0 :(得分:0)
我转移到私有注册表v2安装证书(不是自签名) API ping检查现在是https://mydockerregistry.mydomain.com/v2/ 它返回一个空的JSON {}
似乎不接受自签名证书,