Docker部署註冊中心、Docker建立私有鏡像庫、自簽名證書、Deploy a registry server
這是我在內部部署Docker Registry時記錄下來的筆記,操做環境是Centos 七、Docker 18.06.1-cehtml
一、運行registrynode
我當前所使用的主機的IP是192.168.1.249,工做目錄在:/data/docker/registry,nginx
-
# docker run -d -p 5000:5000 --restart always --name registry \
-
-v /data/docker/registry/data:/var/lib/registry registry:2
此時訪問,http://192.168.1.249:5000/v2/_catalog ,返回正常(空json對象),證實部署成功。docker
二、測試提交鏡像json
-
# docker pull nginx:alpine
-
# docker tag nginx:alpine 192.168.1.249:5000/nginx-alpine
-
# docker push 192.168.1.249:5000/nginx-alpine
實際不成功,返回錯誤以下:vim
-
The push refers
to repository [
192.168.
1.249:
5000/nginx-alpine]
-
Get https:
//192.168.1.249:5000/v2/: http: server gave HTTP response to HTTPS client
查看文檔得知,在配置文件中添加insecure-registries而後重啓docker便可,以下:bash
-
# vim /etc/docker/daemon.json
-
{
-
"insecure-registries": [
"192.168.1.249:5000"]
-
}
-
# systemctl restart docker
此時再push果真成功,除了使用配置文件,下面來配置使用自簽名證書。dom
三、使用自簽名證書curl
生成證書要使用域名,我這裏定爲:registry.docker.local,(不用域名,直接用IP的話,要修改openssl配置文件,建議用域名)測試
-
# mkdir -p /data/docker/registry/certs
-
# openssl req \
-
-newkey rsa:4096 -nodes -sha256 -keyout /data/docker/registry/certs/domain.key \
-
-x509 -days 365 -out /data/docker/registry/certs/domain.crt
生成證書時要輸入一些信息,注意Common Name要輸入你使用的域名,其它可直接回車,以下:
-
Country
Name (
2 letter code) [XX]:
-
State
or Province
Name (full
name) []:
-
Locality
Name (eg, city) [
Default City]:
-
Organization
Name (eg, company) [
Default Company Ltd]:
-
Organizational
Unit
Name (eg, section) []:
-
Common
Name (eg, your
name
or your server
's hostname) []:registry.docker.local
-
Email Address []:
啓動容器(相關參數按狀況調整下,如你可以使用443端口,這樣在後續就不用帶5000這個端口),以下:
-
# docker run -d \
-
--restart=always \
-
--name registry \
-
-v /data/docker/registry/data:/var/lib/registry \
-
-v /data/docker/registry/certs:/certs \
-
-e REGISTRY_HTTP_ADDR=0.0.0.0:5000 \
-
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
-
-p 5000:5000 \
-
registry:2
四、測試使用
注意,因爲是隨便自定義的域名,記得先把域名 registry.docker.local添加到/etc/hosts文件,
-
# docker tag nginx:alpine registry.docker.local:5000/nginx-alpine
-
# docker push registry.docker.local:5000/nginx-alpine
此時報錯,以下:
-
The push refers
to repository [registry.docker.
local:
5000/nginx-alpine]
-
Get https:
//registry.docker.local:5000/v2/: x509: certificate signed by unknown authority
看文檔,得知要把 domain.crt 文件放到 /etc/docker/certs.d/registry.docker.local:5000/ca.crt ,(注意,你在哪臺機作push操做,就放到哪臺機呀)
-
# mkdir -p /etc/docker/certs.d/registry.docker.local:5000
-
# cp xxx/domain.crt /etc/docker/certs.d/registry.docker.local:5000/
這時候再push就成功了,以下:
-
# docker push registry.docker.local:5000/nginx-alpine
-
The
push refers to repository [registry.docker.local:
5000/nginx-alpine]
-
a83dbde6ba05: Layer already
exists
-
431a5c7929dd: Layer already
exists
-
39e8483b9882: Layer already
exists
-
df64d3292fd6: Layer already
exists
-
latest: digest: sha256:
57a94fc99816c6aa225678b738ac40d85422e75dbb96115f1bb9b6ed77176166 size:
1153
訪問 https://registry.docker.local:5000/v2/_catalog,也看到結果,以下:
-
# curl https://registry.docker.local:5000/v2/_catalog --insecure
-
{
"repositories":[
"nginx-alpine"]}
看來自定義證書還很不方便,可使用免費證書:https://letsencrypt.org (Let's Encrypt)
參考:
https://docs.docker.com/registry/deploying/
https://docs.docker.com/registry/insecure/#deploy-a-plain-http-registry
- 1. Docker部署註冊中心、Docker建立私有鏡像庫、自簽名證書、Deploy a registry server
- 2. Docker registry自簽名證書
- 3. docker 建立私有鏡像之 registry
- 4. 搭建docker registry私有鏡像倉庫
- 5. Docker 搭建私有鏡像倉庫Registry
- 6. docker部署harbor私有鏡像庫(3)
- 7. 部署私有Docker Registry
- 8. centos7上安裝部署私有鏡像倉庫(docker-registry)
- 9. 10.部署私有 docker registry
- 10. Docker建立私有Registry
- 更多相關文章...
- • Docker 鏡像加速 - Docker教程
- • Docker 鏡像使用 - Docker教程
- • Docker容器實戰(一) - 封神Server端技術
- • Spring Cloud 微服務實戰(三) - 服務註冊與發現
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. Docker部署註冊中心、Docker建立私有鏡像庫、自簽名證書、Deploy a registry server
- 2. Docker registry自簽名證書
- 3. docker 建立私有鏡像之 registry
- 4. 搭建docker registry私有鏡像倉庫
- 5. Docker 搭建私有鏡像倉庫Registry
- 6. docker部署harbor私有鏡像庫(3)
- 7. 部署私有Docker Registry
- 8. centos7上安裝部署私有鏡像倉庫(docker-registry)
- 9. 10.部署私有 docker registry
- 10. Docker建立私有Registry