我正在尝试设置我的私有Docker注册表,并且我正在关注official documentation。 我已经安装了Docker,我可以在我的服务器上运行我的注册表。但我希望我的注册表可以更广泛地使用。 我的具有私有注册表的docker-server安装在AWS实例上。 我使用keytool创建了自己的证书和密钥:
docker run -d -p 5000:5000 --restart=always --name registry \
-v `pwd`/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
registry:2
我可以通过以下方式ping此实例:
ping ec2-xx-xx-xx-xx.xx-west/east-1.compute.amazonaws.com
但推动是不可能的:
The push refers to a repository [ec2-xx-xx-xx-xx.compute.amazonaws.com:5000/ubuntu] (len: 1)
unable to ping registry endpoint https://ec2-xx-xx-xx-xx.compute.amazonaws.com:5000/v0/
v2 ping attempt failed with error: Get https://ec2-xx-xx-xx-xx.compute.amazonaws.com:5000/v2/: dial tcp 10.x.x.x:5000: i/o timeout
v1 ping attempt failed with error: Get https://ec2-xx-xx-xx-xx.amazonaws.com:5000/v1/_ping: dial tcp 10.0.x.x:5000: i/o timeout
EDIT1: 更改我的aws-security组后。将端口5000设置为 TCP ,错误已更改:
unable to ping registry endpoint https://ec2-xx-xx-xx-xx.compute.amazonaws.com:5000/v0/
v2 ping attempt failed with error: Get https://ec2-xx-xx-xx-xx.compute.amazonaws.com:5000/v2/: dial tcp 10.0.x.x:5000: connection refused
v1 ping attempt failed with error: Get https://ec2-xx-xx-xx-xx.compute.amazonaws.com:5000/v1/_ping: dial tcp 10.0.x.x:5000: connection refused
如何让我的注册表可以访问其他aws实例? 我的docker日志显示以下内容。他们无法找到我的证书。
level=fatal msg="open /certs/domain.crt: no such file or directory"
我必须将此证书放入我的容器中吗? (并由我自己或使用现有的keytool生成它)
EDIT2: 我使用此documentation生成了自己的证书。 生成证书后,我确实重新启动了我的docker守护程序。我没有将domain.crt的副本执行到ca.crt,因为该路径不存在。也许我必须自己创造它?
新错误:
unable to ping registry endpoint https://ec2-xx-xx-xx-xx.compute.amazonaws.com:5000/v0/
v2 ping attempt failed with error: Get https://ec2-xx-xx-xx-xx.compute.amazonaws.com:5000/v2/: dial tcp 10.0.x.x:5000: no route to host
v1 ping attempt failed with error: Get https://ec2-xx-xx-xx-xx.compute.amazonaws.com:5000/v1/_ping: dial tcp 10.0.x.x:5000: no route to host
但我仍然在我的码头日志中得到以下内容:
level=fatal msg="open /certs/domain.crt: no such file or directory"
尝试执行推送后,在我现有的certs文件夹中创建了一个新的/ certs文件夹
EDIT3: 找到我的证书的正确目录(/ home / centos / certs / certs / *。)。我收到以下错误:
level=fatal msg="open /certs/domain.crt: permission denied
即使我执行了chmod -R 777和chown -R root:root
答案 0 :(得分:0)
您需要将证书放在此目录中。
/etc/docker/certs.d/<your-domain-name>:5000/ca.crt