一、简介
- Docker 仓库是用来包含镜像的位置,Docker提供一个注册服
务器(Register)来保存多个仓库,每个仓库又可以包含多个
具备不同tag的镜像。
Docker运行中使用的默认仓库是 Docker Hub 公共仓库。
Docker Registry有三个角色,分别是index、registry和registry client
二、docker搭建私有仓库
##下载registry镜像
[root@server1 ~]# docker search registry
[root@server1 ~]# docker pull registry
[root@server1 ~]# docker images registry
[root@server1 ~]# docker ps -a
[root@server1 ~]# docker stop webserver
webserver
[root@server1 ~]# docker rm webserver
[root@server1 ~]# docker history registry:latest
##运行registry容器
[root@server1 ~]# docker run -d --name registry -p 5000:5000 -v /opt/registry:/var/lib/registry registry
[root@server1 ~]# docker ps
[root@server1 ~]# netstat -antlp
[root@server1 ~]# ll -d /opt/registry/
drwxr-xr-x 2 root root 6 Jan 26 23:11 /opt/registry/
上传镜像到本地仓库,本地镜像在命名时需要加上仓库的ip和端口
[root@server1 docker]# docker run -d --name rhel7.3 rhel7:v4
cc4017aaf97b2f7808d50d9071b9fcbbbe523b4c475a8f82c33e90a8d6e66f1d
[root@server1 docker]# docker push localhost:5000/rhel7
The push refers to repository [localhost:5000/rhel7]
dd6a1792e2b1: Pushed
1d3b68b6972f: Pushed
de1602ca36c9: Pushed
latest: digest: sha256:2bd58823c4a6f8a560aaeeb41603b3245c5659a9380c3847974c541a4cebe057 size: 949
[root@server1 docker]# curl localhost:5000/v2/_catalog
{"repositories":["rhel7"]}
[root@server1 docker]#
三、生成证书
[root@server1 ~]# ls
[root@server1 ~]# mkdir -p certs
[root@server1 ~]# docker stop registry
[root@server1 ~]# docker ps
[root@server1 ~]# docker rm registry registry
[root@server1 ~]# ll /opt/registry/
[root@server2 docker]# rm -f daemon.json
[root@server2 docker]# systemctl reload docker
1.生成证书
[root@server1 ~]# cd certs/
[root@server1 certs ]# ls
[root@server1 certs ]# cd
[root@server1 ~]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/westos.org.key -x509 -days 365 -out certs/westos.org.crt
[root@server1 ~]# vim /etc/hosts
172.25.15.1 server1 reg.westos.org
2.加密
[root@server1 ~]# docker run -d --name registry -v /opt/registry/:/var/lib/registry -p 443:443 -v "$(pwd)"/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key -v "$(pwd)"/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
[root@server1 ~]# netstat -antlp
3.加密上传
[root@server1 ~]# docker tag nginx:latest reg.westos.org/nginx/latest
[root@server1 ~]# docker push reg.westos.org/nginx:latest
[root@server1 ~]# cd /etc/docker/
[root@server1 docker ]# ls
[root@server1 docker ]# mkdir certs.d
[root@server1 certs.d ]# ls
[root@server1 certs.d ]# mkdir reg.westos.org
[root@server1 certs.d ]# cd reg.westos.org
[root@server1 reg.westos.org ]# ls
[root@server1 reg.westos.org ]# cp ~/certs/westos.org.crt ca.crt
[root@server1 reg.westos.org ]# ls
[root@server1 reg.westos.org ]# pwd
[root@server1 reg.westos.org ]# docker push reg.westos.org/nginx:latest
4.查看仓库
[root@server1 reg.westos.org ]# curl -k https://reg.westos.org/v2/_catalog
[root@server1 reg.westos.org ]# curl -k https://reg.westos.org/v2/rhel7/tags/list
四、用户认证
[root@server1 ~]# ls
[root@server1 ~]# mkdir auth
[root@server1 ~]# ca auth/
[root@server1 auth ]# cd
[root@server1 ~]# ls
[root@server1 ~]# yum install -y httpd-tools.x86_64
[root@server1 ~]# htpasswd -Bc auth/htpasswd admin #创建加密用户
[root@server1 ~]# htpasswd -Bc auth/htpasswd jwl
[root@server1 ~]# cat auth/htpasswd
[root@server1 ~]# docker run -d --name registry -v /opt/registry/:/var/lib/registry -p 443:443 -v "$(pwd)"/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key -v "$(pwd)"/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
f8ac8ac057c67366ab27ced53b709fcbc3c61ecc599e729ce0f44f88ac6cd318
[root@server1 ~]# docker logs registry
[root@server1 ~]# cd /etc/docker/
[root@server1 docker]# ls
certs.d key.json
[root@server1 docker]# scp -r certs.d/ server2:/etc/docker/ #传证书给server2
[root@server1 docker]# docker login reg.westos.org ## 登陆
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@server1 docker]# docker push reg.westos.org/nginx:latest
[root@server2 ~]# docker login reg.westos.org #server2登陆
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@server2 ~]# docker pull reg.westos.org/nginx #拉取私有仓库nginx
Using default tag: latest
latest: Pulling from nginx
b4d181a07f80: Pull complete
66b1c490df3f: Pull complete
d0f91ae9b44c: Pull complete
baf987068537: Pull complete
6bbc76cbebeb: Pull complete
32b766478bc2: Pull complete
Digest: sha256:1c70a669bbf07f9862f269162d776c35144b116938d1becb4e4676270cff8f75
Status: Downloaded newer image for reg.westos.org/nginx:latest
reg.westos.org/nginx:latest
[root@server2 ~]#