我已关注this post尝试从AWS ECR下载Docker镜像但出现以下错误:
如果我这样做:
#!/bin/sh
repository="2xxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/nexus-pro"
tag="2.13.0-np-1.0"
ecr_token=$(aws ecr get-authorization-token --output text --query authorizationData[].authorizationToken | cut -d: -f2)
docker_login=$(echo "{\"username\":\"AWS\",\"password\":\"${ecr_token}\", \"auth\":\"\",\"email\":\"none\"}" | base64)
curl -X POST -d "" -H "X-Registry-Auth: ${docker_login}" http://${ip_address}:4243/images/create?fromImage=${repository}&tag=${tag_source}
然后我收到以下错误:
$ error parsing HTTP 403 response body: invalid character 'Y' looking for beginning of value: "Your Authorization Token has expired. Please run 'aws ecr get-login' to fetch a new one."
即使我只是“请求”了令牌。
如果我这样做:
#!/bin/sh
repository="2xxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/nexus-pro"
tag="2.13.0-np-1.0"
ecr_token=$(aws ecr get-login | awk '{print ($6)}')
docker_login=$(echo "{\"username\":\"AWS\",\"password\":\"${ecr_token}\", \"auth\":\"\",\"email\":\"none\"}" | base64)
curl -X POST -d "" -H "X-Registry-Auth: ${docker_login}" http://${ip_address}:4243/images/create?fromImage=${repository}&tag=${tag_source}
我收到以下错误:
$ error parsing HTTP 404 response body: invalid character 'p' after top-level value: "404 page not found\n"
图像在ECR上,如果我执行docker login ...然后docker pull 2xxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/nexus-pro:2.13.0-np-1.0
我不确定我在这里做错了什么..非常感谢任何帮助!
答案 0 :(得分:1)
仅基于HTTPS支持基本身份验证。当通过HTTP推送/拉动注册表时,docker客户端不会发送基本的auth头。这是通过设计来完成的,以防止人们通过不安全的渠道发送他们的凭证。使用SSL应该摆脱这个问题。
尝试使用以下内容:
https://${ip_address}:4243/images/create?fromImage=${repository}&tag=${tag_source}
或者为您提取图像的实例启用SSL证书。这可能对你有所帮助。 http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html