问题
is it possible to proxy a private docker registry that runs on docker distribution using nexus oss 3?
i am able to successfully proxy the docker hub, however when i try to proxy my own internal registry, i just end up with image not found errors.
2016-08-31 15:58:21,457+0000 WARN [qtp331814152-140] admin org.sonatype.nexus.repository.docker.internal.V1Handlers - Error: GET /v1/repositories/company-npm/images: 404 - org.sonatype.nexus.repository.docker.internal.V1Exception$ImagesNotFound: images not found
2016-08-31 15:58:30,764+0000 WARN [qtp331814152-140] admin org.sonatype.nexus.repository.docker.internal.V2Handlers - Error: GET /v2/library/company-java/manifests/latest: 404 - org.sonatype.nexus.repository.docker.internal.V2Exception: manifest unknown
2016-08-31 15:58:30,811+0000 WARN [qtp331814152-51] admin org.sonatype.nexus.repository.docker.internal.V1Handlers - Error: GET /v1/repositories/company-java/images: 404 - org.sonatype.nexus.repository.docker.internal.V1Exception$ImagesNotFound: images not found
2016-08-31 15:58:46,379+0000 WARN [qtp331814152-164] admin org.sonatype.nexus.repository.docker.internal.V2Handlers - Error: GET /v2/library/company-java/manifests/6.0.0: 404 - org.sonatype.nexus.repository.docker.internal.V2Exception: manifest unknown
the documentation for the feature does not seem to indicate if this is supported.
回答1:
I had this same issue with Nexus 3.0.1-01. For me the problem came down to namespacing. Nexus inserts the /library namespace for all repository access commands when a namespace is left blank. See https://books.sonatype.com/nexus-book/3.0/reference/docker.html section 9.8.
So for example if I push an image to a hosted repository:
docker push my-registry.com:5000/myimage:latest
The proxy registry looks for the image as:
docker pull my-registry.com:5000/library/myimage:latest
Which of course doesn't exist. (It would be really great if Nexus would add the /library namespace automatically on image push, or at least make this a configurable option at the repo level).
If you were to do the following:
docker push my-registry:5000/library/myimage:latest
or even:
docker push my-registry:5000/mynamespace/myimage:latest
The your proxy will be able to find the image.
docker pull my-proxy-registry:5000/mynamespace/myimage:latest
来源:https://stackoverflow.com/questions/39254652/proxy-private-docker-registry-using-nexus-3