问题描述:

在centos7系统上使用命令yum -y install docker安装的docker,在下载镜像的时候速度非常慢,最后镜像下载失败,报“net/http: TLS handshake timeout”的错误:

[root@localhost ~]# docker run -d --restart=unless-stopped -p 8080:8080 -p 9345:9345 rancher/server:stable      --db-host 10.0.0.101 --db-port 3306 --db-user rancher --db-pass rancher --db-name rancher      --advertise-address 10.0.0.103
Unable to find image 'rancher/server:stable' locally
Trying to pull repository docker.io/rancher/server ... 
stable: Pulling from docker.io/rancher/server
bae382666908: Pulling fs layer 
29ede3c02ff2: Pulling fs layer 
da4e69f33106: Pulling fs layer 
8d43e5f5d27f: Waiting 
b0de1abb17d6: Waiting 
422f47db4517: Waiting 
79d37de643ce: Waiting 
69d13e08a4fe: Waiting 
2ddfd3c6a2b7: Waiting 
bc433fed3823: Waiting 
b82e188df556: Waiting 
dae2802428a4: Waiting 
a6247572ea3c: Waiting 
884c916ebae4: Waiting 
85517c9c5365: Waiting 
02dded9fe690: Waiting 
fd9f433c3bc6: Waiting 
44d91b3fea45: Waiting 
0d463387dfeb: Waiting 
60753c4d26f0: Waiting 
a003892966fe: Waiting 
/usr/bin/docker-current: error pulling image configuration: Get https://dseasb33srnrn.cloudfront.net/registry-v2/docker/registry/v2/blobs/sha256/d6/d63b9b4bd2059242e826eaf0cbc879d5728a82cb6ddcd9dcd844bb9257f3fd0a/data?Expires=1521809033&Signature=JBuzPXx14~-I6-mnzBMR5d4At3sU~0TszPc8dhNI45ORRxk8DLXzK-aU3AZk~J-pHdXJ3q6w7w9Y6-WFU8M36FRxFDZC8xwWZE-KVZtZg8mcjC~vAbPiq8RQaSXuk9IieIkTfYoC4mUt2N~lWM34dGuOoyGyuEEIVWISVxu8Uus_&Key-Pair-Id=APKAJECH5M7VWIS5YZ6Q: net/http: TLS handshake timeout.
See '/usr/bin/docker-current run --help'.
[root@localhost ~]# 

原因分析:

docker默认镜像拉取地址为国外仓库下载速度较慢,则会报错“net/http: TLS handshake timeout”。
此时,只需要将拉取地址改为国内镜像仓库即可。

解决过程:

在docker配置文件/etc/sysconfig/docke的OPTIONS中添加“--registry-mirror=https://fzhifedh.mirror.aliyuncs.com

[root@localhost ~]# vim /etc/sysconfig/docker

# /etc/sysconfig/docker

# Modify these options if you want to change the way the docker daemon runs
#OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false'
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --registry-mirror=https://fzhifedh.mirror.aliyuncs.com '    #换默认源地址

#DOCKER_OPTS="$DOCKER_OPTS --registry-mirror=http://f2d6cb40.m.daocloud.io"
if [ -z "${DOCKER_CERT_PATH}" ]; then
    DOCKER_CERT_PATH=/etc/docker
fi

# Do not add registries in this file anymore. Use /etc/containers/registries.conf
# from the atomic-registries package.
#

然后重新下载镜像,速度很快,而且正常了:

[root@localhost ~]# docker ps -a
CONTAINER ID        IMAGE                   COMMAND                  CREATED             STATUS              PORTS                                                      NAMES
6e3e55edcc21        rancher/server:stable   "/usr/bin/entry --..."   9 minutes ago       Up 9 minutes        3306/tcp, 0.0.0.0:9345->9345/tcp, 0.0.0.0:8080->8080/tcp   flamboyant_haibt
[root@localhost ~]#