本文介绍了如何建立具有安全证书的Docker镜像仓库,确保只有持有证书的用户能够访问。首先,通过删除无用容器清理环境,然后创建证书钥匙以供仓库使用。接着,详细讲解了如何创建用户和密码,实现用户认证,以防止未授权的镜像上传和下载。在实践中,未进行用户认证的上传会失败,并且一旦用户认证过,后续操作将不再需要重复认证。
便于镜像的直接拉取
将已经暂停的容器都删除
创建钥匙,在创建仓库后,拥有证书钥匙的用户才能使用镜像仓库
安全证书的仓库建立
删除所有关闭的容器
[root@foundation23 docker]# docker container prune
WARNING! This will remove all stopped containers.
Are you sure you want to continue? [y/N] y
重命名,生成新的镜像
[root@foundation23 docker]# docker tag nginx localhost:5000/nginx
[root@foundation23 docker]# openssl req -newkey rsa:4095 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt
Generating a 4095 bit RSA private key
..........++
.......................++
writing new private key to 'certs/domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:westos.org
Email Address []:root@westos.org
[root@foundation23 docker]# ls
certs Dockerfile dvd.repo ssh supervisord.conf test web
[root@foundation23 docker]# cd certs/
[root@foundation23 certs]# ls
domain.crt domain.key
创建镜像仓库,必须在/tmp/docker目录中
[root@foundation23 docker]# docker run -d \
>
最低0.47元/天 解锁文章
扫一扫
1351
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
