我们正在尝试通过 nginx 反向代理让 nexus 充当 docker 镜像的私有注册表。我们可以执行所有操作,例如拉取、搜索和标记,但无法推送到 nexus 注册表。
以下是location块下的nginx配置。
location ~ ^/(v1|v2)/
{
access_log /var/log/nginx/docker.log;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
proxy_pass http://server908.int.org.com:5555;
proxy_read_timeout 90;
}
我们能够搜索并提取图像。
x.x.x.x - admin [23/Jun/2017:14:31:20 +0800] "GET /v1/search?q=fedora&n=25 HTTP/1.1" 200 3733 "-" "docker/1.12.6 go/go1.7.4 kernel/3.10.0-514.10.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.6 \x5C(linux\x5C))"
x.x.x.x - admin [23/Jun/2017:14:31:39 +0800] "GET /v2/fedora/apache/manifests/latest HTTP/1.1" 200 1362 "-" "docker/1.12.6 go/go1.7.4 kernel/3.10.0-514.10.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.6 \x5C(linux\x5C))"
x.x.x.x - admin [23/Jun/2017:14:31:40 +0800] "GET /v2/fedora/apache/manifests/sha256:8531786520bb57b155bbb39d3c670dceab554b9c4ccdb556ccfbe89b23df414c HTTP/1.1" 200 1362 "-" "docker/1.12.6 go/go1.7.4 kernel/3.10.0-514.10.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.6 \x5C(linux\x5C))"
x.x.x.x - admin [23/Jun/2017:14:31:40 +0800] "GET /v2/fedora/apache/blobs/sha256:c786010769a8fc7975e72c2b78f902425a6387fb5dda8852b3be2849e979e290 HTTP/1.1" 200 4094 "-" "docker/1.12.6 go/go1.7.4 kernel/3.10.0-514.10.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.6 \x5C(linux\x5C))"
x.x.x.x - admin [23/Jun/2017:14:31:40 +0800] "GET /v2/fedora/apache/blobs/sha256:4e81794d88f1b28cc1653df183400d08647143123a3f141fc8cab7cd97fc75e3 HTTP/1.1" 200 294 "-" "docker/1.12.6 go/go1.7.4 kernel/3.10.0-514.10.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.6 \x5C(linux\x5C))"
x.x.x.x - admin [23/Jun/2017:14:31:40 +0800] "GET /v2/fedora/apache/blobs/sha256:40da690b349860b5b2cf7cee231c21a04f1461a77ee542b77a2345412f521ae0 HTTP/1.1" 200 183 "-" "docker/1.12.6 go/go1.7.4 kernel/3.10.0-514.10.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.6 \x5C(linux\x5C))"
x.x.x.x - admin [23/Jun/2017:14:31:40 +0800] "GET /v2/fedora/apache/blobs/sha256:ebb42f0b0e1ad2d2ae815a6615b95bb59b925710df3db4b8fdb2f9fdaa14a806 HTTP/1.1" 200 294 "-" "docker/1.12.6 go/go1.7.4 kernel/3.10.0-514.10.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.6 \x5C(linux\x5C))"
x.x.x.x - admin [23/Jun/2017:14:31:42 +0800] "GET /v2/fedora/apache/blobs/sha256:8eea4f8b1da3e8c0848778a69e4ee73ad474a7be35fcc5ce7784a0b64ce711a7 HTTP/1.1" 200 57816237 "-" "docker/1.12.6 go/go1.7.4 kernel/3.10.0-514.10.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.6 \x5C(linux\x5C))"
但随着推动,我们面临以下错误。
x.x.x.x - admin [23/Jun/2017:14:32:34 +0800] "POST /v2/fedora/apache/blobs/uploads/?from=fedora%2Fssh&mount=sha256%3Aacd6cf67daf4cd1fcff55ece5a906a45e1569b81271b80136a1f5fecfa4546ed HTTP/1.1" 404 717 "-" "docker/1.12.6 go/go1.7.4 kernel/3.10.0-514.10.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.6 \x5C(linux\x5C))"
当我们尝试使用代理 _pass url 作为http://server908.int.org.com:4444,我们能够推送但无法拉取图像。
nginx 中是否可以传递两个不同的 proxy_pass url,它们位于同一位置,但请求方法不同。任何帮助都将非常有用。谢谢
答案1
使用 Nginx 您可以捕获请求中使用的方法。
因此,您只需对正确的代理进行重定向进行一些调整。
location /blabla {
if ($request_method = POST ) {
# Proxy for POST
}
if ($request_method = GET ) {
# Proxy for GET
}
答案2
它现在使用以下位置配置工作。
location / {
access_log /var/log/nginx/docker.log;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
if ($request_method !~* GET) {
proxy_pass http://server908.int.org.com:4444;
}
if ($request_method = GET) {
proxy_pass http://server908.int.org.com:5555;
}
proxy_read_timeout 90;
}
感谢您的帮助