目录
一、构建本地私有仓库
1、构建仓库
删除多余的镜像
docker info
docker images
docker rmi 8f7284e35dbe
docker images| grep webserver | awk '{system("docker rmi "$1":"$2"")}'
docker images
docker ps -a
docker rm demo
docker rmi webserver:v3
docker images
docker search registry
docker pull registry
docker images
docker history registry:latest
docker run -d --name registry -p 5000:5000 registry
docker ps
docker tag busybox:latest localhost:5000/busybox:latest
docker images
docker push localhost:5000/busybox:latest
docker rmi busybox:latest
docker rmi localhost:5000/busybox:latest
docker images
docker pull localhost:5000/busybox:latest
docker images
2、 配置镜像加速器
阿里云镜像加速器
cd /etc/docker/
ls
vim daemon.json #配置阿里云镜像加速器
{
"registry-mirrors": ["https://w0wa6rnf.mirror.aliyuncs.com"]
}
systemctl daemon-reload
systemctl restart docker
docker info
docker images
docker pull nginx #可以看到拉取速度很快
docker images
官方镜像加速器
vim daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com"]
}
systemctl daemon-reload
systemctl restart docker
docker info
docker rmi nginx:latest
docker pull nginx #再次拉取
个人感觉还是阿里云镜像加速器更快点,所以改回使用阿里云镜像加速器
vim daemon.json
{
"registry-mirrors": ["https://w0wa6rnf.mirror.aliyuncs.com"]
}
systemctl daemon-reload
systemctl restart docker
docker info
3、搭建私有仓库之 添加证书加密功能
从真机中把openssl11的包传输过来
server1:
创建加密认证的密钥
创建目录,保存认证和钥匙
yum install -y openssl11-1.1.1g-3.el7.x86_64.rpm openssl11-libs-1.1.1g-3.el7.x86_64.rpm
mkdir openssl11
cd openssl11/
mv /root/openssl11* .
cd ..
mkdir certs
ls
生成密钥
openssl11 req -newkey rsa:4096 -nodes -sha256 -keyout certs/westos.org.key -addext "subjectAltName = DNS:reg.westos.org" -x509 -days 365 -out certs/westos.org.crt
查看密钥
ll certs/
ls
docker rm registry
docker run -d --restart=always -v /root/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key -p 443:443 registry
docker ps
ls
vim /etc/hosts
#给server1添加解析:reg.westos.org
docker images
docker tag localhost:5000/busybox:latest reg.westos.org/busybox:latest
docker push reg.westos.org/busybox:latest
cd /etc/docker/
ls
mkdir certs.d
cd certs.d/
ls
mkdir reg.westos.org
ls
cd reg.westos.org/
cp /root/certs/westos.org.crt ca.crt
ls
pwd
cd
docker push reg.westos.org/busybox:latest
mkdir auth
yum install -y httpd-tools
为admin用户和dmq用户添加认证信息和密码,并查看
htpasswd -cB auth/htpasswd admin
cat auth/htpasswd
htpasswd -B auth/htpasswd dmq
cat auth/htpasswd
ls
删除之前的仓库信息
docker ps -a
docker rm -f f34bc66f4459
重新拉起仓库容器
docker run -d --restart=always --name registry -v /root/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key -p 443:443 -v /root/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
查看容器进程是否开启
docker ps
查看日志,启动无异常
docker logs registry
ls
docker images
docker volume ls
docker volume prune
docker history registry:latest
docker volume ls
docker push reg.westos.org/busybox:latest
docker login reg.westos.org
docker push reg.westos.org/busybox:latest
curl -u admin:westos -k https://reg.westos.org/v2/_catalog