https://rancher.com/ logo
Join Slack
Powered by
This message was deleted.
# rancher-setup
a
This message was deleted.
p
I myself use a private repository for docker, but it's an artifactory and i'm using a reverseproxy with uses rewrite rules to serve a nice "docker.mycompany.com'". I believe you should have a repository under nexus called "docker" of some kind. try with
Copy code
<http://labo.bi:8082/nexus2/docker/(reponame)>
or
Copy code
<http://labo.bi:8082/nexus2/(reponame)>
maybe?
if you don't know what reponame is supposed to be, try 'docker'
this is what my reverseproxy does for artifactory for example
Copy code
RewriteCond "%{REQUEST_URI}" "^/(v1|v2)/"
    RewriteCond "%{HTTP_HOST}" "^docker.mycompany.com$"
    RewriteRule "^/(v1|v2)/(.*)$" "/artifactory/api/docker/docker/$1/$2"
and i can user docker.mycompany.com/nginx:latest and it works
f
Personnaly When i need to dlownload an image I do
Copy code
[root@server1 ~]# docker pull 192.168.137.50:8082/nginx
Using default tag: latest
latest: Pulling from nginx
09f376ebb190: Pulling fs layer 
a11fc495bafd: Downloading [>                                                  ]  419.3kB/41.83MB
933cc8470577: Pulling fs layer 
999643392fb7: Waiting 
971bb7f4fb12: Waiting 
45337c09cd57: Pulling fs layer 
de3b062c0af7: Waiting
But before that I did configure the 
/etc/docker/daemon.json
Copy code
{
  "insecure-registries": [
    "<http://repo.labo.bi:8082|repo.labo.bi:8082>",
    "192.168.137.50:8082",
    "<http://repo.labo.bi:8083|repo.labo.bi:8083>",
    "192.168.137.50:8083"
  ],
  "registry-mirrors": [
    "<http://repo.labo.bi:8082>",
    "<http://192.168.137.50:8082>",
    "<http://repo.labo.bi:8083>",
    "<http://192.168.137.50:8083>"
  ]
}
what reverseproxy do you use ?
p
apache
but nexus doesn't seems to need one
Im not experienced with nexus
f
IDK
But do you need configuration in the 
/etc/docker/daemon.json
?
p
Nope but i never needed to pull from the private repo from docker directly
Always through rancher for workloads image, my nodes have internet access
(and while my artifactory can do passtrhoughn, i only use it for private images anyway)
f
can i get a screenshot of the registeries? That will help me a lot I think.
p
I don't even know where that page is located, never used it
f
you reverseproxy add a tls ? or you use http ?
p
When i want to use a private image, i just use uses "docker.mycompany.com/myimage:tag"
always used it that way
My reverse proxy just mangles with the request uri and exposes http, but in front of the reverse proxy i have a load balancer that manages tls
f
I think there, i'm not sure 🤔
p
nothing of interest, really
f
Mmm so idk how you cluster use you repo
But you are online ?
AAA you use it only for you image not everything okay
p
Yes i am not using an air-gappd install like you
1
But those repos are not docker repositories you see
f
so how do you config the tls just to know in the futur
p
I use an ovh loadbalancer, that manages tls with a wildcard certificate. Dirty AF, but low on maintenance.
🤣 1
Basically, a lot of my bakcbone infrastructure is just made for minimal maintenance as i'm in a very small company and i'm the sole sysadmin.
Thus no airgappes, tls mangling externally of the kubes/docker infra, etc.
f
Yes, I think you do not need to create repositories in your rancher. You only do it via the YAML file? like this 
<http://docker.mycompany.com/myimage:tag|docker.mycompany.com/myimage:tag>
so it know were to go
p
yep
f
So inside your cluster, you don't have to do anything, you don't have TLS.
p
Yep
It's as shrimple as that
It's not robust, it's not scalable, but it doesn't need to be
f
But I think you normally need to configure the HTTP client otherwise containerd try https and getting error like this no ? 
http : server gave HTTP response to HTTPS client
Once I did get something like this.
p
Yeah, but my docker.company does answer bia https, because the address ip of all my services are my load balancer
👍 1
f
Thanks for the answer!
5 Views
Open in Slack
PreviousNext
Powered by