1、搭建本地仓库
本地仓库搭建操作步骤:
docker pull registry2.tar 从官网下载镜像
docker load -i registry2.tar
docker run -d --name registry -p 5000:5000 -v /opt/registry:/var/lib/registry registry:2
netstat -tnlp | grep :5000s
docker images
上传文件:
docker tag rhel7:v3 localhost:5000/nginx 新生成一个镜像修改标签,ID和模版保持一致
docker push localhost:5000/nginx 向私有仓库上传镜像
宿主机保存路径
[root@docker1 repositories]# curl localhost:5000/v2/_catalog
{"repositories":["game","game2048"]}
下载tree查看镜像的分层结构
尝试拉取刚上传的镜像
2、仓库加密
mdkir /tmp/certs
#创建key和证书
openssl req -newkey rsa:4096 -nodes -sha256 -keyout /certs/westos.org.key -x509 -days 365 -out /erts/westos.org.crt
ls
westos.org.crt westos.org.key
运行容器:
docker run -d --restart=always --name registry -v /tmp/certs:/certs -e
REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CEPRIFICATE=/certs/westos.org.crt
-e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key -p 443:443 -v /opt/registry:/var/lib/registry registry:2
docker ps
移动证书:
mkdir -p /etc/docker/certs.d/westos.org
cp /certs/westos.org.crt /etc/docker/certs.d/ca.crt
3、仓库认证
docker1:172.25.17.1
创建用户:
mkdir /auth 创建目录
docker run --rm --entrypoint htpasswd registry:2 -Bbn admin westos > /auth/htpasswd
docker run --rm --entrypoint htpasswd registry:2 -Bbn docker westos >> /auth/htpasswd
运行容器:
docker run -d --restart=always --name registry -v /certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CEPRIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key -p 443:443 -v /auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" registry:2
docker push westos.org/nginx
docker2:172.25.17.2
客户端的登陆
docker login westos.org
Username:admin
Password:westos
docker1:
cat /etc/docker/config.json
会有认证信息
docker push westos.org/nginx
加密上传
4、仓库加界面
docker load -i docker-registry-web.tar 导入镜像
#运行容器界面
docker run -d -p 8080:8080 --name registry-web --link registry:westos.org -e REGISTRY_URL=https://westos.org/v2 -e REGISTRY_TRUST_ANY_SSL=true -e REGISTRY_bASIC_AUTH="/etc/docker/config.json文件里的auth值" -e REGISTRY_NAMW=westos.org hyper/docker-registry-web
测试:curl -k -u username:password https:/westos.org/v2/_catalog
https://172.25.17.1:8080