Azure存儲和Nginx的私人碼頭註冊表：502壞的網關

Question

我想運行一個私人碼頭註冊表。

docker run -d -p 5000:5000 --name registry \ 
    -v /opt/registry/config.yml:/etc/docker/registry/config.yml \ 
    registry 

config.yml：

version: 0.1 
log: 
    level: debug 
storage: 
    azure: 
    accountname: ... 
    accountkey: ... 
    container: registry 

事後註冊表

docker logs -f registry 

具有以下的輸出：

time="2017-02-21T16:29:45.584228329Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable." go.version=go1.7.3 instance.id=99dc49a2-d0c5-4d5f-8e2f-1b1ed77ec012 version=v2.6.0 
time="2017-02-21T16:29:45.584439534Z" level=info msg="redis not configured" go.version=go1.7.3 instance.id=99dc49a2-d0c5-4d5f-8e2f-1b1ed77ec012 version=v2.6.0 
time="2017-02-21T16:29:45.595020552Z" level=info msg="Starting upload purge in 10m0s" go.version=go1.7.3 instance.id=99dc49a2-d0c5-4d5f-8e2f-1b1ed77ec012 version=v2.6.0 
time="2017-02-21T16:29:45.623443737Z" level=info msg="listening on [::]:45908" go.version=go1.7.3 instance.id=99dc49a2-d0c5-4d5f-8e2f-1b1ed77ec012 version=v2.6.0 
time="2017-02-21T16:39:45.595199645Z" level=info msg="PurgeUploads starting: olderThan=2017-02-14 16:39:45.595164544 +0000 UTC, actuallyDelete=true" 
time="2017-02-21T16:39:45.641492799Z" level=debug msg="azure.List(\"/docker/registry/v2/repositories\")" go.version=go1.7.3 instance.id=99dc49a2-d0c5-4d5f-8e2f-1b1ed77ec012 trace.duration=46.132851ms trace.file="/go/src/github.com/docker/distribution/registry/storage/driver/base/base.go" trace.func="github.com/docker/distribution/registry/storage/driver/base.(*Base).List" trace.id=22a8eafa-43d4-4de4-9971-290cd9b12df6 trace.line=150 version=v2.6.0 
time="2017-02-21T16:39:45.641583901Z" level=info msg="Purge uploads finished. Num deleted=0, num errors=1" 
time="2017-02-21T16:39:45.641605301Z" level=info msg="Starting upload purge in 24h0m0s" go.version=go1.7.3 instance.id=99dc49a2-d0c5-4d5f-8e2f-1b1ed77ec012 version=v2.6.0 

nginx的：

server { 
    listen 80; 
    server_name registry.example.com; 
    return 301 https://$host$request_uri; 
} 

server { 
    listen 443 ssl; 
    server_name registry.example.com; 

    ssl_certificate  /opt/certificates/fullchain.pem; 
    ssl_certificate_key /opt/certificates/privkey.pem; 

    ssl on; 
    ssl_session_cache shared:SSL:10m; 

    location/{ 
     proxy_pass  http://localhost:5000/; 
     proxy_redirect default; 

     proxy_set_header Docker-Distribution-Api-Version registry/2.0; 
     proxy_set_header Host    $host; 
     proxy_set_header X-Real-IP   $remote_addr; 
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
     proxy_set_header X-Forwarded-Proto $scheme; 

     proxy_read_timeout 900; 
     client_max_body_size 0; 
    } 
} 

不過，我不斷收到一個「502網關」時，我想的圖像推到註冊表，或者當我去https://registry.example.com

Answer 1

• 我會刪除了基於HTTP> HTTPS重定向作爲第一調試步驟

```

server { 
    listen 80; 
    server_name registry.example.com; 
    return 301 https://$host$request_uri; 
} 

• 雙用curl localhost:5000命令

• 您還需要更新您的代理頭檢查註冊表路徑：

```

proxy_set_header Host    $http_host; # required for docker client's sake 
proxy_set_header X-Real-IP   $remote_addr; # pass on real client's IP 
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
proxy_set_header X-Forwarded-Proto $scheme; 
proxy_read_timeout     900; 

• 你也應該考慮添加auth頭爲了保護您的註冊表

auth_basic "Registry realm"; auth_basic_user_file /etc/nginx/conf.d/nginx.htpasswd;

另外我可以從日誌中看到您的註冊表正在本地運行。當nginx-proxy目標資源沒有正確響應時，Nginx會拋出502錯誤。您也可以在代理通行證下嘗試127.0.0.1:5000。在以下link上也有做端口映射的方法。