Artifactory插件代理結果在/ v1/_ping：錯誤的網關

Question

爲什麼我按照使用artifactory plugin with docker的說明獲得/v1/_ping: Bad Gateway錯誤？

1. 詹金斯2.60.3與Artifactory的插件2.12.2
2. Enable Build-Info proxy for Docker images端口9999個
3. 詹金斯/var/lib/jenkins/secrets/jfrog/certs/jfrog.proxy.crt加入到$ JAVA_HOME/JRE/LIB /安全/上詹金斯主機和從機的cacerts
4. jfrog nginx的自簽證書添加到$ JAVA_HOME/JRE/lib/security中/詹金斯上的主從
5. 訪問詹金斯的cacerts：9999主機之間的開放

6. /etc/systemd/system/docker.service.d/http-proxy.conf包含了與沒有差別的測試

   [服務] 環境= 「HTTP_PROXY = http://jenkins:9999/」

   [服務] 環境下面= 「HTTPS_PROXY = https://jenkins:9999/」

7. 本地搬運工測試（ docker login 127.0.0.1:9999）導致

Error response from daemon: Login: Bad Request to URI: /v1/users/ (Code: 400; Headers: map[Content-Length:[30] Content-Type:[text/html; chars...

詹金斯測試結果在com.github.dockerjava.api.exception.BadRequestException: Bad Request to URI: /images/artifactory:<port>/hello-world:latest/json

誤差在詹金斯登錄

SEVERE: (DISCONNECTED) [id: ..., L:0.0.0.0/0.0.0.0:... ! R:artifactory/...:5000]: 
Caught an exception on ProxyToServerConnection 
io.netty.handler.codec.DecoderException: 
javax.net.ssl.SSLHandshakeException: General SSLEngine problem 
... 
Caused by: sun.security.validator.ValidatorException: PKIX path building 
failed: sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target 

我的虛擬回購，其遠程和本地工作的時候，不使用jenkins代理，但根據插件文檔，我需要jenkins代理來獲取我需要的CI/CD升級的構建信息。

Answer 1

如果jenkins不使用該證書文件，那麼將證書添加到cacerts的效率會稍差。我不確定向商店添加證書是否需要在jenkins中重新啓動，但對於tomcat來說似乎是這樣，所以這可能只是jenkins的工作原理。

1. 配置詹金斯實例可使用專用的密鑰庫cloudbees doc on keystore
2. 複製$ JENKINS_HOME /祕密/ jfrog /證書/ jfrog.proxy.crt到/etc/docker/certs.d/:/ca.crt
3. 重啓搬運工
4. 重啓詹金斯
通過命令行

5. 測試代理，而尾礦詹金斯日誌 - 通過

   docker rmi artifactory:5000/hello-world:latest docker pull artifactory:5000/hello-world:latest

這應該使用/etc/systemd/system/docker.service.d/http-proxy.conf HTTP_PROXY，然後轉到jenkins代理然後去實際artifactory主機。應該在商店中找到所需的密鑰，這樣ssl握手就會很好，並使用v2 api。如果沒有，你會在詹金斯看到錯誤。登錄

經由殼經由artifactory的插件

測試節點的HelloWorld上節點

node("docker-experiments") { 
withCredentials([usernamePassword(
    credentialsId: 'artifactory.jenkins.user', 
    passwordVariable: 'ARTIFACTORY_PASSWORD', 
    usernameVariable: 'ARTIFACTORY_USER')]) { 

    sh "uname -a " 
    def registry="artifactory:5000" 
    def tag="${registry}/hello-world:${BUILD_NUMBER}-shelltest" 
    stage('login') { 
     sh "docker login ${registry} -u ${ARTIFACTORY_USER} -p ${ARTIFACTORY_PASSWORD}" 
    } 
    stage('pull and tag') { 
     sh "docker pull hello-world" 
     sh "docker tag hello-world:latest ${tag}" 
    } 
    stage('push') { 
     sh "docker push ${tag}" 
    } 
} 
} 

測試的HelloWorld

node("docker-experiments") { 
withCredentials([usernamePassword(
    credentialsId: 'artifactory.jenkins.user', 
    passwordVariable: 'ARTIFACTORY_PASSWORD', 
    usernameVariable: 'ARTIFACTORY_USER')]) { 

    def server = Artifactory.server "artifactory01" 
    def artDocker = Artifactory.docker(username: ARTIFACTORY_USER, 
             password: ARTIFACTORY_PASSWORD) 

    def registry="artifactory:5000" 
    def tag="${registry}/hello-world:${BUILD_NUMBER}-artifactoryTest" 
    def dockerInfo 

    stage('pull and tag') { 
     sh "docker tag hello-world:latest ${tag}" 
    } 

    stage('push') { 
     dockerInfo = artDocker.push "${tag}", "docker-local" 
    } 
    stage('publish') { 
     server.publishBuildInfo(dockerInfo) 
    } 
} 
}