logo标签列表

Gitlab Docker仓库拉取失败 EOF

nginxdockergitlabreverse-proxydocker-registry
4

1. 简介

我使用docker镜像https://github.com/sameersbn/docker-gitlab (sameersbn/docker-gitlab) 部署了Gitlab,并希望设置gitlab私有仓库。

1.1 问题

所有这些都在反向代理负载均衡器nginx后面。我能够推送到仓库,但是拉取时遇到了一些问题,无法解决。

输出告诉我retrying in 5sec,然后随着时间的增加而增加,但大约一分钟后输出Download complete。当所有层都输出Download complete时,拉取结果会像Unexpected EOF

基础设施如下:

代理负载平衡器 -----> gitlab仓库 | | 另一个代理负载平衡器 -----> Gitlab

2. 终端输出

Docker登录和推送正常。问题出现在拉取上。

2.1 Docker拉取

2.1.1 预期结果

root@server:~# docker pull registry.dalten.com/docker/php5.6-cli/image
Using default tag: latest
latest: Pulling from docker/php5.6-cli/image
10a267c67f42: Already exists 
370377701f89: Pulling fs layer 
455c73a122bc: Pulling fs layer 
2cdcd82f5338: Pulling fs layer 
3ac634f20449: Waiting 
a19eeb6546ae: Waiting 
4ca536f5a464: Waiting 
4788559f39db: Waiting 
cc1917e72a80: Waiting 
42feb0ca362a: Pull complete 
f74f29b91bbc: Pull complete 
d104213bfd22: Pull complete 
6db9d2d35d48: Pull complete 
806b8ac2f0b7: Pull complete 
661bb76178ac: Pull complete 
3727be25d45f: Pull complete 
04fed213644a: Pull complete 
a78f18e044f7: Pull complete 
849a2f576c66: Pull complete 
259300decf26: Pull complete 
0d9f42b121be: Pull complete 
2483d273017a: Pull complete 
3dfaf57e1d54: Pull complete 
92fbf8438206: Pull complete 
7d5100ec575c: Pull complete 
52b1dff7320d: Pull complete 
500fa7f84392: Pull complete 
aff937c2773b: Pull complete 
92f8bc1201f3: Pull complete 
Digest: sha256:d3d06d2cebd333af21565639503ddded64db47d5641ee9ff93167200b5fcad7a
Status: Downloaded newer image for registry.dalten.com/docker/php5.6-cli/image:latest

2.1.2 实际行为

docker pull registry.dalten.com/docker/php5.6-cli/image
Using default tag: latest
latest: Pulling from docker/php5.6-cli/image
10a267c67f42: Already exists 
370377701f89: Pulling fs layer 
455c73a122bc: Pulling fs layer 
2cdcd82f5338: Pulling fs layer 
3ac634f20449: Waiting 
a19eeb6546ae: Waiting 
a19eeb6546ae: Downloading 4.398 MB/4.398 MB
4788559f39db: Downloading 102.6 MB/102.6 MB
cc1917e72a80: Download complete 
42feb0ca362a: Download complete 
f74f29b91bbc: Download complete 
d104213bfd22: Download complete 
6db9d2d35d48: Download complete 
806b8ac2f0b7: Download complete 
661bb76178ac: Download complete 
3727be25d45f: Download complete 
04fed213644a: Download complete 
a78f18e044f7: Download complete 
849a2f576c66: Download complete 
259300decf26: Download complete 
0d9f42b121be: Download complete 
2483d273017a: Downloading 24.12 MB/24.12 MB
3dfaf57e1d54: Download complete 
92fbf8438206: Download complete 
7d5100ec575c: Download complete 
52b1dff7320d: Download complete 
500fa7f84392: Download complete 
aff937c2773b: Download complete 
92f8bc1201f3: Download complete 
unexpected EOF

2.3 Docker login

sudo docker login registry.dalten.com
Username (xxxxxx): 
Password: 
Login Succeeded

2.4 Docker推送

sudo docker push registry.dalten.com/docker/php5.6-cli/image
The push refers to a repository [registry.dalten.com/docker/php5.6-cli/image]
d8b353eb3025: Pushed 
f2e85bc0b7b1: Pushed 
fc9e1e5e38f7: Pushed 
fe9a3f9c4559: Pushed 
6a8bf8c8edbd: Pushed 
latest: digest: sha256:ea1d854d38be82f54d39efe2c67000bed1b03348bcc2f3dc094f260855dff368 size: 1357

3. 配置

配置包含我用于运行服务的docker-compose.yml文件。Gitlab正常运行,每个配置都有效。唯一的问题在于注册表。

另一个问题是注册表在不安全状态下工作。问题必须隐藏在负载均衡器(nginx)配置中。(某些标题未发送、限制超过等)

3.1 Gitlab Docker-compose

注意:我删除了无关信息的组合

version: '2'
services:
  registry:
    image: registry:latest
    environment:
      REGISTRY_AUTH_TOKEN_ISSUER: gitlab-issuer
      REGISTRY_AUTH_TOKEN_REALM: https://git.dalten.cz/jwt/auth
      REGISTRY_AUTH_TOKEN_SERVICE: container_registry
      REGISTRY_LOG_LEVEL: debug
      REGISTRY_STORAGE_DELETE_ENABLED: 'true'
      REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE: /certs/fullchain.pem
      REGISTRY_HTTP_SECRET: secret
    volumes:
    - /mnt/storage/srv/gitlab1/data/shared/registry:/registry
    - /mnt/storage/srv/gitlab1/certs:/certs
    ports:
    - 5000:5000/tcp
  gitlab:
    image: sameersbn/gitlab:latest
    hostname: git.dalten.cz
    environment:
      GITLAB_REGISTRY_ENABLED: 'true'
      GITLAB_REGISTRY_HOST: registry.dalten.com
      GITLAB_REGISTRY_API_URL: http://registry:5000
      GITLAB_REGISTRY_ISSUER: gitlab-issuer
      GITLAB_REGISTRY_CERT_PATH: /certs/fullchain.pem
      GITLAB_REGISTRY_KEY_PATH: /certs/privkey.pem
    volumes:
    - /mnt/storage/srv/gitlab1/certs:/certs
    - /mnt/storage/srv/gitlab1/data:/home/git/data/
    ports:
    - 8643:80/tcp
    - 1022:22/tcp

3.2 Nginx注册表docker-compose


version: '2'
services:
  nginx:
    image: sameersbn/nginx:1.10.3
    volumes:
    - /srv/nginx/sites-enabled:/etc/nginx/sites-enabled
    - /mnt/storage/lb/letsencrypt:/etc/nginx/ssl
    ports:
    - 80:80/tcp
    - 443:443/tcp

3.2.1 Nginx虚拟主机文件

我使用Nginx作为我的反向代理配置(负载均衡器)。在其中存储了所有https流量的证书。

    # For versions of Nginx > 1.3.9 that include chunked transfer encoding
# support Replace with appropriate values where necessary
upstream docker-registry {
 server 10.126.0.242:5000;
}

server {
  listen 80;
  server_name registry.dalten.com
  return 301 https://$http_host:$request_uri;
  access_log /var/log/nginx/access.log;
  error_log  /var/log/nginx/error.log;
}

server {
 listen 443 default_server;
 server_name registry.dalten.com

 add_header Docker-Distribution-Api-Version registry/2.0 always;

 ssl on;
 ssl_certificate /etc/nginx/ssl/live/registry.dalten.com/fullchain.pem;
 ssl_certificate_key /etc/nginx/ssl/live/registry.dalten.com/privkey.pem;

  ssl_session_timeout 5m;

 client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image
uploads
 # required to avoid HTTP 411: see Issue #1486
 # (https://github.com/dotcloud/docker/issues/1486)
 chunked_transfer_encoding on;
 proxy_set_header X-Original-URI $request_uri;
 proxy_set_header Docker-Distribution-Api-Version registry/2.0;

access_log /var/log/nginx/access.log;
 error_log /var/log/nginx/error.log;

location /
{
     # let Nginx know about our auth file
     proxy_pass http://docker-registry;
     proxy_set_header Host $host; # required for docker client's sake
     proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
 }
 location /_ping {
     proxy_pass http://docker-registry;
 }
 location /v1/_ping {
     proxy_pass http://docker-registry;
 }
 location /v2/ {
     # To add basic authentication to v2 use auth_basic setting plus
     # add_header
     add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always;
     proxy_pass http://docker-registry;
     proxy_set_header Host $http_host; # required for docker client's sake
     proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
     proxy_read_timeout 900;
 }
}

3. 日志

如需更多日志,请随时提出要求!

3.1 Docker拉取

4. 感谢您的所有帮助!

另外,你有nginx日志吗?可能是因为达到了默认的1024MB的proxy_max_temp_file_size上限。 - Peter Grainger
我的仓库在docker里面,是的。它们是通过挂载卷内部进行挂载的,可以在docker-compose文件中看到。我会更新原始帖子并添加日志,就像您请求的那样。 - Milan Vlach
访问日志:https://pastebin.com/16PhnGUk 错误日志:https://pastebin.com/fzKQGH7Z - Milan Vlach
这是您电脑上的本地Docker实例吗? - Peter Grainger
不幸的是,这似乎无法工作。 - Milan Vlach
显示剩余4条评论
1个回答
4
在nginx虚拟主机配置中添加proxy_max_temp_file_size 0;解决的问题!
有人能详细说明在哪里或如何应用它吗?我尝试在gitlab.rb文件中添加registry_nginx['proxy_max_temp_file_size'] = 0,然后重新加载nginx,但在拉取docker镜像时仍然出现“Unexpected EOF”。 - Gostega
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接