1
|
# docker run -idt -p 5000:5000 --name registry -v /data/registry:/tmp/registry registry
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
# cat /usr/local/nginx/conf/extra/docker.conf
# For versions of Nginx > 1.3.9 that include chunked transfer encoding support
# Replace with appropriate values where necessary
upstream docker-registry {
server 127.0.0.1:5000;
}
server {
listen 443;
server_name registry.fjhb.cn;
ssl on;
ssl_certificate /etc/ssl/certs/nginx.crt;
ssl_certificate_key /etc/ssl/private/nginx.key;
proxy_set_header Host $http_host; # required for Docker client sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client IP
client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads
# required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
chunked_transfer_encoding on;
location / {
# let Nginx know about our auth file
auth_basic "Restricted";
auth_basic_user_file docker-registry.htpasswd;
proxy_pass http://docker-registry;
}
location /_ping {
auth_basic off;
proxy_pass http://docker-registry;
}
location /v1/_ping {
auth_basic off;
proxy_pass http://docker-registry;
}
}
|
1
2
3
4
|
# cd /etc/pki/CA/
# touch ./{serial,index.txt}
# echo "00" > serial
# openssl genrsa -out private/cakey.pem 2048
|
1
|
# openssl req -new -x509 -key private/cakey.pem -days 3650 -out cacert.pem
|
1
2
3
|
# cd /etc/ssl/
# openssl genrsa -out nginx.key 2048
# openssl req -new -key nginx.key -out nginx.csr
|
1
|
# openssl ca -in nginx.csr -days 3650 -out nginx.crt
|
1
2
|
# cp /etc/pki/tls/certs/ca-bundle.crt{,.bak}
# cat /etc/pki/CA/cacert.pem >> /etc/pki/tls/certs/ca-bundle.crt #因为是自签的证书,此步骤的意义在于让系统接受该证书
|
1
2
|
# cp nginx.crt certs/
# cp nginx.key private/
|
1
2
3
4
5
6
7
8
9
10
|
# yum -y install httpd-tools
# htpasswd -c /usr/local/nginx/conf/docker-registry.htpasswd yang
New password:
Re-type new password:
Adding password for user yang
# htpasswd /usr/local/nginx/conf/docker-registry.htpasswd lin
New password:
Re-type new password:
Adding password for user lin
|
1
2
3
|
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx
# netstat -ntpl |grep nginx
|
1
2
3
4
|
# docker login -u yang -p 123 -e ylw@fjhb.cn registry.fjhb.cn
# docker images
# docker tag registry registry.fjhb.cn/registry:v2
# docker push registry.fjhb.cn/registry:v2
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
# tail -1 /etc/hosts
192.168.1.12 registry.fjhb.cn
# scp /etc/pki/CA/cacert.pem root@192.168.1.227:/root
# cp /etc/pki/tls/certs/ca-bundle.crt{,.bak}
# cat cacert.pem >> /etc/pki/tls/certs/ca-bundle.crt
# curl -u yang:123 https://registry.fjhb.cn/v1/search
# service docker restart
# docker login -u yang -p 123 -e ylw@fjhb.cn https://registry.fjhb.cn
Login Succeeded
# docker images
# docker tag centos6 registry.fjhb.cn/centos6
# docker push registry.fjhb.cn/centos6
|
1
|
# docker pull registry.fjhb.cn/registry:v2
|
1
2
|
# scp /etc/pki/CA/cacert.pem root@192.168.2.227:/root
# cat cacert.pem >> /etc/ssl/certs/ca-bundle.crt
|