Certificate configured, failed to pull image Error
Closed this issue · 2 comments
zuiyue-com commented
core@core:$ sudo docker pull ivories/redis$
Using default tag: latest
Error response from daemon: Get "https://registry-1.docker.io/v2/": tls: failed to verify certificate: x509: certificate signed by unknown authority
core@core:
My dfget.yaml configuration is as follows
aliveTime: 0s
gcInterval: 1m0s
workHome: ''
logDir: ''
cacheDir: ''
pluginDir: ''
dataDir: ''
keepStorage: true
console: false
verbose: true
pprof-port: -1
jaeger: ""
scheduler:
manager:
enable: true
netAddrs:
- type: tcp
addr: 120.232.127.22:65003
refreshInterval: 10s
seedPeer:
enable: true
type: super
clusterID: 1
keepAlive:
# Keep alive internal.
internal: 5s
# schedule timeout
scheduleTimeout: 30s
# when true, only scheduler says back source, daemon can back source
disableAutoBackSource: false
# Current host info used for scheduler.
host:
# # Access ip for other peers,
# # when local ip is different with access ip, advertiseIP should be set.
advertiseIP: 120.232.127.22
# Geographical location, separated by "|" characters.
location: ''
# IDC deployed by daemon.
idc: ''
# Daemon hostname.
# hostname: ""
download:
calculateDigest: true
totalRateLimit: 2048Mi
perPeerRateLimit: 1024Mi
pieceDownloadTimeout: 30s
prefetch: false
transportOption:
dialTimeout: 2s
keepAlive: 30s
maxIdleConns: 100
idleConnTimeout: 90s
responseHeaderTimeout: 2s
tlsHandshakeTimeout: 1s
expectContinueTimeout: 2s
concurrent:
thresholdSize: 10M
thresholdSpeed: 2M
goroutineCount: 4
initBackoff: 0.5
maxBackoff: 3
maxAttempts: 3
downloadGRPC:
security:
insecure: true
cacert: ''
cert: 'ca.crt'
key: 'ca.key'
tlsVerify: true
tlsConfig: null
unixListen:
socket: ''
peerGRPC:
security:
insecure: true
cacert: ''
cert: 'ca.crt'
key: 'ca.key'
tlsVerify: true
tcpListen:
port: 65000
upload:
rateLimit: 2048Mi
security:
insecure: true
cacert: ''
cert: 'ca.crt'
key: 'ca.key'
tlsVerify: false
tcpListen:
port: 65002
objectStorage:
enable: false
filter: 'Expires&Signature&ns'
maxReplicas: 3
security:
insecure: true
tlsVerify: true
tcpListen:
port: 65004
storage:
taskExpireTime: 6h
strategy: io.d7y.storage.v2.simple
diskGCThreshold: 50Gi
diskGCThresholdPercent: 80
multiplex: true
# Health service option.
health:
security:
insecure: true
cacert: ''
cert: 'ca.crt'
key: 'ca.key'
tlsVerify: false
tcpListen:
port: 40902
proxy:
defaultFilter: 'Expires&Signature&ns'
defaultTag: ''
security:
insecure: true
cacert: ''
cert: 'ca.crt'
key: 'ca.key'
tlsVerify: false
tcpListen:
namespace: ''
port: 65001
registryMirror:
dynamic: true
url: https://index.docker.io
insecure: true
certs: []
direct: false
useProxies: false
proxies:
- regx: blobs/sha256.*
- regx: file-server.*
- regx: some-registry/
useHTTPS: true
- regx: no-proxy-reg
direct: true
- regx: some-registry
redirect: another-registry
- regx: ^http://some-registry/(.*)
redirect: http://another-registry/$1
hijackHTTPS:
cert: 'ca.crt'
key: 'ca.key'
hosts:
- regx: ".*" # regexp to match request hosts
insecure: true
certs: []
maxConcurrency: 0
whiteList:
- host: ""
regx: ".*"
ports:
security:
autoIssueCert: false
caCert: ''
tlsVerify: false
tlsPolicy: 'prefer'
certSpec:
validityPeriod: 4320h
network:
# Enable ipv6.
enableIPv6: false
zuiyue-com commented
已经解决:
参考https://d7y.io/zh/docs/next/setup/runtime/docker/
为了忽略您的证书错误,您需要在 /etc/docker/daemon.json 中把 insecure-registries 设置为您的私有代理:
{
"insecure-registries": ["your.private.registry"]
}