Docker Registry 本地私有仓库配置
查询本机IP
生成自签名证书
要确保DockerRegistry本地镜像仓库的安全信,还需要一个安全认证证书,来保证其他Docker机器不能随意访问该机器上的本地镜像仓库。(如果已购买证书,就不需要生成了)
mkdir /usr/local/docker/registry
mkdir /usr/local/docker/registry/certs
cd /usr/local/docker/registry/certs/
|
openssl req -x509 -days 3560 -subj '/CN=192.168.196.101:5000/' -nodes -newkey rsa:2048 -keyout domain.key -out domain.crt
|
- -x509:是一个自签发证书的格式
- -days 3650:证书的有效时间
- 192.168.196.101:5000:仓库的地址和端口
- rsa:2048:证书算法长度
- domain.key和domain.crt:生成的证书文件
生成用户名和密码
mkdir /usr/local/docker/registry/auth
|
yum install -y httpd-tools
|
htpasswd -Bbn heroxin > /usr/local/docker/registry/auth/htpasswd
|
启动Docker Registry 本地镜像仓库服务
docker run -d \
-p 5000:5000 \
--restart=always \
--name registry \
-v /usr/local/docker/registry:/var/lib/registry \
-v /usr/local/docker/registry/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-v /usr/local/docker/registry/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
registry:2
|
配置Docker Registry 访问接口
mkdir -p /etc/docker/certs.d/192.168.196.101:5000
cp /usr/local/docker/registry/certs/domain.crt /etc/docker/certs.d/192.168.196.101\:5000/
|
Docker Registry 私有仓库使用登记
vim /etc/docker/daemon.json
|
{
"registry-mirrors": ["https://sdo6tk7g.mirror.aliyuncs.com"],"insecure-registries": ["192.168.196.101:5000"]
}
|
重启
systemctl daemon-reload
systemctl restart docker
|
准备镜像文件
docker tag tomcat:latest 192.168.196.101:5000/mytomca
|
登录
docker login 192.168.196.101:5000
|
推送
docker push 192.168.196.101:5000/mytomcat
|
查看 DockerRegistry 仓库推送的文件
ll /usr/local/docker/registry/docker/registry/v2/repositories/
|
