我正在尝试在服务器上运行docker私有注册表。 我正在为此服务器和测试客户端设置的版本运行Docker版本18.06.1-ce e68fc7a。
(注意:在下面的所有代码中,我都用my.domain.com替换了真实域)
从点点滴滴的博客中,我现在用于注册表的config.yml如下。
version: 0.1
log:
fields:
service: registry
storage:
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
host: https://my.domain.com
headers:
X-Content-Type-Options: [nosniff]
tls:
letsencrypt:
cachefile: /etc/docker/registry/letsencrypt.json
email: me@my.domain.com
auth:
htpasswd:
realm: basic-realm
path: /etc/docker/registry/htpasswd
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
我使用以下命令运行注册表容器:
#!/bin/bash
docker run -d -p 5000:5000 \
-p 443:5000 \
--name test-registry \
-v /var/lib/docker/registry:/var/lib/registry \
-v /etc/docker/registry/config.yml:/etc/docker/registry/config.yml \
registry:2
启动时日志显示以下内容:
docker logs -f docker-registry
time="2018-10-23T01:56:51Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable." go.version=go1.7.6 instance.id=82c8a49d-58d2-4429-b8c2-fa67f3d64617 version=v2.6.2
time="2018-10-23T01:56:51Z" level=info msg="redis not configured" go.version=go1.7.6 instance.id=82c8a49d-58d2-4429-b8c2-fa67f3d64617 version=v2.6.2
time="2018-10-23T01:56:51Z" level=info msg="Starting upload purge in 37m0s" go.version=go1.7.6 instance.id=82c8a49d-58d2-4429-b8c2-fa67f3d64617 version=v2.6.2
time="2018-10-23T01:56:51Z" level=info msg="using inmemory blob descriptor cache" go.version=go1.7.6 instance.id=82c8a49d-58d2-4429-b8c2-fa67f3d64617 version=v2.6.2
2018/10/23 01:56:51 [INFO] acme: Registering account for me@my.domain.com
time="2018-10-23T01:56:52Z" level=info msg="listening on [::]:5000, tls" go.version=go1.7.6 instance.id=82c8a49d-58d2-4429-b8c2-fa67f3d64617 version=v2.6.2
当我从外部访问它时,我将其添加到日志中:
2018/10/23 01:59:56 [INFO][my.domain.com] acme: Obtaining bundled SAN certificate
2018/10/23 01:59:56 [INFO][my.domain.com] acme: Could not find solver for: http-01
2018/10/23 01:59:56 [INFO][my.domain.com] acme: Could not find solver for: tls-alpn-01
2018/10/23 01:59:56 [INFO][my.domain.com] acme: Could not find solver for: dns-01
2018/10/23 01:59:56 http: TLS handshake error from 70.36.174.194:43028: map[my.domain.com:[my.doman.com] acme: Could not determine solvers]
我看过很多帖子,表明letencrypt不再支持某些挑战方法,还有很多关于类似问题的帖子。还有许多过时的错误报告。在最新的docker文档中,我没有看到有关为letencrypt选择或启用禁用挑战类型的信息。
我正在寻找一种方法来使它工作。