I am running Nexus Repository Manager OSS 3.0.1-01 on a linux VM On that VM, I have nginx working to reserve proxy http requests as https. My SSL key is signed by a trusted CA I created a maven repository, which works without issues, whenever I have a client machine publish to it.
Also on this client machine, when I use my docker client, and do a docker login. I am receiving all kinds of errors.
I am following these instructions https://books.sonatype.com/nexus-book/3.0/reference/docker.html#_accessing_repositories Specifically Section 9.2 and honestly, I've spent the last 2 days getting nowhere.
I've read over everything that's mentioned here: Trouble connecting to Docker registry stored on Nexus 3 Preview on Azure VM But that setup the user explains confuses me.
For the setup we are trying to achieve insecure settings by adding --insecure-registry to /etc/default/docker file, is simply not
an option.
I've tried to follow multiple tutorials just to understand the inner workings of the docker registry but I haven't been able to piece it together. I've looked at following this to a certain extent:https://www.digitalocean.com/community/tutorials/how-to-set-up-a-private-docker-registry-on-ubuntu-14-04
I have used additional responses in stackoverflow to help me troubleshoot malformed HTTP response with docker private registry (v2) behind an nginx proxy
But honestly I can't say I've found anything that's made understanding this straight forward. NGINX isn't reporting any error logs
in /var/log/nginx/errors.log, the access logs look like basic 'GETS', each time I attempt a docker login.
The docker logs in
/var/log/upstart/docker.log report the same errors that I'm illustrating below with the 404 errors.
Also followed this issue on github to see if that was any help github com/docker/docker/issues/8410 . Any assistance to get me to able to perform a successful docker login to this private nexus 3 repo would be amazing.
Now maybe I'm a bit confused with everything I've been reading to get my docker client to work successfully with this nexus repo, but is it required that I setup a docker(group) repo and that is the source of my issue? Or is it okay for me to just have a docker(hosted) repo. Because as of right now I only have a docker(hosted) repo. The Nexus documentation didn't give me the impression that a group repo was also required to get things to work.
Last but not least, I hope my question is specific enough, and I hope that you guys see I've made some effort here. I really did try!
When I login, I am using the local admin user, with the default admin password. First let me present the issues:
If I try without a port, i get the following --
root:~# docker login box.company.net
Error response from daemon: Login:
<!DOCTYPE html>
<html>
<head>
<title>404 - Nexus Repository Manager</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
With the HTTP port of 4444, i get the following
root:~# docker login box.company.net:4444
Error response from daemon: Get https://box.company.net:4444/v1/users/: `http: server gave HTTP response to HTTPS client`
If I add HTTPS in the Nexus UI to 4445, then I run
root:~# docker login box.company.net:4445
Error response from daemon: Get https://box.company.net:4445/v1/users/: dial tcp x.x.x.x:4445: getsockopt: connection refused
Here is my environment information:
#cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=14.04
DISTRIB_CODENAME=trusty
DISTRIB_DESCRIPTION="Ubuntu 14.04.5 LTS"
# uname -r
3.19.0-65-generic
# nginx -v
nginx version: nginx/1.4.6 (Ubuntu)
~# docker version
Client:
Version: 1.12.1
API version: 1.24
Go version: go1.6.3
Git commit: 23cf638
Built: Thu Aug 18 05:22:43 2016
OS/Arch: linux/amd64
Server:
Version: 1.12.1
API version: 1.24
Go version: go1.6.3
Git commit: 23cf638
Built: Thu Aug 18 05:22:43 2016
OS/Arch: linux/amd64
cat /etc/nginx/conf.d/site.conf
server {
proxy_send_timeout 120;
proxy_read_timeout 300;
proxy_buffering off;
tcp_nodelay on;
server_tokens off;
client_max_body_size 1G;
listen 80;
server_name box.company.net;
location / {
rewrite ^(.*) https://box.company.net$1 permanent;
}
}
server {
listen 443;
server_name box.company.net;
keepalive_timeout 60;
ssl on;
ssl_certificate /etc/nginx/conf.d/net.crt;
ssl_certificate_key /etc/nginx/conf.d/net.key;
ssl_ciphers HIGH:!kEDH:!ADH:!MD5:@STRENGTH;
ssl_session_cache shared:TLSSSL:16m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
proxy_pass http://x.x.x.x:8081;
proxy_read_timeout 90;
}
}
here are some basic curl results for more info, if this will help at all.
root:~# curl -v https://box.company.net
* Rebuilt URL to: https://box.company.net
* Hostname was NOT found in DNS cache
* Trying x.x.x.x...
* Connected to box.company.net (x.x.x.x) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
* subject: OU=Domain Control Validated; CN=*.company.net
* start date: 2016-04-01 14:01:38 GMT
* expire date: 2018-04-14 15:15:04 GMT
* subjectAltName: box.company.net matched
* issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2
* SSL certificate verify ok.
> GET / HTTP/1.1
> User-Agent: curl/7.35.0
> Host: box.company.net
> Accept: */*
>
< HTTP/1.1 200 OK
* Server nginx/1.4.6 (Ubuntu) is not blacklisted
< Server: nginx/1.4.6 (Ubuntu)
< Date: Thu, 25 Aug 2016 13:39:14 GMT
< Content-Type: text/html
< Content-Length: 5077
< Connection: keep-alive
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< Last-Modified: Thu, 25 Aug 2016 13:39:14 GMT
< Pragma: no-cache
< Cache-Control: post-check=0, pre-check=0
< Expires: 0
Any help to get docker login private.registry.net would be highly helpful thanks.
