修改/etc/init/pkg-Docker-dockerd.conf文件
将exec /var/packages/Docker/target/usr/bin/dockerd --config-file /var/packages/Docker/etc/dockerd.json替换为下面
增加自己的代理配置
script
export HTTP_PROXY=http://127.0.0.1:1080
export HTTPS_PROXY=http://127.0.0.1:1080
exec /var/packages/Docker/target/usr/bin/dockerd --config-file /var/packages/Docker/etc/dockerd.json
end script
然后重启docker服务
/var/packages/Docker/scripts/start-stop-status stop
/var/packages/Docker/scripts/start-stop-status start
然后就可以通过docker pull拉取镜像了。
如:
docker pull youshandefeiyang/allinone
但报错了:
error pulling image configuration: Get "https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/a3/a32a795d65038d311cd0eb91410197d81e8046fa1c4d97a7fcbe40cf809d18fd/data?expires=1738837286&signature=BBuZwcMI1i5Jg344UmVtxvh2AX0%3D&version=2": x509: certificate signed by unknown authority
这个Docker客户端无法验证服务器证书导致的,需要更新群晖的根证书
从这个网站https://www.digicert.com/kb/digicert-root-certificates.htm下载根证书公钥DigiCert Global Root CA
将其保存到:/usr/local/share/ca-certificates/DigiCertAssuredIDRootCA.crt.pem
但群晖中没有update-ca-certificates命令,无法更新根证书。
所以,需要手动将根证书聚合到全局受信PEM文件:
cat /usr/local/share/ca-certificates/DigiCertAssuredIDRootCA.crt.pem >> /etc/ssl/certs/ca-certificates.crt
然后,验证是否生效。
root@personal_nas:/usr/local/share/ca-certificates# openssl verify -CAfile /etc/ssl/certs/ca-certificates.crt DigiCertAssuredIDRootCA.crt.pem
DigiCertAssuredIDRootCA.crt.pem: OK
然后,就可以docker pull镜像啦
群晖通过代理让docker pull拉取镜像:等您坐沙发呢!