1.docker私有仓库的基本配置
docker pull registry
docker images
docker run -d --name registry -p 5000:5000 registry
docker ps -a
docker tag nginx:v4 localhost:5000/nginx
docker push localhost:5000/nginx
docker images
经过以上操作,docker私有仓库的基本配置已完成,但是安全性不够高,因此接下来从证书加密和用户认证两方面入手,提高仓库的安全性
2.docker仓库的证书加密
(1)安装openssl 11 软件
yum install openssl11-1.1.1k-2.el7.x86_64.rpm openssl11-libs-1.1.1k-2.el7.x86_64.rpm -y
(2)生成证书
mkdir certs
openssl11 req -newkey rsa:4096 -nodes -sha256 -keyout certs/westos.org.key -addext "subjectAltName = DNS:reg.westos.org" -x509 -days 365 -out certs/westos.org.crt
ls certs/
由上图可知,证书已生成
docker rm -f registry
docker run -d --name registry -p 443:443 -v /opt/registry:/var/lib/registry -v /root/certs:/certs
-e REGISTRY_HTTP_ADDR=0.0.0.0:443
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt
-e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key registry
docker ps
(3)本地解析
vim /etc/hosts
编辑内容
(4)设置证书
cd /etc/docker/
ls
cd certs.d/
ls
mkdir reg.westos.org
cd reg.westos.org/
ls
cp /root/certs/westos.org.crt ca.crt
ls
由上图可知,证书已设置完毕
(5)上传镜像
docker tag yakexi007/game2048:latest reg.westos.org/game2048:latest
docker push reg.westos.org/game2048
3.docker仓库的用户认证
(1)安装httpd-tools 软件
yum install httpd-tools -y
(2)生成用户认证
mkdir auth
htpasswd -Bc auth/htpasswd hs
cat auth/htpasswd
由上图可知,用户认证已经生成
(3)新建容器,设置login认证
docker run -d --name registry -p 443:443 -v /opt/registry:/var/lib/registry -v /root/certs:/certs
-e REGISTRY_HTTP_ADDR=0.0.0.0:443
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt
-e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key -v /root/auth:/auth
-e "REGISTRY_AUTH=htpasswd"
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm"
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
docker ps
docker login reg.westos.org
(4)上传镜像
docker push reg.westos.org/game2048
curl -k -u wxh:westos https://reg.westos.org/v2/_catalog
该命令可以查看仓库中所上传的镜像文件
4.harbor仓库
(1)设定harbor仓库配置文件
tar zxf harbor-offline-installer-v2.5.0.tgz
ls
cd harbor/
ls
cp harbor.yml.tmpl harbor.yml
vim harbor.yml
编辑内容
(2)安装harbor仓库
cd
mv docker-compose-linux-x86_64-v2.5.0 /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
mkdir /data
ls
mv certs/ /data/
cd harbor/
./install.sh --with-chartmuseum
(3)开启及登录harbor仓库
docker-compose up -d
docker-compose ps
docker login reg.westos.org
在浏览器中输入192.168.2.88即可进入harbor登录界面,输入设定好的用户名和密码即可登录仓库
(4)向仓库中上传镜像
docker tag yakexi007/game2048:latest reg.westos.org/library/game2048:latest
docker push reg.westos.org/library/game2048:latest
在harbor仓库中如下图所示
基本功能可以实现,表明仓库搭建成功