1panel 运行环境拉取镜像错误
问题
启动失败: node Pulling node Error Get "https://registry-1.docker.io/v2/": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers) Error response from daemon:
Get "https://registry-1.docker.io/v2/": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
分析问题
很显然是无法访问 docker api 那么首先,用 curl 获取更多完整的信息
root@ser6658919242032:~/.ssh# curl -v https://registry-1.docker.io/v2/
* Trying 31.13.86.21:443...
* Connected to registry-1.docker.io (31.13.86.21) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=California; L=Menlo Park; O=Meta Platforms, Inc.; CN=*.facebook.com
* start date: Jul 24 00:00:00 2024 GMT
* expire date: Oct 22 23:59:59 2024 GMT
* subjectAltName does not match registry-1.docker.io
* SSL: no alternative certificate subject name matches target host name 'registry-1.docker.io'
* Closing connection 0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS alert, close notify (256):
curl: (60) SSL: no alternative certificate subject name matches target host name 'registry-1.docker.io'
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
根据返回结果,问题在于 SSL 证书的验证失败。
详细分析来看,curl 连接到了 registry-1.docker.io 这个域名,但返回的证书是与 *.facebook.com 相关联的,说明可能在域名解析时出现了问题。
解决
临时修改
通过 工具箱 -> DNS -> 全部配置
将
nameserver 127.0.0.53
修改为
nameserver 8.8.8.8
nameserver 1.1.1.1
nameserver 127.0.0.53
永久修改
通过修改 systemd-resolved 的配置文件
systemd-resolved 是现代 Linux 系统中管理 DNS 解析的守护进程。要永久设置 DNS,你需要修改其配置文件。
步骤 1:编辑 /etc/systemd/resolved.conf
使用编辑器打开 resolved.conf 文件:
sudo vim /etc/systemd/resolved.conf
找到 DNS= 和 FallbackDNS= 行,并设置你想要的 DNS 服务器。例如,使用 Google 和 Cloudflare 的 DNS:
[Resolve]
DNS=8.8.8.8 1.1.1.1
FallbackDNS=8.8.4.4 1.0.0.1
你可以根据需要修改这些 DNS 服务器地址。DNS 是主要使用的服务器,FallbackDNS 是在主要 DNS 服务器不可用时的备用服务器。
步骤 2:重启 systemd-resolved 服务
保存文件后,重启 systemd-resolved 以应用更改:
sudo systemctl restart systemd-resolved
步骤 3:确保 resolv.conf 链接到 systemd-resolved
确保 /etc/resolv.conf 文件是指向 systemd-resolved 管理的文件。你可以使用以下命令重新创建正确的符号链接:
sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
这个文件应该会自动包含你在 resolved.conf 中设置的 DNS 服务器。