我有一个本地docker存储库和一个远程docker存储库,我创建了一个结合两者的虚拟docker存储库。为了从客户端访问此存储库,是否还需要将其添加到反向代理?
这是当前的反向代理配置
upstream artifactory_lb {
server myserver.mycompany.com:8081 backup;
server myserver.mycompany.com:8081;
}
log_format upstreamlog '[$time_local] $remote_addr - $remote_user - $server_name to: $upstream_addr: $request upstream_response_time $upstream_response_time msec $msec request_time $request_time';
ssl_certificate /etc/nginx/ssl/multidomain_cert_files/mycert.pem;
ssl_certificate_key /etc/nginx/ssl/multidomain_cert_files/mykey.key;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4';
ssl_session_cache shared:SSL:10m;
server {
listen 80;
listen 443 ssl;
client_max_body_size 2048M;
location / {
proxy_set_header Host $host;
proxy_pass http://artifactory_lb;
proxy_read_timeout 90;
}
access_log /var/log/nginx/access.log upstreamlog;
location /basic_status {
stub_status on;
allow all;
}
}
# Server configuration
server {
listen 2222 ssl;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
rewrite ^/(v1|v2)/(.*) /api/docker/myrepo_images/$1/$2;
client_max_body_size 0;
chunked_transfer_encoding on;
location / {
allow all;s
proxy_read_timeout 900;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://artifactory_lb/artifactory/;
}
}
答案 0 :(得分:1)
是即可。 Docker注册表仅由其主机名引用。这意味着您在反向代理中需要两个具有不同主机名的虚拟主机(使用server_name directive),映射到不同的Artifactory存储库。
以下示例配置(缩短)应该可以解决问题:
server {
listen 2222 ssl;
server_name local-repo.my-artifactory.com;
rewrite ^/(v1|v2)/(.*) /api/docker/myrepo_images/$1/$2;
# <insert remaining configuration directives here>
}
server {
listen 2222 ssl;
server_name virtual-repo.my-artifactory.com;
rewrite ^/(v1|v2)/(.*) /api/docker/myrepo_virtual/$1/$2;
# <insert remaining configuration directives here>
}
现在,您应该能够使用常规docker命令访问这两个注册表:
$ docker pull virtual-repo.my-artifactory.com:2222/foo/bar:latest
$ docker pull local-repo.my-artifactory.com:2222/foo/bar:latest
$ docker push local-repo.my-artifactory.com:2222/foo/bar:latest