时间戳

首页 > 解决方案 > docker build 拉取基础镜像时出现 Docker 不安全的注册表问题

docker - docker build 拉取基础镜像时出现 Docker 不安全的注册表问题

问题描述

使用时docker build,从私有注册表中提取基础映像失败,并显示 http: server gave HTTP response to HTTPS client

然而,它不应该是设置的问题insecure-registries,因为

  1. insecure-registries已设置
  2. docker pull 和 push 工作没有问题

我可以通过首先拉取基础映像然后调用来解决它docker build,但我更愿意找到问题的根源。

该问题发生在 Mac 和 Windows 上。

知道可能是什么问题吗?

编辑:Dockerfile FROM Insecure Registry的解决方案对我不起作用。对于我的 insecure-registries 条目,我使用 ip:port。当我尝试输入 http://ip:port 时,我收到一条错误消息:

Error invoking remote method 'desktop-backend': Error: "invalid daemon settings: \"insecure-registries\":\n Must be host[:port] or CIDR"

docker info在 Mac 上的输出:

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Build with BuildKit (Docker Inc., v0.6.1-docker)
  compose: Docker Compose (Docker Inc., v2.0.0-rc.2)
  scan: Docker Scan (Docker Inc., v0.8.0)

Server:
 Containers: 4
  Running: 0
  Paused: 0
  Stopped: 4
 Images: 23
 Server Version: 20.10.8
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: e25210fe30a0a703442421b0f60afac609f950a3
 runc version: v1.0.1-0-g4144b63
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 5.10.47-linuxkit
 Operating System: Docker Desktop
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 1.94GiB
 Name: docker-desktop
 ID: K4NV:OOUS:LNWC:BE2D:W75R:I3AH:CD5B:OFIJ:QFGT:57TT:SXEY:JP3C
 Docker Root Dir: /var/lib/docker
 Debug Mode: true
  File Descriptors: 43
  Goroutines: 45
  System Time: 2021-09-16T13:31:24.174487976Z
  EventsListeners: 4
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: true
 Insecure Registries:
  images:5000
  127.0.0.0/8
 Live Restore Enabled: false

守护进程.json

{
  "builder" : {
    "gc" : {
      "defaultKeepStorage" : "20GB",
      "enabled" : true
    }
  },
  "features" : {
    "buildkit" : true
  },
  "insecure-registries" : [
    "<dns-name>:<port>"
  ],
  "registry-mirrors" : [

  ],
  "experimental" : true,
  "debug" : true
}

Dockerfile

FROM <dns-name>:<port>/java-base:latest

ADD sedexclient /opt/sedexclient

ENV SCS_USER scs

RUN useradd -M -g nogroup $SCS_USER

RUN chown -R $SCS_USER: /opt/sedexclient

RUN cp /opt/sedexclient/jce/oracle_java8/* $JAVA_HOME/jre/lib/security/

EXPOSE 8000

CMD ["/opt/sedexclient/bin/sedex-client-start.sh"]

标签: dockerdocker-registry

解决方案

推荐阅读