1.私有仓库搭建
首先需要一个registry 镜像
[root@foundation24 docker]# docker images registry
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest b2b03e9146e1 6 weeks ago 33.3 MB
registry 2.3.1 83139345d017 2 years ago 166 MB
挂载registry镜像
[root@foundation24 opt]# docker run -d -p 5000:5000 -v /opt/registry:/var/lib/registry registry:2.3.1
17dd3353b41bf468d4c72e291db6190fd96ee2997e94bf351bef7e8247ae5a05
域名解析:
[root@foundation24 ~]# vim /etc/hosts
查看信息
[root@foundation24 opt]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
17dd3353b41b registry:2.3.1 "/bin/registry /et..." 35 seconds ago Up 33 seconds 0.0.0.0:5000->5000/tcp elated_williams
将本地的nginx镜像改名为westos.org:5000/nginx
[root@foundation24 opt]# docker tag nginx westos.org:5000/nginx ##改名字
将本地nginx镜像名字改为localhost:5000/nginx
[root@foundation24 opt]# docker tag nginx localhost:5000/nginx
本地镜像上传:
[root@foundation24 opt]# docker push localhost:5000/nginx ##上送
The push refers to a repository [localhost:5000/nginx]
08d25fa0442e: Pushed
a8c4aeeaa045: Pushed
cdb3f9544e4c: Pushed
latest: digest: sha256:2de9d5fc6585b3f330ff5f2c323d2a4006a49a476729bbc0910b695771526e3f size: 948
westos.org:5000/nginx上传
[root@foundation24 opt]# docker push westos.org:5000/nginx
The push refers to a repository [westos.org:5000/nginx]
Get https://westos.org:5000/v1/_ping: http: server gave HTTP response to HTTPS client
以上实验说明,这样配置的私有仓库只能仅限与本地操作,无法分享
删除:
[root@foundation24 opt]# docker rmi localhost:5000/nginx
root@foundation24 opt]# docker rmi westos.org:5000/nginx
配置可以在外网访问的私有仓库
[root@foundation24 docker]# pwd
/tmp/docker
配置秘钥
[root@foundation24 docker]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt
Generating a 4096 bit RSA private key
生成秘钥和开放443端口
[root@foundation24 docker]# docker run -d \
> --restart=always \
> --name registry \
> -v `pwd`/certs:/certs \
> -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
> -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
> -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
> -p 443:443 \
> registry:2
ac4b23c63602603c98b2e049b56e1565c2f15c69371ae235e85db76efaa39e1
查看信息
[root@foundation24 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1957797318eb registry:2 "/entrypoint.sh /e..." About a minute ago Up About a minute 0.0.0.0:443->443/tcp, 5000/tcp registry
查看端口:
[root@foundation24 registry]# iptables -t nat -nL
[root@foundation24 registry]# netstat -antlp |grep :443
tcp6 0 0 :::443 :::* LISTEN 26762/docker-proxy
创建秘钥目录:
[root@foundation24 registry]# cd /etc/docker/
[root@foundation24 docker]# mkdir certs.d
[root@foundation24 docker]# cd certs.d/
[root@foundation24 certs.d]# mkdir westos.org
[root@foundation24 certs.d]# ls
westos.org
[root@foundation24 certs.d]# cd westos.org/
[root@foundation24 westos.org]# ls
将生成的秘钥复制过来