1. 背景介绍

首先我们的私有仓库使用nexus oss 搭建, 默认是没有docker client https访问的; 根据nexus的文档在部署nexus的服务器上搭建一个NGINX, 通过配置反向代理来实现镜像仓库的https访问. 为了方便又配置两个内网的域名来分别做推和拉镜像.

• 推送地址: registry-in-push.xxxxxx.com
• 拉取地址: registry-in-pull.xxxxxx.com

除此之外, 创建了新的内网域名指向portal:

• portal:

2. nginx docker.conf

server {    listen       443 ssl;    server_name  registry-in-pull.xxxxxx.com;    ssl_certificate      /etc/nginx/conf.d/xxxxxx.com.pem;    ssl_certificate_key  /etc/nginx/conf.d/xxxxxx.com.key;    ssl_session_timeout  5m;    location / {        proxy_pass http://localhost:5001;    }}server {    listen       443 ssl;    server_name  registry-in-push.xxxxxx.com;    ssl_certificate      /etc/nginx/conf.d/xxxxxx.com.pem;    ssl_certificate_key  /etc/nginx/conf.d/xxxxxx.com.key;    ssl_session_timeout  5m;    location / {        proxy_pass http://localhost:5000;    }

3. 使用方法

首先链接内网VPN, 然后使用下面的命令尝试访问:

# 登录, username:admin, password: admin123docker login registry-in-pull.xxxxxx.com# 拉镜像docker pull registry-in-pull.xxxxxx.com/kong# k8s创建仓库访问凭证, 注意替换原来的 imagePullSecrets.namekubectl -n production create secret docker-registry nexus --docker-server=registry-in-pull.xxxxxx.com --docker-username=yyyy --docker-password=yyyy--docker-email=jimmy.wang@xxxxxx.com

4. 参考文档