一、Docker Registry
1、服务端YUM安装docker-registry
yum install docker-registry -y
rpm -qldocker-distribution
2、客户端配置
vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://wgae1ou9.mirror.aliyuncs.com"],
"insecure-registries": ["nodo1.ceiling.com:5000"]
}
3、重启docker,给镜像打tag推送镜像到私有仓库
systemctl restart docke
docker tag myweb:v0.1-2 nodo1.ceiling.com:5000/myweb:v0.1-2
docker pull nodo1.ceiling.com:5000/myweb:v0.1-2
二、Harbor 安装
1、服务端安装配置
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum install -y docker-compose
wget https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.1.tgz
tar xf harbor-offline-installer-v1.7.1.tgz -C /usr/local/
vi /usr/local/harbor/harbor.cfg
修改
hostname = ${本机IP}
ssl_cert = /data/harbor-data/cer/server.crt
ssl_cert_key = /data/harbor-data/cer/server.key
2、建立证书
mkdir -p /data/harbor-data/cert
cd /data/harbor-data/cert
opensslgenrsa -out ca.key 2048
opensslreq -x509 -new -nodes -key ca.key -days 10000 -out ca.crt -subj "/CN=Harbor-ca"
opensslreq -newkey rsa:4096 -nodes -sha256 -keyoutserver.key -out server.csr
echosubjectAltName = IP:192.168.2.107 >extfile.cnf
openssl x509 -req -in server.csr -CA ca.crt -CAkeyca.key -CAcreateserial -days 365 -extfileextfile.cnf -out server.crt
3、执行安装脚本,拷贝CA证书到客户端
cd /usr/local/harbor/;./install.sh 安装前确认80/443/4443没有被占用
安装后访问http://192.168.2.107 admin/Harbor12345
scp ca.crt ca.key 192.168.2.106:/etc/pki/ca-trust/source/anchors/
4、客户端配置
vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://tnxkcso1.mirror.aliyuncs.com"],
"insecure-registries":["http://192.168.2.107"]
}
update-ca-trust extract
systemctl restart docker