1
我遵循docker manuals設置私人註冊表,並獲得Let's Encrypt證書。這是我的搬運工,compose.yml:私人碼頭註冊表工作在捲曲,但不是在碼頭:X509:由未知權力機構簽署的證書
version: '2'
services:
registry:
restart: always
image: registry:2.3.1
ports:
- 5000:5000
environment:
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/live/git.xxxx.com/fullchain.pem
REGISTRY_HTTP_TLS_KEY: /certs/live/git.xxxx.com/privkey.pem
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
volumes:
- ./data:/var/lib/registry
- /etc/letsencrypt:/certs
- ./auth:/auth
這是我的curl命令和結果:
curl https://git.xxxx.com:5000/v2/
<htpassword auth succeeds>
{}
而且鉻/火狐是綠色的,可以在沒有證書的錯誤達到這一點。 但碼頭登錄保持失敗。
docker login https://git.xxxx.com:5000/v2/
Username: raarts
Password:
Email:
Error response from daemon: invalid registry endpoint https://git.xxxx.com:5000/v2/: Get https://git.xxxx.com:5000/v2/: x509: certificate signed by unknown authority. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry git.xxxx.com:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/git.xxxx.com:5000/ca.crt
使用泊塢窗1.10.3