我目前正在尝试将 nexus 托管为组织内 docker 镜像的私有注册表。我的 nginx 配置如下。
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
server {
listen 6666; ### Docker Hosted Repo HTTPS port
server_name server408.int.org.com; ### Nexus Server
keepalive_timeout 60;
ssl on;
ssl_certificate /etc/ssl/certs/clsanexus.crt;
ssl_certificate_key /etc/ssl/certs/clsanexus.key;
ssl_ciphers HIGH:!kEDH:!ADH:!MD5:@STRENGTH;
ssl_session_cache shared:TLSSSL:16m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
client_max_body_size 0;
chunked_transfer_encoding on;
location /v2/ {
if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
return 404;
}
error_log /var/log/nginx/error.log debug;
access_log /var/log/nginx/docker.log;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
proxy_pass http://server408.int.org.com:4444/;
proxy_read_timeout 900;
}
location / {
error_log /var/log/nginx/error.log debug;
access_log /var/log/nginx/docker.log;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
proxy_pass http://server408.int.org.com:4444/;
proxy_read_timeout 90;
}
}
已在 nexus 中配置了托管的 docker repo(运行在端口 4444 上),并使用 https 端口 6666。
目前我们可以登录到docker registry。
[dockertest@vserver446 ~]$ docker login -u admin -p admin123 server408.int.org.com:6666 登录成功
但是,当我们尝试将标记的图像推送到 nexus 托管的 docker 注册表时,它会抛出 400 Bad Request 错误。
[dockertest@server446 ~]$ docker push server408.int.org.com:6666/alpine
The push refers to a repository [server408.int.org.com:6666/alpine]
3fb66f713c9f: Preparing
error parsing HTTP 400 response body: invalid character '<' looking for beginning of value: "\n<!DOCTYPE html>\n<html>\n<head>\n <title>400 - Nexus Repository Manager</title>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\"/>\n\n\n <!--[if lt IE 9]>\n <script>(new Image).src=\"https://server408.int.org.com:6666/favicon.ico?3.2.1-01\"</script>\n <![endif]-->\n <link rel=\"icon\" type=\"image/png\" href=\"https://vklnld908.int.clsa.com:6666/favicon-32x32.png?3.2.1-01\" sizes=\"32x32\">\n <link rel=\"mask-icon\" href=\"https://server408.int.org.com:6666/safari-pinned-tab.svg?3.2.1-01\" color=\"#5bbad5\">\n <link rel=\"icon\" type=\"image/png\" href=\"https://server408.int.org.com:6666/favicon-16x16.png?3.2.1-01\" sizes=\"16x16\">\n <link rel=\"shortcut icon\" href=\"https://server408.int.org.com:6666/favicon.ico?3.2.1-01\">\n <meta name=\"msapplication-TileImage\" content=\"https://server408.int.org.com:6666/mstile-144x144.png?3.2.1-01\">\n <meta name=\"msapplication-TileColor\" content=\"#00a300\">\n\n <link rel=\"stylesheet\" type=\"text/css\" href=\"https://vklnld908.int.clsa.com:6666/static/css/nexus-content.css?3.2.1-01\"/>\n</head>\n<body>\n<div class=\"nexus-header\">\n <a href=\"https://server408.int.org.com:6666\">\n <div class=\"product-logo\">\n <img src=\"https://server408.int.org.com:6666/static/images/nexus.png?3.2.1-01\"/>\n </div>\n <div class=\"product-id\">\n <div class=\"product-id__line-1\">\n <span class=\"product-name\">Nexus Repository Manager</span>\n </div>\n <div class=\"product-id__line-2\">\n <span class=\"product-spec\">OSS 3.2.1-01</span>\n </div>\n </div>\n </a>\n</div>\n\n<div class=\"nexus-body\">\n <div class=\"content-header\">\n <img src=\"https://server408.int.org.com:6666/static/rapture/resources/icons/x32/exclamation.png?3.2.1-01\"/>\n <span class=\"title\">Error 400</span>\n <span class=\"description\">Bad Request</span>\n </div>\n <div class=\"content-body\">\n <div class=\"content-section\">\n HTTP method POST is not supported by this URL\n </div>\n </div>\n</div>\n</body>\n</html>\n\n"
我是否缺少一些重要的 nginx 配置?或者我的请求格式是否不正确。
答案1
您必须修改 NGNIX 配置以分离 GET 和其他 HTTP 调用。GET 命令针对“组”运行,而所有其他 HTTP 调用(例如 Post)针对“存储库”运行。
if ($request_method !~* GET) {
proxy_pass http[s]://<nexus-host>:<port-for-repo>;
}
if ($request_method = GET) {
proxy_pass http[s]://<nexus-host>:<port-for-group-or-proxy>;
}
查看Nexus 参考。