1

我需要一些有关 Nginx 反向代理的帮助。

所以这里是细节:

  • Ubuntu 18.04
  • Docker 版本:19.03.6 API 版本:1.40 Go 版本:go1.12.17
  • JFrog Container Registry 许可证 7.15.3 修订版 7150390

我的 nginx 配置是:

ssl_protocols TLSv1 TLSv1.1 TLSv1.3;
ssl_certificate      /etc/nginx/ssl/server.crt;
ssl_certificate_key  /etc/nginx/ssl/server.key;

ssl_session_cache shared:SSL:50m;

server {
    listen 443 ssl;
    listen 80;

server_name jfrog.test.com;

if ($http_x_forwarded_proto = '') {
    set $http_x_forwarded_proto  $scheme;
}

rewrite ^/$ /ui/ redirect;
rewrite ^/ui$ /ui/ redirect;

chunked_transfer_encoding on;

client_max_body_size 0;

location / {
    proxy_read_timeout  2400s;
    proxy_pass_header   Server;
    proxy_cookie_path   ~*^/.* /;
    proxy_pass          http://10.2.11.16:8082;
    proxy_next_upstream error timeout non_idempotent;
    proxy_next_upstream_tries    1;
    proxy_set_header    X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
    proxy_set_header    X-Forwarded-Port  $server_port;
    proxy_set_header    X-Forwarded-Proto $http_x_forwarded_proto;
    proxy_set_header    Host              $http_host;
    proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;

    location ~ ^/v2/artifactory/ {
        rewrite ^/v2/artifactory/(.*)$ artifactory/$1 break;
        proxy_pass    http://10.2.11.16:8081;
    }
    location ~ ^/artifactory/ {
        proxy_pass    http://10.2.11.16:8081;
    }
}

}

当我使用JFrog nginx 配置守护进程时抱怨

2021-03-10T12:50:38.407Z [jfrt ] [ERROR] [882665a46c92de1a] [o.a.a.d.r.DockerResource:174  ] [http-nio-8081-exec-7] - Unsupported docker v2 repository request for 'artifactory'

因此,我在 nginx 配置中添加了一个额外的重写:

    location ~ ^/v2/artifactory/ {
        rewrite ^/v2/artifactory/(.*)$ artifactory/$1 break;
        proxy_pass    http://10.2.11.16:8081;
    }

现在,路径是对齐的,但是当我尝试时:

docker push jfrog.test.com/artifactory/hello-world

它返回:

The push refers to repository [jfrog.test.com/artifactory/hello-world] 9c27e219663c: 
Preparing  
error parsing HTTP 405 response body: unexpected end of JSON input: ""

神器日志 说:

2021-03-10T13:20:35.332Z [46f6415908bc558e] [DENIED LOGIN]   for client : NA / 10.2.11.16.
2021-03-10T13:20:35.332Z|46f6415908bc558e|10.2.11.16|non_authenticated_user|GET|/api/docker/v2/|401|-1|0|0|docker/19.03.6 go/go1.12.17 git-commit/369ce74a3c kernel/4.15.0-135-generic os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.6 \(linux\))
2021-03-10T13:20:35.349Z|dadd4307e7cb39e7|10.2.11.16|admin|GET|/api/docker/null/v2/token|200|-1|0|10|docker/19.03.6 go/go1.12.17 git-commit/369ce74a3c kernel/4.15.0-135-generic os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.6 \(linux\))
2021-03-10T13:20:35.358Z|bb625efa0fba4ea9|10.2.11.16|admin|HEAD|/hello-world/blobs/sha256:0e03bdcc26d7a9a57ef3b6f1bf1a210cff6239bff7c8cac72435984032851689|404|-1|0|4|docker/19.03.6 go/go1.12.17 git-commit/369ce74a3c kernel/4.15.0-135-generic os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.6 \(linux\))
2021-03-10T13:20:35.363Z|b843f95761b59008|10.2.11.16|admin|POST|/hello-world/blobs/uploads/|405|0|0|1|docker/19.03.6 go/go1.12.17 git-commit/369ce74a3c kernel/4.15.0-135-generic os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.6 \(linux\))

和 Docker 杂志说:

Mar 10 14:34:48 G3DevStipe dockerd[17411]: time="2021-03-10T14:34:48.994362310+01:00" level=debug msg="Calling HEAD /_ping"
Mar 10 14:34:48 G3DevStipe dockerd[17411]: time="2021-03-10T14:34:48.995750746+01:00" level=debug msg="Calling POST /v1.40/images/jfrog.test.com/artifactory/hello-world/push?tag="
Mar 10 14:34:48 G3DevStipe dockerd[17411]: time="2021-03-10T14:34:48.996549503+01:00" level=debug msg="Trying to push jfrog.test.com/artifactory/hello-world to https://jfrog.test.com v2"
Mar 10 14:34:49 G3DevStipe dockerd[17411]: time="2021-03-10T14:34:49.009195732+01:00" level=debug msg="Pushing repository: jfrog.test.com/artifactory/hello-world:latest"
Mar 10 14:34:49 G3DevStipe dockerd[17411]: time="2021-03-10T14:34:49.010344349+01:00" level=debug msg="Checking for presence of layer sha256:9c27e219663c25e0f28493790cc0b88bc973ba3b1686355f221c38a36978ac63 (sha256:0e03bdcc26d7a9a57ef3b6f1bf1a210cff6239bff7c8cac72435984032851689) in jfrog.test.com/artifactory/hello-world"
Mar 10 14:34:49 G3DevStipe dockerd[17411]: time="2021-03-10T14:34:49.066630837+01:00" level=debug msg="Pushing layer: sha256:9c27e219663c25e0f28493790cc0b88bc973ba3b1686355f221c38a36978ac63"
Mar 10 14:34:49 G3DevStipe dockerd[17411]: time="2021-03-10T14:34:49.071926888+01:00" level=error msg="Upload failed: error parsing HTTP 405 response body: unexpected end of JSON input: \"\""
Mar 10 14:34:49 G3DevStipe dockerd[17411]: time="2021-03-10T14:34:49.072066826+01:00" level=info msg="Attempting next endpoint for push after error: error parsing HTTP 405 response body: unexpected end of JSON input: \"\""

所以当我尝试 CURL 时:

 curl -uadmin:Q1w2e3r4 -k -XGET  "https://jfrog.test.com/artifactory/api/docker/null/v2/token?account=admin&scope=repository%3Aartifactory%2Fhello-world%3Apush%2Cpull&service=10.2.11.16%3A443"
{"token":"AKCp8ihL8PhbxX7ozLxEVrapsaYHqRmDgVrCTyhRTEbqdpWd1xgXX1pvPpfjLQhG7paztqMWB","expires_in":3600

和:

curl -uadmin:Q1w2e3r4 -k -XPOST "https://jfrog.test.com/artifactory/hello-world/blobs/uploads/"

Artifactory log 还说:

2021-03-10T13:49:18.538Z|e3b74859b8a17d2c|10.2.11.16|admin|POST|/hello-world/blobs/uploads/|405|-1|0|1|curl/7.58.0

总而言之,我想知道为什么我必须首先添加额外的重写规则,最后我在这里做错了什么。如果其他人有同样的情况,请给一些建议,因为我很困在这里。

谢谢

4

0 回答 0