2. it技术
  3. docker配置代理pull报错:proxyconnect tcp: tls: first record does not look like a TLS handshake

docker配置代理pull报错:proxyconnect tcp: tls: first record does not look like a TLS handshake

it2024-04-13  43

1、docker pull mysql报错

[root@k8s docker.service.d]# docker pull mysql Using default tag: latest Error response from daemon: Get https://registry-1.docker.io/v2/: proxyconnect tcp: tls: first record does not look like a TLS handshake

2、查看代理配置

[root@k8s docker.service.d]# sudo systemctl show --property=Environment docker Environment=HTTP_PROXY=http://proxy.scott.net:8081 HTTPS_PROXY=https://proxy.scott.net:8081 NO_PROXY=localhost,127.0.0.1 [root@k8s docker.service.d]#

3、代理配置是参考https://docs.docker.com/config/daemon/systemd/

3.1 Create a systemd drop-in directory for the docker service

sudo mkdir -p /etc/systemd/system/docker.service.d

3.2 Create a file named /etc/systemd/system/docker.service.d/http-proxy.conf that adds the HTTP_PROXY environment variable:

[Service] Environment="HTTP_PROXY=http://proxy.example.com:80"

If you are behind an HTTPS proxy server, set the HTTPS_PROXY environment variable:

[Service] Environment="HTTPS_PROXY=https://proxy.example.com:443"

Multiple environment variables can be set; to set both a non-HTTPS and a HTTPs proxy;

[Service] Environment="HTTP_PROXY=http://proxy.example.com:80" Environment="HTTPS_PROXY=https://proxy.example.com:443"

3.3 

If you have internal Docker registries that you need to contact without proxying you can specify them via the NO_PROXY environment variable.

The NO_PROXY variable specifies a string that contains comma-separated values for hosts that should be excluded from proxying. These are the options you can specify to exclude hosts:

IP address prefix (1.2.3.4)Domain name, or a special DNS label (*)A domain name matches that name and all subdomains. A domain name with a leading “.” matches subdomains only. For example, given the domains foo.example.com and example.com: example.com matches example.com and foo.example.com, and.example.com matches only foo.example.comA single asterisk (*) indicates that no proxying should be doneLiteral port numbers are accepted by IP address prefixes (1.2.3.4:80) and domain names (foo.example.com:80)

Config example:

[Service] Environment="HTTP_PROXY=http://proxy.example.com:80" Environment="HTTPS_PROXY=https://proxy.example.com:443" Environment="NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp"

3.4 Flush changes and restart Docker

sudo systemctl daemon-reload sudo systemctl restart docker

3.5 Verify that the configuration has been loaded and matches the changes you made, for example:

sudo systemctl show --property=Environment docker Environment=HTTP_PROXY=http://proxy.example.com:80 HTTPS_PROXY=https://proxy.example.com:443 NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp

4、查看docker info 

[root@k8s ~]# docker info Client: Debug Mode: false Server: Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 19.03.13 Storage Driver: overlay2 Backing Filesystem: xfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 8fba4e9a7d01810a393d5d25a3621dc101981175 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd init version: fec3683 Security Options: seccomp Profile: default Kernel Version: 3.10.0-693.el7.x86_64 Operating System: CentOS Linux 7 (Core) OSType: linux Architecture: x86_64 CPUs: 4 Total Memory: 2.875GiB Name: k8s ID: 3547:O4LB:HJ52:ERHQ:2CWG:UURI:FUYC:EK4J:CLEO:LIYS:UWQ3:BFFI Docker Root Dir: /var/lib/docker Debug Mode: false HTTP Proxy: http://proxy.scott.net:8081/ HTTPS Proxy: https://proxy.scott.net:8081/ No Proxy: localhost,127.0.0.1 Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Registry Mirrors: https://docker.mirrors.ustc.edu.cn/ Live Restore Enabled: false

5、修改配置文件/etc/systemd/system/docker.service.d/http-proxy.conf,去掉HTTPS_PROXY

修改前

[root@k8s docker.service.d]# cat https-proxy.conf [Service] Environment="HTTP_PROXY=http://proxy.scott.net:8081/" "HTTPS_PROXY=https://proxy.scott.net:8081/" "NO_PROXY=localhost,127.0.0.1"

修改后

[root@k8s docker.service.d]# cat https-proxy.conf [Service] Environment="HTTP_PROXY=http://proxy.scott.net:8081/" "NO_PROXY=localhost,127.0.0.1"

docker info

[root@k8s docker.service.d]# docker info Client: Debug Mode: false Server: Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 19.03.13 Storage Driver: overlay2 Backing Filesystem: xfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 8fba4e9a7d01810a393d5d25a3621dc101981175 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd init version: fec3683 Security Options: seccomp Profile: default Kernel Version: 3.10.0-693.el7.x86_64 Operating System: CentOS Linux 7 (Core) OSType: linux Architecture: x86_64 CPUs: 4 Total Memory: 2.875GiB Name: k8s ID: 3547:O4LB:HJ52:ERHQ:2CWG:UURI:FUYC:EK4J:CLEO:LIYS:UWQ3:BFFI Docker Root Dir: /var/lib/docker Debug Mode: false HTTP Proxy: http://proxy.scott.net:8081/ No Proxy: localhost,127.0.0.1 Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Registry Mirrors: https://docker.mirrors.ustc.edu.cn/ Live Restore Enabled: false

6、Flush changes and restart Docker

sudo systemctl daemon-reload sudo systemctl restart docker

7、查看docker代理

[root@k8s docker.service.d]# sudo systemctl show --property=Environment docker Environment=HTTP_PROXY=http://proxy.scott.net:8081/ NO_PROXY=localhost,127.0.0.1

8、pull

[root@k8s docker.service.d]# docker pull mysql Using default tag: latest latest: Pulling from library/mysql bb79b6b2107f: Pull complete 49e22f6fb9f7: Pull complete 842b1255668c: Pull complete 9f48d1f43000: Pull complete c693f0615bce: Pull complete 8a621b9dbed2: Pull complete 0807d32aef13: Pull complete a56aca0feb17: Pull complete de9d45fd0f07: Pull complete 1d68a49161cc: Pull complete 47834b5a7c81: Pull complete 7b0764b0009c: Pull complete Digest: sha256:b30e3c13ab71f51c7951120826671d56586afb8d9e1988c480b8673c8570eb74 Status: Downloaded newer image for mysql:latest docker.io/library/mysql:latest

 

最新回复(0)