registry證書生成和發佈

時間  2019-11-30
標籤 registry 證書 生成 發佈 简体版
原文   原文鏈接

1.registry服務端證書生成:node

[root@docker2 ~]# mkdir registry_certs
root@docker2 ~]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout registry_certs/domain.key -x509 -days 365 -out registry_certs/domain.crt
Generating a 4096 bit RSA private key
..........................................................................................................................++
..............++
writing new private key to 'registry_certs/domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:docker2 注:鏡像寄存服務器主機名(也可以使用IP地址)
Email Address []:
[root@docker2 ~]# ls registry_certs/
domain.crt  domain.key

使用IP地址做爲Common Name:redis

IP地址設置Subject Alternative Name,編輯openssl.cnf,在[v3_ca]下面添加:subjectAltName = IP:IP地址,common name爲ip地址不便的地方是當鏡像寄存服務器ip地址變化時得修改鏡像標籤。docker

[root@docker2 ~]# vim /etc/pki/tls/openssl.cnf
在[ v3_ca ] 添加下行:
subjectAltName = IP:192.168.88.130

2.將證書頒發給訪問服務器vim

[root@pysaber ~]# mkdir -p /etc/docker/certs.d/192.168.88.130:5000
[root@pysaber ~]# scp root@192.168.88.130:/root/registry_certs/domain.crt /etc/docker/certs.d/192.168.88.130:5000/ca.crt

3.訪問服務器將生成的私有證書追加到系統的證書管理文件,docker服務從新啓動
服務器

[root@pysaber ~]# cat /etc/docker/certs.d/192.168.88.130\:5000/ca.crt >> /etc/pki/tls/certs/ca-bundle.crt

4.啓動鏡像寄存服務器dom

[root@docker2 ~]# docker run -d -p 5000:5000 -v $(pwd)/registry_certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key --restart=always --name registry registry:2.2
44b26b2d474793559e9d71a499be23fdddfdd3d7f44d3db896809e102e412678

5.鏡像上傳ui

[root@pysaber ~]# docker push docker2:5000/redis:latest
The push refers to a repository [docker2:5000/redis]
0ea23dbb18ab: Pushed 
036b23f466ca: Pushed 
23cfd5584151: Pushed 
0a5fa8924bd6: Pushed 
4f442ee57ce8: Pushed 
6744ca1b1190: Pushed 
latest: digest: sha256:5266020ee7b599a5f7dd09152fc1c5840b71e2febe0c6795186854cc36dc6e30 size: 11033
相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程