Traefik和https私有存储库 - tls错误

时间:2018-05-13 16:50:47

标签: docker ssl traefik

我正在尝试在我的docker swarm上部署一个私有存储库。 我正在关注official docker repository guide将其部署为服务。我希望能够使用https,从外部使用简单的网址https://myregistry.mysite.com

为此,我在堆栈yml文件中使用以下traefik标签:

traefik.backend: "privateregistry"
traefik.docker.network: "webgateway" # docker overlay external
traefik.enable: "true"
traefik.frontend.entryPoint: "https"
traefik.frontend.redirect.entryPoint: "https"
traefik.frontend.rule: "Host:myregistry.mysite.com"
traefik.port: "5000"

我在traefik UI中看到了我的两个前端/后端但是当我访问https://myregistry.mysite.com/v2/时(例如)我有500个致命错误。服务日志输出是 http: TLS handshake error from 10.0.0.68:47796: tls: first record does not look like a TLS handshake

我认为我误解了某些东西,可能是证书方。

任何想法都没有错误吗?

由于

1 个答案:

答案 0 :(得分:2)

我想您在客户端计算机上缺少(registry-)服务器的证书。我假设您有两个证书文件(在服务器上使用):

  • myregistry.mysite.com.key
  • myregistry.mysite.com.crt

将客户端计算机上的/etc/docker/certs.d/myregistry.mysite.com/ca.crt复制到Linux上的~/.docker/certs.d/myregistry.mysite.com/ca.crt或 在Mac上为docker login myregistry.mysite.com 。现在您应该可以从客户端登录了:

~/certs/myregistry.mysite.com.crt
~/certs/myregistry.mysite.com.key
~/docker-compose.yml
~/traefik.toml

附录-服务器设置

您的服务器设置可能如下所示:

version: '3'

services:
  frontproxy:
    image: traefik
    command: --api --docker --docker.swarmmode
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./certs:/etc/ssl:ro
      - ./traefik.toml:/etc/traefik/traefik.toml:ro
      - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
  docker-registry:
    image: registry:2
    deploy:
      labels:
        - traefik.port=5000 # default port exposed by the registry
        - traefik.frontend.rule=Host:myregistry.mysite.com

docker-compose.yml 

defaultEntryPoints = ["http", "https"]

# Redirect HTTP to HTTPS and use certificate, see https://docs.traefik.io/configuration/entrypoints/
[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]
      [[entryPoints.https.tls.certificates]]
      certFile = "/etc/ssl/myregistry.mysite.com.crt"
      keyFile = "/etc/ssl/myregistry.mysite.com.key"

# Docker Swarm Mode Provider, see https://docs.traefik.io/configuration/backends/docker/#docker-swarm-mode
[docker]
endpoint = "tcp://127.0.0.1:2375"
domain = "docker.localhost"
watch = true
swarmMode = true

traefik.toml 

docker stack deploy myregistry -c ~/docker-compose.yml

要部署注册表,请运行:

count(distinct)
相关问题
最新问题