我正在使用以下版本的公司代理运行docker:
Client: Docker Engine - Community
Version: 19.03.2
API version: 1.40
Go version: go1.12.8
Git commit: 6a30dfc
Built: Thu Aug 29 05:29:11 2019
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.2
API version: 1.40 (minimum version 1.12)
Go version: go1.12.8
Git commit: 6a30dfc
Built: Thu Aug 29 05:27:45 2019
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.6
GitCommit: 894b81a4b802e4eb2a91d1ce216b8817763c29fb
runc:
Version: 1.0.0-rc8
GitCommit: 425e105d5a03fabd737a126ad93d62a9eeede87f
docker-init:
Version: 0.18.0
GitCommit: fec3683
在Ubuntu 18.04服务器上。
我已经正确配置了代理,码头工人似乎正在使用它。但是,任何docker login
或docker pull hello-world
调用都会导致Error response from daemon: Get https://registry-1.docker.io/v2/: remote error: tls: handshake failure
。
我已经将企业根证书安装到本地信任存储中,并且在运行时似乎可以正常运行,如以下openssl输出所示:
openssl s_client -proxy proxy:3128 -connect registry-1.docker.io:443 -showcerts
修订证书
No client certificate CA names sent
Peer signing digest: SHA512
Peer signature type: RSA
Server Temp Key: DH, 1024 bits
---
SSL handshake has read 6586 bytes and written 546 bytes
Verification: OK
---
New, TLSv1.2, Cipher is DHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : DHE-RSA-AES256-GCM-SHA384
Session-ID: 7D9CA79CAB0343D8F2B4B2288FCF0CC98721AC07C0FCBAB39BC6E344E5C1E658
Session-ID-ctx:
Master-Key: E841987D8259CD5BB07C5BE4918A64BA10B9D5DE49352A2367B7AE00F4A482205E6ED7C1C8ECAB56D136C54FD943049F
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1568137963
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
任何人都可能导致此问题的原因是什么
答案 0 :(得分:0)
我也一直在使用docker:dind对此进行挣扎,并在此处https://discourse.drone.io/t/docker-dind-image-behind-a-proxy/7833
进行发布。我刚刚发现的是,如果我使用docker:18.06.0-dind,那么它将起作用。我认为也许更高版本的docker使用的是您的代理不支持的tls密码。这个人谈论这个https://github.com/docker/for-win/issues/2922#issuecomment-444431310
通过将使用代理的tls指向https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html
,可以获取有关代理tls的信息我将尝试对代理(鱿鱼)进行分类,因此如果我愿意的话,它将支持docker 19。
更多信息:
此处https://github.com/docker/for-linux/issues/487
此处https://forums.docker.com/t/docker-behing-transparent-proxy-and-intermediate-cert/74860/4