如何使用nginx配置坞注册中心

Question

我配置了一个专用的码头注册服务器来存储图像。我是Ubuntu 18.04。

我在nginx容器和注册表容器之间的交互中遇到了问题。

运行推送图像时速度非常慢。问题就像这样。

$ docker push 192.168.3.131:6080/my-ubuntu

The push refers to a repository [192.168.3.131:6080/my-ubuntu]
2de391e51d73: Retrying in 14 seconds
d73dd9e65295: Retrying in 14 seconds
686245e78935: Retrying in 14 seconds
d7ff1dc646ba: Retrying in 14 seconds
644879075e24: Retrying in 14 seconds

这一过程正在进行，但进展非常缓慢。发送100 KB，等待15秒。再来一次。

码头-组成

version: '3'

services:
  registry:
    container_name: registry
    restart: always
    image: registry:2
    volumes:
      - /srv/docker-registry/data:/var/lib/registry

  nginx:
    container_name: nginx
    image: nginx
    restart: always
    links:
       - registry
    volumes:
       - "./nginx.conf:/etc/nginx/conf.d"
    ports:
       - "80:80"

networks:
  default:
    external:
      name: nginx-proxy

nginx.conf

map $upstream_http_docker_distribution_api_version $docker_distribution_api_version {
    '' 'registry/2.0';
}

upstream docker-registry {
   server registry:5000;
}

server {
    listen       80;
    server_name  "";

    proxy_send_timeout 120;
    proxy_buffering    off;
    tcp_nodelay        on;

    access_log off;

    # disable any limits to avoid HTTP 413 for large image uploads
    client_max_body_size 0;

    # required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486)
    chunked_transfer_encoding on;

    location /v2/ {
        # Do not allow connections from docker 1.5 and earlier
        # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
        if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
            return 404;
        }

        # To add basic authentication to v2 use auth_basic setting.
        auth_basic "Registry realm";
        auth_basic_user_file /etc/nginx/conf.d/nginx.htpasswd;

        ## If $docker_distribution_api_version is empty, the header is not added.
        ## See the map directive above where this variable is defined.
        # add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;

        proxy_pass                          http://docker-registry;
        proxy_set_header  Host              $http_host;   # required for docker client's sake
        proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
        proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto  $scheme;
        proxy_set_header X-Forwarded-Host   $host:$server_port;
        proxy_set_header X-Original-URI     $request_uri;
        proxy_set_header Docker-Distribution-Api-Version registry/2.0;
        proxy_read_timeout                  900;
    }
}

如果您从集装箱注册中心打开港口，则码头推送工作正常。我想问题出在我在nginx的环境里，但也许不是。

为了进行测试，我做了一个项目https://bitbucket.org/mrvstas/registry-docker

有人会遇到类似的情况吗？和nginx有什么关系？码头登记有什么关系？

Answer 1

我有一个非常类似的问题，原来是由proxy_set_header X-Forwarded-Proto $scheme;引起的。我有两层代理，而停靠注册中心前面的nginx最终将X-Forwarded-Proto设置为"http“，尽管最终docker push是通过"https”访问它的。

不管是删除这一行，还是将其设置为"https“而不是$scheme，都对我有好处，但也许使用map指令和$http_x_forwarded_proto进行一些工作会更好。

以下是我最后所做的：

http {

  ...

  # If X-Forwarded-Proto was set, use that, otherwise fallback to
  # $scheme. Used below to set X-Forwarded-Proto when proxying to the
  # registry.
  map $http_x_forwarded_proto $my_scheme {
    default $http_x_forwarded_proto;
    '' $scheme;
  }

  server {
    ...
    location /v2/ {
      ...
      proxy_set_header X-Forwarded-Proto $my_scheme;
    }
  }
}