docker 的安装 一台主机就可以了、
在镜像源下好安装包
[root@server1 ~]# cd /etc/sysctl.d
[root@server1 sysctl.d]# ls
99-sysctl.conf docker.conf
[root@server1 sysctl.d]# cat docker.conf
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
[root@server1 sysctl.d]# sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/docker.conf ...
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
* Applying /etc/sysctl.conf ...
[root@server1 sysctl.d]#
//创建一个docker.conf文件 写入 net.bridge.bridge-nf-call-iptables = 1
//net.bridge.bridge-nf-call-ip6tables = 1
//sysctl --system 打入内核
docker 配置nginx
[root@server1 docker]# cat dockerfile
FROM centos:7
MAINTAINER westos yakexi007@westos.org
ENV HOSTNAME server1
EXPOSE 80
ADD nginx-1.18.0.tar.gz /tmp
WORKDIR /tmp/nginx-1.18.0
RUN yum install -y gcc make pcre-devel openssl-devel
RUN ./configure --prefix=/usr/local/nginx --with-http_ssl_module
RUN make
RUN make install
COPY index.html /usr/local/nginx/html
CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
VOLUME ["/usr/local/nginx/html"]
[root@server1 docker]#
精简nginx
[root@server1 demo]# cat dockerfile
FROM nginx as base
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
ARG TIME_ZONE
RUN mkdir -p /opt/var/cache/nginx && \
cp -a --parents /usr/lib/nginx /opt && \
cp -a --parents /usr/share/nginx /opt && \
cp -a --parents /var/log/nginx /opt && \
cp -aL --parents /var/run /opt && \
cp -a --parents /etc/nginx /opt && \
cp -a --parents /etc/passwd /opt && \
cp -a --parents /etc/group /opt && \
cp -a --parents /usr/sbin/nginx /opt && \
cp -a --parents /usr/sbin/nginx-debug /opt && \
cp -a --parents /lib/x86_64-linux-gnu/ld-* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libpcre.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libz.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libc* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libdl* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libpthread* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libcrypt* /opt && \
cp -a --parents /usr/lib/x86_64-linux-gnu/libssl.so.* /opt && \
cp -a --parents /usr/lib/x86_64-linux-gnu/libcrypto.so.* /opt && \
cp /usr/share/zoneinfo/${TIME_ZONE:-ROC} /opt/etc/localtime
FROM gcr.io/distroless/base-debian10
COPY --from=base /opt /
EXPOSE 80 443
ENTRYPOINT ["nginx", "-g", "daemon off;"]
[root@server1 demo]#
v1是最开始的nginx安装的大小
v4是精简后的大小
对比明显
docker仓库
**
搭建私有仓库
**
无验证:
证书配置:
//证书
[root@server1 ~] mkdir certs
[root@server1 ~]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/westos.org.key -x509 -days 365 -out certs/westos.org.crt
Generating a 4096 bit RSA private key
.........................++
....................................++
writing new private key to 'certs/westos.org.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shanxi
Locality Name (eg, city) [Default City]:xian
Organization Name (eg, company) [Default Company Ltd]:linux
Organizational Unit Name (eg, section) []:westis
Common Name (eg, your name or your server's hostname) []:westos.org
Email Address []:localhost@qq
[root@server1 ~]# cd certs/
[root@server1 certs]# ls
westos.org.crt westos.org.key
// 运行docker+配置
root@server1 certs]# docker run -d -p 443:443 --restart=always --name registry -v /opt/registry:/var/lib/registry -v /root/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key registry
41c36c15269eb256bf94e53173738ec8b47dc050f4bf725e3323b2f86525015a
[root@server1 certs]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
41c36c15269e registry "/entrypoint.sh /etc…" 15 seconds ago Up 14 seconds 0.0.0.0:443->443/tcp, 5000/tcp registr
[root@server1 certs]# docker port registry
443/tcp -> 0.0.0.0:443
//复制证书
[root@server1 ~] cd /etc/docker
[root@server1 docker] mkdir -p certs.d/westos.org
[root@server1 westos.org]# mv westos.org.crt ca.crt
[root@server1 westos.org]# ls
ca.crt
//上传文件
[root@server1 westos.org]# docker tag nginx:latest westos.org/nginx:latest
[root@server1 westos.org]# docker push westos.org/nginx
The push refers to repository [westos.org/nginx]
550333325e31: Pushed
22ea89b1a816: Pushed
a4d893caa5c9: Pushed
0338db614b95: Pushed
d0f104dc0a1f: Pushed
latest: digest: sha256:179412c42fe3336e7cdc253ad4a2e03d32f50e3037a860cf5edbeb1aaddb915c size: 1362
[root@server1 westos.org]# docker pull westos.org/nginx
Using default tag: latest
latest: Pulling from nginx
Digest: sha256:179412c42fe3336e7cdc253ad4a2e03d32f50e3037a860cf5edbeb1aaddb915c
Status: Image is up to date for westos.org/nginx:latest
westos.org/nginx:latest
密码配置:
harbor配置:
下载 harbor-offline-installer-v1.10.1.tgz docker-compose-Linux-x86_64-1.24.1
[root@server1 ~]# mkdir /data
[root@server1 ~]# mv certs/ /data/
[root@server1 ~]# tar zxf harbor-offline-installer-v1.10.1.tgz
[root@server1 ~]# cd harbor/
[root@server1 harbor]# ls
common.sh harbor.v1.10.1.tar.gz harbor.yml install.sh LICENSE prepare
[root@server1 harbor]# vim harbor.yml
[root@server1 ~]# mv docker-compose-Linux-x86_64-1.24.1 /usr/local/bin/docker-compose
[root@server1 ~]# chmod +x /usr/local/bin/docker-compose
[root@server1 harbor]# sh install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 19.03.12
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 1.24.1
[Step 2]: loading Harbor images ...
Loaded image: goharbor/clair-adapter-photon:v1.0.1-v1.10.1
Loaded image: goharbor/harbor-jobservice:v1.10.1
Loaded image: goharbor/redis-photon:v1.10.1
Loaded image: goharbor/notary-server-photon:v0.6.1-v1.10.1
Loaded image: goharbor/clair-photon:v2.1.1-v1.10.1
Loaded image: goharbor/harbor-log:v1.10.1
Loaded image: goharbor/registry-photon:v2.7.1-patch-2819-2553-v1.10.1
Loaded image: goharbor/notary-signer-photon:v0.6.1-v1.10.1
Loaded image: goharbor/chartmuseum-photon:v0.9.0-v1.10.1
Loaded image: goharbor/harbor-registryctl:v1.10.1
Loaded image: goharbor/nginx-photon:v1.10.1
Loaded image: goharbor/harbor-migrator:v1.10.1
Loaded image: goharbor/prepare:v1.10.1
Loaded image: goharbor/harbor-portal:v1.10.1
Loaded image: goharbor/harbor-core:v1.10.1
Loaded image: goharbor/harbor-db:v1.10.1
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /root/harbor
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /secret/keys/secretkey
Generated certificate, key file: /secret/core/private_key.pem, cert file: /secret/registry/root.crt
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating registry ... done
Creating registryctl ... done
Creating harbor-portal ... done
Creating redis ... done
Creating harbor-db ... done
Creating harbor-core ... done
Creating nginx ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----
[root@server1 harbor]# docker login westos.org
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@server1 harbor]# docker tag nginx:latest westos.org/library/nginx
[root@server1 harbor]# docker push westos.org/library/nginx
The push refers to repository [westos.org/library/nginx]
550333325e31: Pushed
22ea89b1a816: Pushed
a4d893caa5c9: Pushed
0338db614b95: Pushed
d0f104dc0a1f: Pushed
latest: digest: sha256:179412c42fe3336e7cdc253ad4a2e03d32f50e3037a860cf5edbeb1aaddb915c size: 1362
[root@server1 harbor]#
在harbor上创建用户
[root@server1 harbor]# docker login westos.org
Username: wxh
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@server1 harbor]#
harbor的维护命令
docker-compose ps
docker-compose stop
docker-compose down
docker-compose 停止后 /data/下仍然有数据 所以用下个命令 , 数据可以恢复
docker-compose up -d
3530
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
