БЛОГ НА HUSL


Как залогиниться в Docker Registry?

Автор вопроса: Stefan Swarovski

Всем привет!

Есть сервер гитлаб по адресу 192.168.0.26:8086 на котором установлен докер регистри на порту 5050 Доменное имя для админки гитлаба: "domen1.com" и доменное имя для докер регистри: "domen2.com" Прокси сервер nginx, который перенаправляет запросы на соответствующие ресурсы в зависимости от указанного домена

При попытке залогиниться выходит такая ошибки:

root@k8s-master1:~# echo "парольТут" | docker login --username ЛогинТут --password-stdin 192.168.0.26:5050
Error response from daemon: Get "http://192.168.0.26:5050/v2/": Get "https://domen1.com/jwt/auth?account=ЛогинТут&client_id=docker&offline_token=true&service=container_registry": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers) (Client.Timeout exceeded while awaiting headers

root@k8s-master1:~# docker login domen2.com
Username: ЛогинТут
Password:
Error response from daemon: Get "https://domen2.com/v2/": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

curl показывает это:

root@k8s-master1:~# curl -v http://192.168.0.26:5050/v2/
*   Trying 192.168.0.26:5050...
* Connected to 192.168.0.26 (192.168.0.26) port 5050 (#0)
> GET /v2/ HTTP/1.1
> Host: 192.168.0.26:5050
> User-Agent: curl/7.81.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 401 Unauthorized
< Server: nginx
< Date: Mon, 15 Jul 2024 11:18:21 GMT
< Content-Type: application/json
< Content-Length: 87
< Connection: keep-alive
< Docker-Distribution-Api-Version: registry/2.0
< Www-Authenticate: Bearer realm="https://domen1.com/jwt/auth",service="container_registry"
< X-Content-Type-Options: nosniff
<
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":null}]}
* Connection #0 to host 192.168.0.26 left intact

nginx прокси сервера такой (он же k8s-master1) :

############################################################################
server {
    listen 8080;
    server_name domen1.com www.domen1.com;
    return 301 https://$host$request_uri;
}

server {
    listen 8443 ssl;
    server_name domen1.com www.domen1.com;
    ssl_certificate /etc/letsencrypt/live/domen1.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domen1.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass http://192.168.0.26:8086; <----------проксирую на админку гитлаба
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}
############################################################################
server {
    listen 8080;
    server_name domen2.com www.domen2.com;
    return 301 https://$host$request_uri;
}

server {
    listen 8443 ssl;
    server_name domen2.com www.domen2.com;

    ssl_certificate /etc/letsencrypt/live/domen2.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domen2.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass http://192.168.0.26:5050; <-----------------проксирую на регистри гитлаба
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

############################################################################

Конфиг gitlab.rb такой:

external_url 'https://domen1.com'
 registry_external_url 'https://domen2.com'
 gitlab_rails['registry_enabled'] = true
 registry['enable'] = true
 nginx['enable'] = true
 nginx['client_max_body_size'] = '20000m'
 nginx['listen_https'] = false
 registry_nginx['enable'] = false

registry_nginx['proxy_set_headers'] = {
 "Host" => "$http_host",
 "X-Real-IP" => "$remote_addr",
 "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
 "X-Forwarded-Proto" => "https",
 "X-Forwarded-Ssl" => "on"
}
registry_nginx['listen_https'] = false
 registry_nginx['listen_port'] = 5050

docker daemon.json такой:

{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "insecure-registries": ["192.168.0.26:5050"],
  "storage-driver": "overlay2"
}

Использую два домена из -за того что провайдер не дает ipv6 и я не могу указать поддомен. Все происходит за одним роутером с одним белый айпи, к которому привязаны два домена.


Источник

Ответы (0 шт):

licensed under cc by-sa 3.0 with attribution.