Windows上的Docker - 证书错误

时间:2016-04-11 13:51:22

标签: windows docker virtualbox docker-registry docker-machine

当我尝试构建或运行docker容器时,例如:

docker build -t docker.example.com/research/example_project .

导致以下错误:

Sending build context to Docker daemon 6.513 MB
Step 1 : FROM docker.example.com/research/example_project:latest
unable to ping registry endpoint https://docker.example.com/v0/
v2 ping attempt failed with error: Get https://docker.example.com/v2/: x509: certificate signed by unknown authority
 v1 ping attempt failed with error: Get https://docker.example.com/v1/_ping: x509: certificate signed by unknown authority

我在google上找到的所有解决方法都是针对ubuntu的,但这种情况是在Windows 8上运行docker(安装了虚拟机)。

2 个答案:

答案 0 :(得分:0)

如果您使用Windows 1.1之前的Docker版本(使用VirtualBox和Boot2Docker的版本),则需要将注册表证书添加到Boot2Docker虚拟机。在Docker控制台窗口中,键入:

$ docker-machine ssh default
$ DOMAIN_NAME=<type your domain name here>:5000
$ sudo mkdir -p /etc/docker/certs.d/$DOMAIN_NAME
$ sudo vi /etc/docker/certs.d/$DOMAIN_NAME/ca.crt

--> then copy certificate text in there and save (type :wq)

下一步是创建一个脚本,将证书添加到允许的证书列表中:

$ sudo touch /var/lib/boot2docker/bootlocal.sh && sudo chmod +x /var/lib/boot2docker/bootlocal.sh
$ sudo vi /var/lib/boot2docker/bootlocal.sh

然后填写&#34;您的域名&#34;下面的变量并将此脚本粘贴到刚刚创建的文件中:

#!/bin/bash
CA_CERTS_DIR=/usr/local/share/ca-certificates
DOCKER_CERTS_DOMAIN_DIR=/etc/docker/certs.d/<your domain name>
CERTS_DIR=/etc/ssl/certs
CAFILE=${CERTS_DIR}/ca-certificates.crt

cp ${DOCKER_CERTS_DOMAIN_DIR}/ca.crt ${CA_CERTS_DIR}


for cert in $(/bin/ls -1 ${DOCKER_CERTS_DOMAIN_DIR}); do
SRC_CERT_FILE=${CA_CERTS_DIR}/${cert}
CERT_FILE=${CERTS_DIR}/${cert}
HASH_FILE=${CERTS_DIR}/$(/usr/local/bin/openssl x509 -noout -hash -in ${SRC_CERT_FILE} 2>/dev/null)

[ ! -L ${CERT_FILE} ] && /bin/ln -fs ${SRC_CERT_FILE} ${CERT_FILE}

for idx in $(/usr/bin/seq 0 9); do
if [ -L ${HASH_FILE}.${idx} ]; then
[ "$(/usr/bin/readlink ${HASH_FILE}.${idx})" = "${SRC_CERT_FILE}" ] && break
else
/bin/ln -fs ${SRC_CERT_FILE} ${HASH_FILE}.${idx}
break
fi
done
/bin/cat ${SRC_CERT_FILE} >> ${CAFILE}
done

答案 1 :(得分:0)

如果您正在运行Docker&gt; = 1.12 for Windows(运行本机并使用Hyper-V而不是VirtualBox),您可以将注册表的主机地址添加为&#34;不安全的注册表&#34;到Docker守护进程配置:

右键单击系统托盘中的Docker图标 - &gt;设置... - &gt;点击“Docker守护程序”&#39;标签 - &gt;改变行

"insecure-registries": [
  ],

进入

"insecure-registries": [
"your.domain.com:5000"
  ],

这允许我使用新的Docker for Windows再次访问我的私人注册表。可能也适用于Mac,但尚未经过测试。

相关问题
最新问题