有问题去官网看文档!有问题去官网看文档!有问题去官网看文档! 重要的事情说三遍!!
为啥啊这么说呢?是因为别人经验真的不适合你,,亲身体验啊!
起因是本人在阿里云服务器上使用docker镜像部署本仓库,想着使用nginx反向代理到二级目录下(因为ssl证书只在主域名下,当时申请ssl证书时候傻了没注意),
在nginx代理私有仓库的时候总是404,就百度了很多帖子博客都是大同小异,有的也很接近正确答案,但就是不成功!!也有可能是本人不精通nginx吧。总之磨磨唧唧一天没弄成!!
于是就去了docker官网找了找文档,,没想到啊没想到,仅仅半小时就解决了!!
官网:https://docs.docker.com/registry/recipes/nginx/ 使用Nginx作为身份验证代理
本人nginx.conf配置文件,供参考:
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
1 upstream my_docker_registry { 2 server 你的服务器IP:5000; # 本地仓库容器映射导docker宿主机上的端口 3 } 4 5 ## Set a variable to help us decide if we need to add the 6 ## 'Docker-Distribution-Api-Version' header. 7 ## The registry always sets this header. 8 ## In the case of nginx performing auth, the header is unset 9 ## since nginx is auth-ing before proxying. 10 map $upstream_http_docker_distribution_api_version $docker_distribution_api_version { 11 '' 'registry/2.0'; 12 } 13 14 server { 15 listen 80; #侦听80端口,如果强制所有的访问都必须是HTTPs的,这行需要注销掉 16 listen 443 ssl; 17 server_name 你的域名; #域名 18 19 # 增加ssl 20 # ssl on; #如果强制HTTPs访问,这行要打开 21 ssl_certificate /etc/nginx/ssl/你的ssl证书.pem; #这个目录不要照抄 22 ssl_certificate_key /etc/nginx/ssl/你的ssl证书.key; 23 24 ssl_session_cache shared:SSL:1m; 25 ssl_session_timeout 5m; 26 27 # 指定密码为openssl支持的格式 28 ssl_protocols SSLv2 SSLv3 TLSv1.2; 29 30 ssl_ciphers HIGH:!aNULL:!MD5; # 密码加密方式 31 ssl_prefer_server_ciphers on; # 依赖SSLv3和TLSv1协议的服务器密码将优先于客户端密码 32 33 # 定义首页索引目录和名称 34 location / { 35 root /usr/share/nginx/html; #你的网站根目录 36 index index.html index.htm; 37 } 38 39 client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads 40 41 # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486) 42 chunked_transfer_encoding on; 43 44 # Docker私有仓库二级目录 45 location /registry/ { 46 # Do not allow connections from docker 1.5 and earlier 47 # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents 48 if ($http_user_agent ~ "^(docker/1.(3|4|5(?!.[0-9]-dev))|Go ).*$" ) { 49 return 404; 50 } 51 52 # To add basic authentication to v2 use auth_basic setting. 53 auth_basic "Registry realm"; 54 # auth_basic_user_file /etc/nginx/conf.d/nginx.htpasswd; 55 56 ## If $docker_distribution_api_version is empty, the header is not added. 57 ## See the map directive above where this variable is defined. 58 add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always; 59 60 proxy_pass http://my_docker_registry; 61 proxy_set_header Host $http_host; # required for docker client's sake 62 proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP 63 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 64 proxy_set_header X-Forwarded-Proto $scheme; 65 proxy_read_timeout 900; 66 } 67 68 }