360SDN.COM

docker 构建 https 私有本地镜像仓库 Registry【测试有效】

来源:  2019-06-14 15:04:48    评论:0点击:


来源:https://www.cnblogs.com/dingyingsi/p/9560906.html
1.修改当前主机名:

vi /etc/hosts
192.168.184.166 mydockerhub.com

以下操作在master机器
2.安装docker

 docker install docker

3.拉取仓库镜像

 docker pull registry

4.生成认证certificate

 mkdir ~/certs
 openssl req -newkey rsa:4096 -nodes -sha256 -keyout /root/certs/domain.key  -x509 -days 365 -out /root/certs/domain.crt
注意在以下Common Name一项需要填写域名
ountry Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:mydockerhub.com

5.复制认证到docker
 mkdir /etc/docker/certs.d/
 mkdir /etc/docker/certs.d/mydockerhub.com:5000
 cp /root/certs/domain.crt  /etc/docker/certs.d/mydockerhub.com:5000/ca.crt

6.复制认证到本机

 cat /root/certs/domain.crt >> /etc/pki/tls/certs/ca-bundle.crt

7.启动http basic authentication仓库

docker run -d \
--name registry \
-p 5000:5000 \
--restart=always \
--privileged=true \
-v /root/docker/registry:/var/lib/registry \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-v /root/auth:/root/auth \
-e "REGISTRY_AUTH_HTPASSWD_PATH=/root/auth/htpasswd" \
-v /root/certs/:/root/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/root/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/root/certs/domain.key \
registry


8.创建一个镜像

docker pull tomcat
docker tag tomcat mydockerhub.com:5000/tomcat:v1 //给当前镜像打标签


9.推送镜像到https私有仓库

docker push mydockerhub.com:5000/tomcat:v1

10.删除本地镜像并重新从https私有仓库拉取镜像

docker rmi mydockerhub.com:5000/tomcat:v1
docker pull mydockerhub.com:5000/tomcat:v1

 11.添加http basic authentication

docker run --entrypoint htpasswd  registry:2 -Bbn testuser testpassword > /root/auth/htpasswd

12.停止仓库

docker stop  2a4c76559e18
docker start 2a4c76559e18

13.登录仓库

docker login mydockerhub.com:5000
username:testuser
password:testpassword

14.其他服务器用这个私有仓库,直接复制docker的仓库服务器下的/etc/docker/cert.d/下的mydockerhub.com:5000/ca.cert目录和文件,到自己的/etc/docker/cert.d/目录下即可。
scp  /etc/docker/certs.d/mydockerhub.com:5000/ca.crt root@node机器ip:/etc/docker/certs.d/mydockerhub.com:5000/ca.crt

以下在node机器执行
docker pull mydockerhub.com:5000/tomcat:v1

参考文档:https://docs.docker.com/registry/deploying/running-a-domain-registry
为您推荐

友情链接 |九搜汽车网 |手机ok生活信息网|ok生活信息网|ok微生活
 Powered by www.360SDN.COM   京ICP备11022651号-4 © 2012-2016 版权