Artifactory 上的 Docker 注册表 - 登录失败
·
问题:Artifactory 上的 Docker 注册表 - 登录失败
我正在尝试在工件(版本 5.4.6)上设置 docker 注册表。我有服务在 NGINX 后面工作,如https://www.jfrog.com/confluence/display/RTF/Getting+Started+with+Artifactory+as+a+Docker+Registry中所述。
我配置了一个带有多个存储库的 docker 注册表。所有存储库都使用 API 版本:V2。
我遵循子域方法:https://www.jfrog.com/confluence/display/RTF/Getting+Started+with+Artifactory+as+a+Docker+Registry#GettingStartedwithArtifactoryasaDockerRegistry-TheSubdomainMethod。
我不能登入:
$ docker -D login docker-local.artifactory.example.com
Username: admin
Password:
Error response from daemon: Login: {
"errors" : [ {
"status" : 404,
"message" : "Not Found"
} ] } (Code: 404; Headers: map[Date:[Tue, 19 Sep 2017 16:56:56 GMT] Content-Type:[application/json;charset=ISO-8859-1] Content-Length:[74] Server:[Artifactory/5.4.6] X-Artifactory-Id:[f7687bf2b01c0581:a28d522:15e9afc2ee7:-8000]])
$ tail -f /opt/artifactory/logs/artifactory.log
2017-09-19 13:15:46,526 [http-nio-8081-exec-3] [WARN ] (o.a.w.s.RequestUtils:155) - Request /v2/ should be a repo request and does not match any repo key
2017-09-19 13:15:47,204 [http-nio-8081-exec-2] [WARN ] (o.a.w.s.RequestUtils:155) - Request /v2/ should be a repo request and does not match any repo key
2017-09-19 13:15:47,873 [http-nio-8081-exec-7] [WARN ] (o.a.w.s.RequestUtils:155) - Request /v1/users/ should be a repo request and does not match any repo key
最初测试:
$ curl -I -k -v https://docker-local.artifactory.example.com
* Rebuilt URL to: https://docker-local.artifactory.example.com/
* Trying 10.145.77.66...
* TCP_NODELAY set
* Connected to docker-local.artifactory.example.com (10.145.77.66) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=PL; ST=Poland; L=Warsaw; O=Project YELLOW; OU=Test; CN=*.artifactory.example.com; emailAddress=k.marek@example.com
* start date: Sep 19 11:37:53 2017 GMT
* expire date: Sep 19 11:37:53 2018 GMT
* issuer: C=PL; ST=Poland; L=Warsaw; O=Project YELLOW; OU=Test; CN=*.artifactory.example.com; emailAddress=k.marek@example.com
* SSL certificate verify ok.
> HEAD / HTTP/1.1
> Host: docker-local.artifactory.example.com
> User-Agent: curl/7.52.1
> Accept: */*
>
< HTTP/1.1 302 Moved Temporarily
HTTP/1.1 302 Moved Temporarily
< Server: nginx/1.10.3 (Ubuntu)
Server: nginx/1.10.3 (Ubuntu)
< Date: Tue, 19 Sep 2017 17:20:31 GMT
Date: Tue, 19 Sep 2017 17:20:31 GMT
< Content-Type: text/html
Content-Type: text/html
< Content-Length: 170
Content-Length: 170
< Location: https://docker-local.artifactory.example.com/webapp/
Location: https://docker-local.artifactory.example.com/webapp/
< Connection: keep-alive
Connection: keep-alive
<
* Curl_http_done: called premature == 0
* Connection #0 to host docker-local.artifactory.example.com left intact
我的码头工人:
$ docker version
Client:
Version: 1.12.6
API version: 1.24
Go version: go1.7.4
Git commit: 78d1802
Built: Tue Mar 14 09:47:15 2017
OS/Arch: linux/amd64
Server:
Version: 1.12.6
API version: 1.24
Go version: go1.7.4
Git commit: 78d1802
Built: Tue Mar 14 09:47:15 2017
OS/Arch: linux/amd64
NGINX:
###########################################################
## this configuration was generated by JFrog Artifactory ##
###########################################################
## add ssl entries when https has been set in config
ssl_certificate /etc/ssl/certs/apache-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/apache-selfsigned.key;
ssl_session_cache shared:SSL:1m;
ssl_prefer_server_ciphers on;
## server configuration
server {
listen 443 ssl;
listen 80 ;
server_name ~(?<repo>.+)\.artifactory.example.com artifactory.example.com;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
## Application specific logs
## access_log /var/log/nginx/artifactory.example.com-access.log timing;
## error_log /var/log/nginx/artifactory.example.com-error.log;
rewrite ^/$ /webapp/ redirect;
rewrite ^//?(/webapp)?$ /webapp/ redirect;
rewrite ^/(v1|v2)/(.*) /api/docker/$repo/$1/$2;
chunked_transfer_encoding on;
client_max_body_size 0;
location / {
proxy_read_timeout 900;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
if ( $request_uri ~ ^/(.*)$ ) {
proxy_pass http://localhost:8081/artifactory/$1;
}
proxy_pass http://localhost:8081/artifactory/;
proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
我错过了什么?请帮忙
解答
由于用于确保 NGINX 不解码某些字符的机制,子域方法存在一个已知问题 (RTFACT-13862)。这种机制会阻止 Docker 调用正确地发送到上游。您可以通过删除以下三行轻松解决此问题:
if ( $request_uri ~ ^/(.*)$ ) {
proxy_pass http://localhost:8081/artifactory/$1;
}
该片段的主要原因是 NPM 包使用了编码的正斜杠 (%2f),NGINX 会将其解码为简单的正斜杠(从而导致不同的请求),但是您使用的 Artifatory 版本可以根据上下文知道它何时应该将解码的斜杠视为编码的斜杠,因此您不太可能需要它。
开发云社区提供前沿行业资讯和优质的学习知识,同时提供优质稳定、价格优惠的云主机、数据库、网络、云储存等云服务产品
更多推荐
0
0- 0
已为社区贡献15556条内容
所有评论(0)