How to for the configuration of docker for nexus as registry?
4,064 views
Skip to first unread message
Dan Steffen
May 19, 2016, 5:49:45 AM5/19/16
to Nexus Users
Hello,
mybe this is the wrong place. But I would like try it anyway. I am looking for a Tutorial how can I configure docker for a push of a docker image to a nexus docker-repository. At the moment I get the error:
# docker push artefakt-test:8081/repository/test
The push refers to a repository [artefakt-test:8081/repository/test]
unable to ping registry endpoint https://artefakt-test:8081/v0/
v2 ping attempt failed with error: Get https://artefakt-test:8081/v2/: tls: oversized record received with length 20527
v1 ping attempt failed with error: Get https://artefakt-test:8081/v1/_ping: tls: oversized record received with length 20527
but for example this should only HTTP not HTTPS and I set
DOCKER_OPTS=""
ADD_REGISTRY='--add-registry http://artefakt-test:8081'
INSECURE_REGISTRY='--insecure-registry http://192.168.5.251:8081'
in the /etc/sysconfig/docker but this seems not right/not enough.
I know this is nexus forum, but maybe someone here as semiliar problems with the configuration and can give me a hint?
best regards
Dan
mybe this is the wrong place. But I would like try it anyway. I am looking for a Tutorial how can I configure docker for a push of a docker image to a nexus docker-repository. At the moment I get the error:
# docker push artefakt-test:8081/repository/test
The push refers to a repository [artefakt-test:8081/repository/test]
unable to ping registry endpoint https://artefakt-test:8081/v0/
v2 ping attempt failed with error: Get https://artefakt-test:8081/v2/: tls: oversized record received with length 20527
v1 ping attempt failed with error: Get https://artefakt-test:8081/v1/_ping: tls: oversized record received with length 20527
but for example this should only HTTP not HTTPS and I set
DOCKER_OPTS=""
ADD_REGISTRY='--add-registry http://artefakt-test:8081'
INSECURE_REGISTRY='--insecure-registry http://192.168.5.251:8081'
in the /etc/sysconfig/docker but this seems not right/not enough.
I know this is nexus forum, but maybe someone here as semiliar problems with the configuration and can give me a hint?
best regards
Dan
Peter Lynch
May 19, 2016, 9:04:21 AM5/19/16
to Dan Steffen, Nexus Users
On Thu, May 19, 2016 at 6:49 AM, 'Dan Steffen' via Nexus Users <nexus...@glists.sonatype.com> wrote:
Hello,
mybe this is the wrong place. But I would like try it anyway. I am looking for a Tutorial how can I configure docker for a push of a docker image to a nexus docker-repository. At the moment I get the error:
# docker push artefakt-test:8081/repository/test
The push refers to a repository [artefakt-test:8081/repository/test]
unable to ping registry endpoint https://artefakt-test:8081/v0/
v2 ping attempt failed with error: Get https://artefakt-test:8081/v2/: tls: oversized record received with length 20527
v1 ping attempt failed with error: Get https://artefakt-test:8081/v1/_ping: tls: oversized record received with length 20527
but for example this should only HTTP not HTTPS and I set
DOCKER_OPTS=""
ADD_REGISTRY='--add-registry http://artefakt-test:8081'
INSECURE_REGISTRY='--insecure-registry http://192.168.5.251:8081'
in the /etc/sysconfig/docker but this seems not right/not enough.
The error is caused by trying to talk TLS on a non-https port (8081).
A couple things I see.
First, never use the --insecure-registry option. Its use is not well defined and discouraged from use by Docker themselvs - it will trigger edge cases and bugs.
Second, in order to push, Docker absolutely requires ( not a Sonatype requirement ) that pushes use a secure registry endpoint ( ie. NOT plain http )
So, at a high level:
4. Configure Docker Daemon to trust the Nexus certificate ( see article )
5. docker login <nexus_host>:<docker_hosted_repo_https_port>
6. docker push <nexus_host>:<docker_hosted_repo_https_port>/repository/test
I know this is nexus forum, but maybe someone here as semiliar problems with the configuration and can give me a hint?
best regards
Dan
--
You received this message because you are subscribed to the Google Groups "Nexus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nexus-users...@glists.sonatype.com.
To post to this group, send email to nexus...@glists.sonatype.com.
To view this discussion on the web visit https://groups.google.com/a/glists.sonatype.com/d/msgid/nexus-users/483cd1c7-5baa-427b-ae37-e4c930a751b5%40glists.sonatype.com.
For more options, visit https://groups.google.com/a/glists.sonatype.com/d/optout.
Dan Steffen
May 23, 2016, 5:17:09 AM5/23/16
to Nexus Users, dan.ste...@googlemail.com
Hello Peter,
please excuse my late reply but in the meantime we found the solutions for the problem we get after we follow your advice to switch to ssl. We have to define the DNS-Server-IP in the DOCKER_ARGS-Parameter now we can login and get a login succeed message. But if we try to push we get a new error with the Message:
405
The PUT\n
method is not allowed for the requested URL.
At the moment we think this is a problem with the apache-proxy in front of the nexus server, but we don't get any error messages in the apache-logfiles so we can't be sure. Maybe somehere use a similiar configuration and can help us?
best regards
Dan
please excuse my late reply but in the meantime we found the solutions for the problem we get after we follow your advice to switch to ssl. We have to define the DNS-Server-IP in the DOCKER_ARGS-Parameter now we can login and get a login succeed message. But if we try to push we get a new error with the Message:
405
The PUT\n
method is not allowed for the requested URL.
At the moment we think this is a problem with the apache-proxy in front of the nexus server, but we don't get any error messages in the apache-logfiles so we can't be sure. Maybe somehere use a similiar configuration and can help us?
best regards
Dan
Rich Seddon
May 23, 2016, 8:56:27 AM5/23/16
to Dan Steffen, Nexus Users
Check your configuration against our recommendations here: https://books.sonatype.com/nexus-book/reference/install-sect-proxy.html
The above link is in the Nexus 2.x book, but the recommendations are the same for Nexus 3.
Rich
--
You received this message because you are subscribed to the Google Groups "Nexus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nexus-users...@glists.sonatype.com.
To post to this group, send email to nexus...@glists.sonatype.com.
To view this discussion on the web visit https://groups.google.com/a/glists.sonatype.com/d/msgid/nexus-users/5d740565-7f3e-4922-ae24-f05ab7acdc2e%40glists.sonatype.com.
Dan Steffen
May 25, 2016, 5:30:44 AM5/25/16
to Nexus Users, dan.ste...@googlemail.com
Hello,
thanks for your help, I found out that I need to define a port for a HTTPS Connector to this repository. Now i have configured for nexus SSL (with the same certificate of our apache proxy) and I can connect to the port of tht HTTPS-Connector. But now I get the error:
docker push foobar.example.com:19444/repository/malm
The push refers to a repository [foobar.example.com:19444/repository/malm]
93326a1c4185: Retrying in 1 seconds
30b5d3e78e27: Retrying in 1 seconds
6a1bea788a3f: Retrying in 1 seconds
5f70bf18a086: Retrying in 1 seconds
6eb35183d3b8: Retrying in 1 seconds
no basic auth credentials
We already add the certificates and the privat key to docker by copy it to the folder /etc/docker/certs.d/foobar.example.com. but the error is still the same :-(
thanks for your help, I found out that I need to define a port for a HTTPS Connector to this repository. Now i have configured for nexus SSL (with the same certificate of our apache proxy) and I can connect to the port of tht HTTPS-Connector. But now I get the error:
docker push foobar.example.com:19444/repository/malm
The push refers to a repository [foobar.example.com:19444/repository/malm]
93326a1c4185: Retrying in 1 seconds
30b5d3e78e27: Retrying in 1 seconds
6a1bea788a3f: Retrying in 1 seconds
5f70bf18a086: Retrying in 1 seconds
6eb35183d3b8: Retrying in 1 seconds
no basic auth credentials
We already add the certificates and the privat key to docker by copy it to the folder /etc/docker/certs.d/foobar.example.com. but the error is still the same :-(
Matthew Barker
May 25, 2016, 9:43:49 AM5/25/16
to Dan Steffen, Nexus Users
Dan,
If you take a look at Peter's original reply, you will see "Step 5"
5. docker login <nexus_host>:<docker_hosted_repo_https_port>
You need to do this only once (per user), as the hashed pw will be stored under the user's home folder - this is required to allow push to succeed.
Best,
Matthew
--
You received this message because you are subscribed to the Google Groups "Nexus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nexus-users...@glists.sonatype.com.
To post to this group, send email to nexus...@glists.sonatype.com.
To view this discussion on the web visit https://groups.google.com/a/glists.sonatype.com/d/msgid/nexus-users/54512118-8be1-412a-af47-37f6dbf10a9e%40glists.sonatype.com.
Matthew Barker | Sr Principle Solutions Architect
Office: 301-684-8080 x706|mba...@sonatype.com
Cell: 505-239-4008
www.sonatype.com
https://sonatype.webex.com/meet/mbarkersonatype.com 570 277 139
p.s., Is your Software Supply Chain Secure?
http://www.sonatype.com/nexus/product-overview/nexus-lifecycle
https://sonatype.webex.com/meet/mbarkersonatype.com 570 277 139
p.s., Is your Software Supply Chain Secure?
http://www.sonatype.com/nexus/product-overview/nexus-lifecycle
Dan Steffen
May 25, 2016, 11:19:07 AM5/25/16
to Nexus Users, dan.ste...@googlemail.com
Hello Matthew,
thanks for you post and your hint and excuse my mistake in my last posting. But the login with docker works at least I get the message login succeed but if I try to push I get the error.
The fact that I can login to nexus but not pushed confuse me a lot is it possible that I have not enough permissions?
best regards
Dan
thanks for you post and your hint and excuse my mistake in my last posting. But the login with docker works at least I get the message login succeed but if I try to push I get the error.
The fact that I can login to nexus but not pushed confuse me a lot is it possible that I have not enough permissions?
best regards
Dan
Reply all
Reply to author
Forward
0 new messages