如何在ubuntu.18.04中使用letencrypt运行docker私有注册表

时间:2018-10-23 02:10:15

标签: docker lets-encrypt

我正在尝试在服务器上运行docker私有注册表。 我正在为此服务器和测试客户端设置的版本运行Docker版本18.06.1-ce e68fc7a。

(注意:在下面的所有代码中,我都用my.domain.com替换了真实域)

从点点滴滴的博客中,我现在用于注册表的config.yml如下。

version: 0.1
log:
  fields:
    service: registry
storage:
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000
  host: https://my.domain.com
  headers:
    X-Content-Type-Options: [nosniff]
  tls:
    letsencrypt:
      cachefile: /etc/docker/registry/letsencrypt.json
      email: me@my.domain.com
auth:
  htpasswd:
    realm: basic-realm
    path: /etc/docker/registry/htpasswd
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3

我使用以下命令运行注册表容器:

#!/bin/bash

docker run -d -p 5000:5000 \
-p 443:5000 \
--name test-registry \
-v /var/lib/docker/registry:/var/lib/registry \
-v /etc/docker/registry/config.yml:/etc/docker/registry/config.yml \
registry:2

启动时日志显示以下内容:

docker logs -f docker-registry
time="2018-10-23T01:56:51Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable." go.version=go1.7.6 instance.id=82c8a49d-58d2-4429-b8c2-fa67f3d64617 version=v2.6.2
time="2018-10-23T01:56:51Z" level=info msg="redis not configured" go.version=go1.7.6 instance.id=82c8a49d-58d2-4429-b8c2-fa67f3d64617 version=v2.6.2
time="2018-10-23T01:56:51Z" level=info msg="Starting upload purge in 37m0s" go.version=go1.7.6 instance.id=82c8a49d-58d2-4429-b8c2-fa67f3d64617 version=v2.6.2
time="2018-10-23T01:56:51Z" level=info msg="using inmemory blob descriptor cache" go.version=go1.7.6 instance.id=82c8a49d-58d2-4429-b8c2-fa67f3d64617 version=v2.6.2
2018/10/23 01:56:51 [INFO] acme: Registering account for me@my.domain.com
time="2018-10-23T01:56:52Z" level=info msg="listening on [::]:5000, tls" go.version=go1.7.6 instance.id=82c8a49d-58d2-4429-b8c2-fa67f3d64617 version=v2.6.2

当我从外部访问它时,我将其添加到日志中:

2018/10/23 01:59:56 [INFO][my.domain.com] acme: Obtaining bundled SAN certificate
2018/10/23 01:59:56 [INFO][my.domain.com] acme: Could not find solver for: http-01
2018/10/23 01:59:56 [INFO][my.domain.com] acme: Could not find solver for: tls-alpn-01
2018/10/23 01:59:56 [INFO][my.domain.com] acme: Could not find solver for: dns-01
2018/10/23 01:59:56 http: TLS handshake error from 70.36.174.194:43028: map[my.domain.com:[my.doman.com] acme: Could not determine solvers]

我看过很多帖子,表明letencrypt不再支持某些挑战方法,还有很多关于类似问题的帖子。还有许多过时的错误报告。在最新的docker文档中,我没有看到有关为letencrypt选择或启用禁用挑战类型的信息。

我正在寻找一种方法来使它工作。

0 个答案:

没有答案
相关问题
最新问题