1panel 拉取 docker 镜像错误
问题
启动失败: node Pulling node Error Get "https://registry-1.docker.io/v2/": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers) Error response from daemon: Get "https://registry-1.docker.io/v2/": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
分析问题
很显然是无法访问 docker api 那么首先,用 curl 获取更多完整的信息
root@ser6658919242032:~/.ssh# curl -v https://registry-1.docker.io/v2/ * Trying 31.13.86.21:443... * Connected to registry-1.docker.io (31.13.86.21) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: /etc/ssl/certs * TLSv1.0 (OUT), TLS header, Certificate Status (22): * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS header, Finished (20): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.2 (OUT), TLS header, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS header, Supplemental data (23): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256 * ALPN, server accepted to use h2 * Server certificate: * subject: C=US; ST=California; L=Menlo Park; O=Meta Platforms, Inc.; CN=*.facebook.com * start date: Jul 24 00:00:00 2024 GMT * expire date: Oct 22 23:59:59 2024 GMT * subjectAltName does not match registry-1.docker.io * SSL: no alternative certificate subject name matches target host name 'registry-1.docker.io' * Closing connection 0 * TLSv1.2 (OUT), TLS header, Supplemental data (23): * TLSv1.3 (OUT), TLS alert, close notify (256): curl: (60) SSL: no alternative certificate subject name matches target host name 'registry-1.docker.io' More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.
根据返回结果,问题在于 SSL 证书的验证失败。
详细分析来看,curl 连接到了 registry-1.docker.io 这个域名,但返回的证书是与 *.facebook.com 相关联的,说明可能在域名解析时出现了问题。
解决
临时修改
通过 工具箱 -> DNS -> 全部配置
将
nameserver 127.0.0.53
修改为
nameserver 8.8.8.8 nameserver 1.1.1.1 nameserver 127.0.0.53
永久修改
通过修改 systemd-resolved 的配置文件
systemd-resolved 是现代 Linux 系统中管理 DNS 解析的守护进程。要永久设置 DNS,你需要修改其配置文件。
步骤 1:编辑 /etc/systemd/resolved.conf
使用编辑器打开 resolved.conf 文件:
sudo vim /etc/systemd/resolved.conf
找到 DNS= 和 FallbackDNS= 行,并设置你想要的 DNS 服务器。例如,使用 Google 和 Cloudflare 的 DNS:
[Resolve] DNS=8.8.8.8 1.1.1.1 FallbackDNS=8.8.4.4 1.0.0.1
你可以根据需要修改这些 DNS 服务器地址。DNS 是主要使用的服务器,FallbackDNS 是在主要 DNS 服务器不可用时的备用服务器。
步骤 2:重启 systemd-resolved 服务
保存文件后,重启 systemd-resolved 以应用更改:
sudo systemctl restart systemd-resolved
步骤 3:确保 resolv.conf 链接到 systemd-resolved
确保 /etc/resolv.conf 文件是指向 systemd-resolved 管理的文件。你可以使用以下命令重新创建正确的符号链接:
sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
这个文件应该会自动包含你在 resolved.conf 中设置的 DNS 服务器。
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· DeepSeek 开源周回顾「GitHub 热点速览」
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
· AI与.NET技术实操系列(二):开始使用ML.NET
· 单线程的Redis速度为什么快?