Nginx反向代理Docker私有仓库

 

有问题去官网看文档!有问题去官网看文档!有问题去官网看文档! 重要的事情说三遍!!

 

为啥啊这么说呢?是因为别人经验真的不适合你,,亲身体验啊!

起因是本人在阿里云服务器上使用docker镜像部署本仓库,想着使用nginx反向代理到二级目录下(因为ssl证书只在主域名下,当时申请ssl证书时候傻了没注意)

nginx代理私有仓库的时候总是404,就百度了很多帖子博客都是大同小异,有的也很接近正确答案,但就是不成功!!也有可能是本人不精通nginx吧。总之磨磨唧唧一天没弄成!!

于是就去了docker官网找了找文档,,没想到啊没想到,仅仅半小时就解决了!!

 

官网:https://docs.docker.com/registry/recipes/nginx/  使用Nginx作为身份验证代理

本人nginx.conf配置文件,供参考:

 1 upstream my_docker_registry  {
 2     server 你的服务器IP:5000; # 本地仓库容器映射导docker宿主机上的端口
 3 }
 4 
 5   ## Set a variable to help us decide if we need to add the
 6   ## 'Docker-Distribution-Api-Version' header.
 7   ## The registry always sets this header.
 8   ## In the case of nginx performing auth, the header is unset
 9   ## since nginx is auth-ing before proxying.
10 map $upstream_http_docker_distribution_api_version $docker_distribution_api_version {
11    '' 'registry/2.0';
12 }
13 
14 server {
15     listen    80;       #侦听80端口,如果强制所有的访问都必须是HTTPs的,这行需要注销掉
16     listen    443 ssl;
17     server_name  你的域名;   #域名
18 
19     # 增加ssl
20     # ssl on;        #如果强制HTTPs访问,这行要打开
21     ssl_certificate       /etc/nginx/ssl/你的ssl证书.pem;   #这个目录不要照抄
22     ssl_certificate_key   /etc/nginx/ssl/你的ssl证书.key;
23 
24     ssl_session_cache    shared:SSL:1m;
25     ssl_session_timeout  5m;
26 
27     # 指定密码为openssl支持的格式
28     ssl_protocols  SSLv2 SSLv3 TLSv1.2;
29 
30     ssl_ciphers  HIGH:!aNULL:!MD5;   # 密码加密方式
31     ssl_prefer_server_ciphers  on;   # 依赖SSLv3和TLSv1协议的服务器密码将优先于客户端密码
32 
33     # 定义首页索引目录和名称
34     location / {
35       root   /usr/share/nginx/html;    #你的网站根目录
36       index  index.html index.htm;
37     }
38 
39     client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads
40 
41     # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
42     chunked_transfer_encoding on;
43 
44     # Docker私有仓库二级目录
45     location /registry/ {
46         # Do not allow connections from docker 1.5 and earlier
47         # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
48         if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
49             return 404;
50         }
51 
52         # To add basic authentication to v2 use auth_basic setting.
53         auth_basic "Registry realm";
54         # auth_basic_user_file /etc/nginx/conf.d/nginx.htpasswd;
55 
56         ## If $docker_distribution_api_version is empty, the header is not added.
57         ## See the map directive above where this variable is defined.
58         add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;
59 
60         proxy_pass                          http://my_docker_registry;
61         proxy_set_header  Host              $http_host;   # required for docker client's sake
62         proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
63         proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
64         proxy_set_header  X-Forwarded-Proto $scheme;
65         proxy_read_timeout                  900;
66     }
67 
68 }
docker-registry.conf

 

posted @ 2021-04-28 10:39  程序猿网友666  阅读(850)  评论(0编辑  收藏  举报