我正在尝试将Docker镜像推入Artifactory中新创建的docker repo。为此,我将图像标记如下,
updateloc(){
db_name=$1
file="file.xml"
olddb="<dbname><![CDATA[olddb]]></dbname>"
newddb="<dbname><![CDATA[$db_name]]></dbname>"
sed -i '' 's/$olddb/$newdb/g' $file
然后按下图像但出现以下错误
docker tag ubuntu mNginxLb.mycompany.com/artifactory/api/docker/<repo_key>
这是证书签名机构还是主机名解析的问题?我检查了其他存储库是否与SSL证书配合良好,所以我不确定问题是否是证书。 这是我的nginx conf:
docker push mNginxLb.mycompany.com/artifactory/api/docker/<repo_key>/ubuntu
The push refers to a repository [mNginxLb.mycompany.com/artifactory/api/docker/<repo_key>/ubuntu] (len: 1)
unable to ping registry endpoint https://mNginxLb.mycompany.com/v0/
v2 ping attempt failed with error: Get https://mNginxLb.mycompany.com/v2/: x509: certificate signed by unknown authority
v1 ping attempt failed with error: Get https://mNginxLb.mycompany.com/v1/_ping: x509: certificate signed by unknown authority
更新:
在CA将证书更新为一个之后,此错误消失了,尽管我仍然无法推送图像并获得403禁止错误。我使用的命令是
upstream artifactory_lb {
server mNginxLb.mycompany.com:8081;
server mNginxLb.mycompany.com backup;
}
log_format upstreamlog '[$time_local] $remote_addr - $remote_user - $server_name to: $upstream_addr: $request upstream_response_time $upstream_response_time msec $msec request_time $request_time';
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/my-certs/myCert.pem;
ssl_certificate_key /etc/nginx/ssl/my-certs/myserver.key;
client_max_body_size 2048M;
location / {
proxy_set_header Host $host:$server_port;
proxy_pass http://artifactory_lb;
proxy_read_timeout 90;
}
access_log /var/log/nginx/access.log upstreamlog;
location /basic_status {
stub_status on;
allow all;
}
}
# Server configuration
server {
listen 2222 ssl;
server_name mNginxLb.mycompany.com;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
rewrite ^/(v1|v2)/(.*) /api/docker/my_local_repo_key/$1/$2;
client_max_body_size 0;
chunked_transfer_encoding on;
location / {
proxy_read_timeout 900;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
proxy_pass http://artifactory_lb;
proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
docker客户端出现以下错误 虽然神器日志显示以下内容
docker push host:port/The push refers to a repository [host:port/image_name] (len: 1)
Sending image list
Error: Status 403 trying to push repository ubuntu: "<!DOCTYPE html><html><head><title>Apache Tomcat/8.0.22 - Error report</title><style type=\"text/css\">H1 {f
ont-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#5
25D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;c
olor:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;backgro
und:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}.line {height: 1px; background-color: #525D76; border: none;}</style> </head><bod
y><h1>HTTP Status 403 - </h1><div class=\"line\"></div><p><b>type</b> Status report</p><p><b>message</b> <u></u></p><p><b>description</b> <u>Access to the speci
fied resource has been forbidden.</u></p><hr class=\"line\"><h3>Apache Tomcat/8.0.22</h3></body></html>"image_name
答案 0 :(得分:2)
Docker将主机名后的所有内容视为存储库名称(可选择使用命名空间)和标记。 这意味着您只需要使用您分配的端口(2222)和主机名。 上下文路径将成为存储库名称。
在你的情况下应该是:
docker tag ubuntu mNginxLb.mycompany.com:2222/ubuntu
docker push mNginxLb.mycompany.com:2222/ubuntu
请注意,latest标记是隐式的。另一个例子可能是:
docker tag ubuntu:15.10 mNginxLb.mycompany.com:2222/ubuntu:15.10
答案 1 :(得分:0)
问题是我使用V1 docker API配置了artifactory但是试图推送支持v2 API的图像