本次采用 VirtualBox 虚拟局域网环境,两台虚拟机均配置两块网卡,网卡1桥接模式,网卡2host-only模式
192.168.56.* 为host-only模式网卡IP
私有仓库主机IP 192.168.56.222
客户机IP 192.168.56.101
ssl证书从腾讯云免费申请
从腾讯云申请证书之后下载,得到文件 docker.khs1994.com.zip
#scp docker.khs1994.com.zip root@192.168.56.222:/root
上边这一命令是从本机将证书上传到私有仓库主机 root家目录下
#yum install zip unzip -y
#unzip docker.khs1994.com.zip
解压之后得到文件 1_docker.khs1994.com_cert.crt
2_docker.khs1994.com.key
#mkdir certs
#mv 1* 2* certs
docker run -d -p 5000:5000 --restart=always --name registry \
-v /root/docker:/var/lib/registry \
-v /root/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/1_docker.khs1994.com_cert.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/2_docker.khs1994.com.key \
registry
配置nginx
安装nginx 见我的另一篇文章
创建一个登陆用户
(如果没有htpasswd命令 请安装httpd-tools这个包)
#yum install httpd-tools
#htpasswd -c /etc/nginx/docker-registry.htpasswd admin
New password:
Re-type new password:
Adding password for user admin
(此处是设置用户名和密码,我用户密码均设为admin,密码输入两次)
配置nginx主配置文件
# cd /etc/nginx/
# vi nginx.conf
...
http {
include mime.types;
default_type application/octet-stream;
include conf.d/*.conf #引入子域名配置文件*
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
...
配置子域名
# mkdir conf.d ; cd conf.d ;vi docker.conf
upstream docker-registry {
server 127.0.0.1:5000;
}
server {
listen 443;
server_name docker.khs1994.com;
#enabled ssl
ssl on;
ssl_certificate /root/certs/1_docker.khs1994.com_cert.crt;
ssl_certificate_key /root/certs/2_docker.khs1994.com.key;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
client_max_body_size 0;
chunked_transfer_encoding on;
location / {
#root html;
#index index.html index.htm index.php;
auth_basic "Restricted";
auth_basic_user_file docker-registry.htpasswd;
proxy_pass https://docker-registry;
location /v2/ {
auth_basic "Restricted";
auth_basic_user_file docker-registry.htpasswd;
proxy_pass https://docker-registry;
}
客户机操作
修改host文件
将仓库主机IP192.168.56.222 指向docker.khs1994.com
# vi /etc/hosts
192.168.56.222 docker.khs1994.com #最后一行增加内容
测试私有仓库功能
# docker login https://docker.khs1994.com #接下来输入用户名密码均为admin
# docker pull centos
# docker tag centos docker.khs1994.com/centos:16.10.08
# docker push docker.khs1994.com/centos:16.10.08