基於centos6.7的docker私有倉庫搭建

時間 2019-12-19

標籤基於 centos6.7 centos docker 私有倉庫搭建欄目 CentOS 简体版

原文原文鏈接

1 倉庫配置https認證node

cd /etc/docker/docker

mkdir certscurl

[root@docker01 docker]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/docker01.key -x509 -days 365 -out certs/docker01.crturl

填好相應的簡稱及email便可rest

2 運行registry容器ssl

[root@docker01 docker]# docker run -d -P -it \openssl

-p 5000:5000 --restart=always \it

--name registry -v `pwd`/certs:/etc/docker/certs/ \test

-e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/docker/certs/docker01.crt \email

-e REGISTRY_HTTP_TLS_KEY=/etc/docker/certs/docker01.key registry

3 配置客戶端docker02

mkdir -p /etc/docker/certs.d/docker01:5000

scp docker01:/etc/docker/certs/docker01.crt /etc/docker/certs.d/docker01:5000/ca.crt

查看鏡像

[root@docker02 docker]# docker images

REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE

swarm latest 8eadaf3525b0 2 weeks ago 15.77 MB

上傳鏡像

docker tag swarm docker01:5000/swarm

[root@docker02 docker]# docker push docker01:5000/swarm

docker01想上傳數據一樣須要配置證書，同docker02

4 鑑權管理

將以上的registry容器刪除乾淨，包括倉庫的本地文件

仍是在/etc/docker目錄下操做

mkdir auth

docker run --entrypoint htpasswd registry -Bbn bsoft bsoft > auth/htpasswd

[root@docker01 docker]# docker run -d -p 5000:5000 --restart=always \

--name registry -v `pwd`/certs:/etc/docker/certs/ \

-v `pwd`/auth:/auth \

-e "REGISTRY_AUTH=htpasswd" \

-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \

-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \

-v `pwd`/data:/var/lib/registry \

-e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/docker/certs/docker01.crt \

-e REGISTRY_HTTP_TLS_KEY=/etc/docker/certs/docker01.key \

registry

啓動後便可push，push不只須要證書還要輸入用戶、密碼和郵箱，而pull只須要有證書便可

注意pull的時候須要帶上版本號，而curl查看是看不到版本號的

curl查看：

curl --cacert /etc/docker/certs/docker01.crt --basic --user bsoft:bsoft https://docker01:5000/v2/_catalog

curl --cacert /etc/docker/certs.d/docker01:5000/ca.crt --basic --user bsoft:bsoft https://docker01:5000/v2/_catalog

相關標籤/搜索

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。