1

我正在尝试创建一个本地 docker 存储库,我可以将图像推送到其中。为此,我完成了以下步骤

使用 SSL 配置 nginx 配置 nginx 以便它将 docker 本地 repo 与服务器名称绑定以下是我的 nginx 配置

upstream artifactory_lb {
        server myLb.company.com:8081;
        server myLb.company.com:8081 backup;
}

log_format upstreamlog '[$time_local] $remote_addr - $remote_user - $server_name  to: $upstream_addr: $request upstream_response_time $upstream_response_time msec $msec request_time $request_time';

server {
        listen 80;
        listen 443 ssl;

        ssl_certificate  /etc/nginx/ssl/my-certs/myCert.pem;
        ssl_certificate_key /etc/nginx/ssl/my-certs/myserver.key;
        client_max_body_size 2048M;
        location / {
                proxy_set_header Host $host:$server_port;
                proxy_pass http://artifactory_lb;
                proxy_read_timeout 90;
        }
        access_log /var/log/nginx/access.log upstreamlog;
        location /basic_status {
                stub_status on;
                allow all;
                }
}

# Server configuration

server {
    listen 2222 ssl;

    server_name myLb.company.com;
    if ($http_x_forwarded_proto = '') {
        set $http_x_forwarded_proto  $scheme;
    }

    rewrite ^/(v1|v2)/(.*) /api/docker/my_local_repo_key/$1/$2;
    client_max_body_size 0;
    chunked_transfer_encoding on;
    location / {
    proxy_read_timeout  900;
    proxy_pass_header   Server;
    proxy_cookie_path ~*^/.* /;
    proxy_pass         http://artifactory_lb;
    proxy_set_header   X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host;
    proxy_set_header    X-Forwarded-Port  $server_port;
    proxy_set_header    X-Forwarded-Proto $http_x_forwarded_proto;
    proxy_set_header    Host              $http_host;
    proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
    }
}

当我尝试推送 docker 映像时 -docker push https://myLb.comapny.com/docker/api/image_name我收到以下错误

v2 ping attempt failed with error: Get https://myLb.company.com/v2/: x509: certificate signed by unknown authority

注意:我确实检查了证书的权威性和工件工作中的其他存储库,没有任何问题

还在 /etc/docker/certs.d 和 etc/ssl/ca-certificates 和 usr/local/share/ca-certificates 下安装了证书

我错过了什么?

4

1 回答 1

0

您可能缺少 Nginx 配置中的证书链。

请参阅: http: //nginx.org/en/docs/http/configuring_https_servers.html#chains

您如何获得此链证书(中间证书)取决于您的证书颁发机构。您应该能够通过您的 CA 说明找到它。例如,对于 GoDaddy,说明会将您指向此存储库,您可以在其中找到中间证书链:https ://certs.godaddy.com/repository

于 2016-04-25T18:38:50.383 回答