Docker在Mac上使用Docker Desktop登录本地注册表

huangapple go评论80阅读模式
英文:

Docker log in to local registry with Docker Desktop for Mac

问题

I'm working on developing a reverse proxy for docker registries, and I'm facing problems when trying to log in to the proxy application when running it locally. The application is listening on port 5000 for all the interfaces, and the thing is that I can successfully log in to the proxy when I run it through a docker container:

$> docker run -p 5000:5000 docker-proxy:latest

$> docker login -u admin -p password localhost:5000
Login Succeeded

However, when I run the application directly on my local without using a container, I get a connection refused error:

docker login -u admin -p password localhost:5000
Error response from daemon: Get "http://localhost:5000/v2/": dial tcp [::1]:5000: connect: connection refused

My computer is a Mac running macOS Monterey (v12.6) and the application is configured to listen on address [::] (it also works listening on the IPv4 equivalent 0.0.0.0) and port 5000.

Could someone explain to me the reason for this?

英文:

I'm working on developing a reverse proxy for docker registries, and I'm facing problems when trying to log in to the proxy application when running it locally. The application is listening on port 5000 for all the interfaces, and the thing is that I can successfully log in to the proxy when I run it through a docker container:

$> docker run -p 5000:5000 docker-proxy:latest

$> docker login -u admin -p password localhost:5000
Login Succeeded

However, when I run the application directly on my local without using a container, I get a connection refused error:

docker login -u admin -p password localhost:5000
Error response from daemon: Get "http://localhost:5000/v2/": dial tcp [::1]:5000: connect: connection refused

My computer is a Mac running macOS Moterey (v12.6) and the application is configured to listen on address [::] (it also works listening on the IPv4 equivalent 0.0.0.0) and port 5000.

Could someone explain to me the reason for this?

答案1

得分: 0

我似乎终于找到了这个问题的根本原因。正如您可以从此帖子中了解的那样,Docker for Desktop在Mac和Windows上创建了一个Linux虚拟机,而docker引擎和大多数docker工具实际上在该虚拟机上运行,而不是在主机操作系统上运行。也就是说,我遇到的问题是当我运行docker login ... localhost时,实际上localhost指的是虚拟机,而不是主机操作系统,因此没有docker注册表在那里运行和监听。为了能够连接到运行在主机操作系统上的应用程序,我必须为docker login提供一个地址,它可以在其中找到正在运行的注册表,例如,我用于连接到我的LAN的网络接口的IP地址(在我的情况下是192.168.0.6,您可以使用像ifconfig这样的工具来获取您的IP地址)。

一旦我有了地址,我面临了不同的问题。当我尝试docker登录时,我收到一个错误消息,说服务器以HTTP响应HTTPS客户端。这是因为我的代理处理请求时使用的是HTTP协议,而不是HTTPS协议(我猜这是在开发应用程序时的常见情况)。

$> docker login -u admin -p password 192.168.0.26:5000
Error response from daemon: Get "https://192.168.0.26:5000/v2/": http: server gave HTTP response to HTTPS client

为了解决这个问题,我配置了我的代理以使用一些自签名的证书运行HTTPS,但然后它抱怨证书无效,不适用于请求的地址。

docker login -u admin -p password 192.168.0.26:5000
Error response from daemon: Get "https://192.168.0.26:5000/v2/": x509: certificate is valid for 127.0.0.1, not 192.168.0.26

最后,为了解决最后一个问题,我不得不将代理应用程序配置为docker引擎配置中的不安全注册表。要做到这一点,您必须按照官方Docker指南中的说明进行操作。如果您是Mac用户,您将在~/.docker/daemon.json中找到配置文件,您必须添加以下条目,并重新启动Docker守护程序才能生效:

{
  "insecure-registries" : ["http://192.168.0.26:5000"]
}

或者更简单的方式,您可以在Docker DesktopDocker Dashboard设置部分中完成所有操作,在Docker Engine部分,编辑配置,并点击应用并重新启动按钮。

然后,我最终成功运行了docker login命令:

$> docker login -u admin -p password 192.168.0.26
Login Succeeded
英文:

It seems that I've finally found the root cause of this issue. As you can learn from this post, Docker for desktop creates a Linux virtual machine in Mac and Windows, and the docker engine and most of the docker tools actually run on that VM instead of on the host operating system. That said, the issue I was facing is that when I run docker login ... localhost, that localhost actually points to the VM instead of the host OS, so there's no docker registry running and listening there. To be able to connect to the application running on my host OS I had to provide docker login with an address where it can find the running registry, for example, the IP address of the network interface I use to connect to my LAN (192.168.0.6 in my case, you can take yours using some tool like ifconfig).

Once I had the address, I faced a different issue. When to docker login to it, I got an error saying that server gave an HTTP response to HTTPS client. That was because my proxy was handling requests through HTTP instead of HTTPS protocol (the common thing when you are developing an application I guess).

$> docker login -u admin -p password 192.168.0.26:5000
Error response from daemon: Get "https://192.168.0.26:5000/v2/": http: server gave HTTP response to HTTPS client

To fix that, I configured my proxy to run through HTTPS using some self-signed certs, but then it yelled about the certificates not being valid for the requested address.

docker login -u admin -p password 192.168.0.26:5000
Error response from daemon: Get "https://192.168.0.26:5000/v2/": x509: certificate is valid for 127.0.0.1, not 192.168.0.26

Finally, to fix the last issue I had to configure the proxy application as an insecure registry in my docker engine config. To do this you
have to follow the instructions from this official Docker guide. In case you are a Mac
user, you will find the config file in ~/.docker/daemon.json, and you will have to add the following entry and restart the Docker daemon for it to take effect:

{
  "insecure-registries" : ["http://192.168.0.26:5000"]
}

Or even easier, you can do it all from the settings section of the Docker Dashboard in Docker Desktop, going to the Docker Engine section,
editing the config, and clicking on the Apply & restart button.

Docker在Mac上使用Docker Desktop登录本地注册表

Then, I was finally able to successfully run the docker login command:

$> docker login -u admin -p password 192.168.0.26
Login Succeeded

huangapple
  • 本文由 发表于 2023年4月17日 19:10:50
  • 转载请务必保留本文链接:https://go.coder-hub.com/76034521.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定