搭建docker私有仓库registry

1、操作系统
ubuntu 14.04 x64

2、安装docker & docker-compose
2.1.安装docker
[url]http://www.widuu.com/chinese_docker/installation/ubuntu.html#Ubuntu安装Docker[/url]

$ sudo apt-get update
$ sudo apt-get install linux-image-generic-lts-trusty
$ sudo reboot
$ wget -qO- https://get.docker.com/ | sh
$ sudo docker -v

[color=green][i]#Create the docker group 可做可不做[/i][/color]

$ sudo groupadd docker

[color=green][i]#Add your user to docker group[/i][/color]

$ sudo usermod -aG docker ubuntu(用户名)

[color=green][i]注：提示docker版本如“Docker version 1.11.1, build 20f81dd”则安装成功[/i][/color]

2.2.安装docker-compose
[url]https://docs.docker.com/compose/install/[/url]

$ which curl
# apt-get install curl -y 

# apt-get install python-pip python-dev -y
# pip install -U docker-compose  
# docker-compose --v

[color=green][i]注：提示docker-compose版本如“docker-compose version 1.7.1, build 6c29830”则安装成功[/i][/color]

[size=large]3、搭建registry私库[/size]
[color=green][i]创建数据和证书目录[/i][/color]

$ sudo mkdir -p /opt/docker/registry/data
$ sudo mkdir -p /opt/docker/registry/certs

[color=green][i]Docker的私有Registry要求使用https访问。需要生成ssl证书。[/i][/color]

$ cd /opt/docker/registry/

[color=green][i]验证是否安装了openssl[/i][/color]

$ which openssl

[color=green][i]如果已安装则显示openssl所在路径，没安装则什么也不显示[/i][/color]

$ sudo apt-get install openssl libssl-dev (libssl-dev:openssl开发库)

[color=green][i]创建密码文件[/i][/color]

$ openssl genrsa -out registry_tomhat_com.key 2048

[color=green][i]生成密钥[/i][/color]

$ openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/registry_tomhat_com.key -x509 -days 365 -out certs/registry_tomhat_com.crt

下面是输出，需要填写一些信息:
Generating a 4096 bit RSA private key
........................................++
..........................................++
writing new private key to 'certs/registry_tomhat_com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:BeiJing
Locality Name (eg, city) []:BeiJing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ChinaOPS
Organizational Unit Name (eg, section) []:ChinaOPS
Common Name (e.g. server FQDN or YOUR name) []:registry.tomhat.com
Email Address []:
[color=green][i]注意：上面提示里的Common Name必须要添写完整域名[/i][/color]
使用编辑器编辑 /opt/docker/registry/docker-compose.yml，内容如下：
（docker/registry为源文档的docker_registry）

registry:
    container_name : tomhat_registry
    restart : always
    image : registry:2
    ports:
        - 443:5000
    environment:
        REGISTRY_HTTP_TLS_CERTIFICATE: /certs/registry_tomhat_com.crt
        REGISTRY_HTTP_TLS_KEY: /certs/registry_tomhat_com.key
    volumes:
        - /opt/docker/registry/data:/var/lib/registry
        - /opt/docker/registry/certs:/certs

[color=green][i]使用docker-compose启动registry容器。[/i][/color]

# docker-compose up -d

注意：用root用户执行命令在docker-compose.yml所在目录

如下是正确提示
[i]Pulling registry (registry:2)...
2: Pulling from library/registry
efd26ecc9548: Pull complete
a3ed95caeb02: Pull complete
39091a8d8094: Pull complete
c5ad04c01f33: Pull complete
e441cc69d374: Pull complete
Digest: sha256:5206f99cc4d06dedc6d291324935ef134001f30fe05bf47e8d0b58d7e93e3843
Status: Downloaded newer image for registry:2
Creating cops_registry[/i]

# docker pull  registry.ecloud.com.cn/tomcat
# docker tag 660259e51042 registry.tomhat.com/tomcat
# cp /opt/docker/registry/certs/registry_tomhat_com.crt /etc/docker/certs.d/regist.tomhat.com/
# echo '127.0.0.1 registry.tomhat.com' > /etc/hosts
# service docker restart
# docker push registry.tomhat.com/tomcat

访问：https://registry.tomhat.com/v2/_catalog