目录
1.docker hub(官方镜像仓库)
需要登录 https://hub.docker.com–> 注册帐号
1.1 登录docker hub
docker login 要进行推送得先登录 dockerhub 帐号
1.2 对推送的镜像打标签
docker tag busybox:latest redtestdocker/busybox:latest
1.3 推送镜像
docker push redtestdocker/busybox:latest 尽量挑选小的镜像去推送,快
再回到网页,可以看到相应的镜像已经推送成功
1.4 拉取镜像
(可以先删除 busybox 镜像,已经有的话只会进行更新)docker pull redtestdocker/busybox:latest
1.5 删除 dockerhub 上的仓库
选择 setting–>delete–> 再输入一次仓库名确认 --> 删除
2.搭建私有仓库
搭建私有仓库的原因
1.dockerhub 需要连网,慢;
2.所有人都可以访问;
3.企业内部镜像放到外网不安全
4.docker 公司已经把 registry 开源,可以搭建私有的
2.1 配置阿里云镜像加速器
因为docker的官网在国外,我们使用docker pull 拉取镜像是比较慢的,我们可以使用阿里云提供的镜像加速器。登陆阿里云,注册帐号,找到镜像加速器,就会生成一个加速器地址。
2.2 下载 registry 镜像
docker pull registry下载 registry 镜像docker imagesdocker history registry:latestdocker run -d -p 5000:5000--name registry registry 运行并做端口映射netstat-tnlp 看到本地的 5000 端口已经打开docker volume ls查看逻辑卷
[root@home docker]# docker pull registry
Using default tag: latest
latest: Pulling from library/registry
cbdbe7a5bc2a: Pull complete
47112e65547d: Pull complete
46bcb632e506: Pull complete
c1cc712bcecd: Pull complete
3db6272dcbfa: Pull complete
Digest: sha256:8be26f81ffea54106bae012c6f349df70f4d5e7e2ec01b143c46e2c03b9e551d
Status: Downloaded newer image for registry:latest
docker.io/library/registry:latest
[root@home docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
test v7 27e37cd868a7 2 hours ago 1.22MB
test v6 96a2ff083421 2 hours ago 1.22MB
test v5 fd70823e4cba 2 hours ago 1.22MB
test v1 25694edbced5 2 hours ago 1.22MB
demo v4 1b4e49be4c1d 3 hours ago 1.22MB
demo v3 6c98e824b17b 3 hours ago 1.22MB
demo v2 ee0c276ce9d6 4 hours ago 1.22MB
demo v1 a01f4516eeb3 4 hours ago 1.22MB
<none> <none> fb118f8a8bff 15 hours ago 1.22MB
busybox latest edabd795951a 5 days ago 1.22MB
nginx latest 4bb46517cac3 3 weeks ago 133MB
registry latest 2d4f4b5309b1 2 months ago 26.2MB
893789337/game2048 latest 19299002fdbe 3 years ago 55.5MB
game2048 latest 19299002fdbe 3 years ago 55.5MB
mario latest 9a35a9e43e8c 5 years ago 198MB
[root@home docker]# docker history registry
IMAGE CREATED CREATED BY SIZE COMMENT
2d4f4b5309b1 2 months ago /bin/sh -c #(nop) CMD ["/etc/docker/registr… 0B
<missing> 2 months ago /bin/sh -c #(nop) ENTRYPOINT ["/entrypoint.… 0B
<missing> 2 months ago /bin/sh -c #(nop) COPY file:507caa54f88c1f38… 155B
<missing> 2 months ago /bin/sh -c #(nop) EXPOSE 5000 0B
<missing> 2 months ago /bin/sh -c #(nop) VOLUME [/var/lib/registry] 0B
<missing> 2 months ago /bin/sh -c #(nop) COPY file:4544cc1555469403… 295B
<missing> 2 months ago /bin/sh -c #(nop) COPY file:21256ff7df5369f7… 20.1MB
<missing> 2 months ago /bin/sh -c set -ex && apk add --no-cache… 549kB
<missing> 4 months ago /bin/sh -c #(nop) CMD ["/bin/sh"] 0B
<missing> 4 months ago /bin/sh -c #(nop) ADD file:b91adb67b670d3a6f… 5.61MB
[root@home docker]# docker history registry:latest
IMAGE CREATED CREATED BY SIZE COMMENT
2d4f4b5309b1 2 months ago /bin/sh -c #(nop) CMD ["/etc/docker/registr… 0B
<missing> 2 months ago /bin/sh -c #(nop) ENTRYPOINT ["/entrypoint.… 0B
<missing> 2 months ago /bin/sh -c #(nop) COPY file:507caa54f88c1f38… 155B
<missing> 2 months ago /bin/sh -c #(nop) EXPOSE 5000 0B
<missing> 2 months ago /bin/sh -c #(nop) VOLUME [/var/lib/registry] 0B
<missing> 2 months ago /bin/sh -c #(nop) COPY file:4544cc1555469403… 295B
<missing> 2 months ago /bin/sh -c #(nop) COPY file:21256ff7df5369f7… 20.1MB
<missing> 2 months ago /bin/sh -c set -ex && apk add --no-cache… 549kB
<missing> 4 months ago /bin/sh -c #(nop) CMD ["/bin/sh"] 0B
<missing> 4 months ago /bin/sh -c #(nop) ADD file:b91adb67b670d3a6f… 5.61MB
[root@home docker]# docker volume ls
DRIVER VOLUME NAME
[root@home docker]#
[root@home docker]# docker run -d -p 5000:5000 --restart=always --name registry -v /opt/registry:/var/lib/registry registry
6d573224f8223d76d2cf4480126528a552cf7859995d05d4b3e3959689cd2619
[root@home docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
test v7 27e37cd868a7 5 hours ago 1.22MB
test v6 96a2ff083421 5 hours ago 1.22MB
test v5 fd70823e4cba 5 hours ago 1.22MB
test v1 25694edbced5 5 hours ago 1.22MB
demo v4 1b4e49be4c1d 6 hours ago 1.22MB
demo v3 6c98e824b17b 6 hours ago 1.22MB
demo v2 ee0c276ce9d6 7 hours ago 1.22MB
demo v1 a01f4516eeb3 7 hours ago 1.22MB
<none> <none> fb118f8a8bff 18 hours ago 1.22MB
busybox latest edabd795951a 5 days ago 1.22MB
nginx latest 4bb46517cac3 3 weeks ago 133MB
registry latest 2d4f4b5309b1 2 months ago 26.2MB
893789337/game2048 latest 19299002fdbe 3 years ago 55.5MB
game2048 latest 19299002fdbe 3 years ago 55.5MB
mario latest 9a35a9e43e8c 5 years ago 198MB
[root@home docker]# docker history registry:latest
IMAGE CREATED CREATED BY SIZE COMMENT
2d4f4b5309b1 2 months ago /bin/sh -c #(nop) CMD ["/etc/docker/registr… 0B
<missing> 2 months ago /bin/sh -c #(nop) ENTRYPOINT ["/entrypoint.… 0B
<missing> 2 months ago /bin/sh -c #(nop) COPY file:507caa54f88c1f38… 155B
<missing> 2 months ago /bin/sh -c #(nop) EXPOSE 5000 0B
<missing> 2 months ago /bin/sh -c #(nop) VOLUME [/var/lib/registry] 0B
<missing> 2 months ago /bin/sh -c #(nop) COPY file:4544cc1555469403… 295B
<missing> 2 months ago /bin/sh -c #(nop) COPY file:21256ff7df5369f7… 20.1MB
<missing> 2 months ago /bin/sh -c set -ex && apk add --no-cache… 549kB
<missing> 4 months ago /bin/sh -c #(nop) CMD ["/bin/sh"] 0B
<missing> 4 months ago /bin/sh -c #(nop) ADD file:b91adb67b670d3a6f… 5.61MB
2.3 上传本地镜像到 registry
docker tag nginx:latest localhost:5000/nginx:latest#需要先给镜像重新打 tagdocker push localhost:5000/nginx ##通过本机 5000 端口进行上传curl localhost:5000/v2/_catalog ##查看仓库内容,v2 表示 registry 版本是 2 版本 ;也可以在本地挂载的目录中查看tree docker 查看目录结构,看到 nginx
[root@home docker]# docker tag nginx:latest localhost:5000/nginx:latest #给镜像重新打tag
[root@home docker]# docker push localhost:5000/nginx #通过:5000端口上传
The push refers to repository [localhost:5000/nginx]
550333325e31: Pushed
22ea89b1a816: Pushed
a4d893caa5c9: Pushed
0338db614b95: Pushed
d0f104dc0a1f: Pushed
latest: digest: sha256:179412c42fe3336e7cdc253ad4a2e03d32f50e3037a860cf5edbeb1aaddb915c size: 1362
[root@home docker]# cd /opt/registry/
[root@home registry]# ls #在本地挂载目录中可看到上传内容
docker
[root@home registry]# curl localhost:5000/v2/_catalog
{"repositories":["nginx"]}
[root@home registry]# docker pull localhost:5000/nginx #下载镜像
Using default tag: latest
latest: Pulling from nginx
Digest: sha256:179412c42fe3336e7cdc253ad4a2e03d32f50e3037a860cf5edbeb1aaddb915c
Status: Image is up to date for localhost:5000/nginx:latest
localhost:5000/nginx:latest
这时候仓库搭建完成,但是现在命令行操作不方便,而且如果远程连接时,必须要走 tls 加密,不然用户名密码是名文,不安全。
2.4 配置 registry 加密(tls)
可以在https://docs.docker.com/registry/insecure 复制mkdir -p certs 创建证书目录
opensl req \ #生成加密证书和 key
>-newkeyrsa:4096-nodes-sha256-keyoutcerts/westos.org.key\
>-x509-days365-outcerts/westos.org.crtCN->Shaanxi->Xi'an->Westos->Linux->red.org(最好写域名)->root@red.orgls certs/
docker rm -f registry删除,要重载 registry
docker run -d \
> --restart=always\ ##表示容器开机自启动
> --name registry\ > -v"$(pwd)"/certs:/certs\ ##指定数据目录
> -e REGISTRY_HTTP_ADDR=0.0.0.0:443\ ##-e 表示编辑容器运行的参数
> -eREGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt\ ##指定证书文件
> -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key\ ##指定key
> -p 443:443\
> registrynetstat -tnlp 443 端口打开
实际操作过程:
[root@home v2]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6d573224f822 registry "/entrypoint.sh /etc…" 3 hours ago Up 3 hours 0.0.0.0:5000->5000/tcp registry
[root@home v2]# cd ~
[root@home ~]# mkdir certs
[root@home ~]# cd certs/
[root@home certs]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/westos.org.key -x509 -days 365 -out certs/westos.org.crt
Generating a 4096 bit RSA private key
..................................................++
..................................................................................++
writing new private key to 'certs/westos.org.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shannxi
Locality Name (eg, city) [Default City]:xian
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:westos.org
Email Address []:root@westos.org
[root@home certs]# ls
westos.org.crt westos.org.key
[root@home certs]# cd ~
[root@home ~]# ls certs/
westos.org.crt westos.org.key
[root@home ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6d573224f822 registry "/entrypoint.sh /etc…" 4 hours ago Up 4 hours 0.0.0.0:5000->5000/tcp registry
[root@home ~]# docker rm -f registry
registry
[root@home ~]# docker run -d -p 443:443 --restart=always --name registry -v /opt/registry:/var/lib/registry -v /root/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key registry
bc8278a81a073151ee871f276612328192761345a72789d83b109958cbde2f62
[root@home ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bc8278a81a07 registry "/entrypoint.sh /etc…" About a minute ago Up 15 seconds 0.0.0.0:443->443/tcp, 5000/tcp registry
[root@home ~]# docker port registry
443/tcp -> 0.0.0.0:443
[root@home ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
test v7 27e37cd868a7 9 hours ago 1.22MB
test v6 96a2ff083421 9 hours ago 1.22MB
test v5 fd70823e4cba 9 hours ago 1.22MB
test v1 25694edbced5 9 hours ago 1.22MB
demo v4 1b4e49be4c1d 10 hours ago 1.22MB
demo v3 6c98e824b17b 10 hours ago 1.22MB
demo v2 ee0c276ce9d6 10 hours ago 1.22MB
demo v1 a01f4516eeb3 10 hours ago 1.22MB
<none> <none> fb118f8a8bff 21 hours ago 1.22MB
busybox latest edabd795951a 5 days ago 1.22MB
nginx latest 4bb46517cac3 3 weeks ago 133MB
localhost:5000/nginx latest 4bb46517cac3 3 weeks ago 133MB
registry latest 2d4f4b5309b1 2 months ago 26.2MB
893789337/game2048 latest 19299002fdbe 3 years ago 55.5MB
game2048 latest 19299002fdbe 3 years ago 55.5MB
mario latest 9a35a9e43e8c 5 years ago 198MB
[root@home ~]# vim /etc/hosts
[root@home ~]# cd /etc/docker/
[root@home docker]# cd certs.d/
[root@home certs.d]# ls
access.redhat.com cdn.redhat.com registry.access.redhat.com registry.redhat.io
[root@home certs.d]# mkdir westos.org
[root@home certs.d]# cd westos.org/
[root@home westos.org]# ls
[root@home westos.org]# cp /root/certs/westos.org.crt .
[root@home westos.org]# mv westos.org.crt ca.crt
[root@home westos.org]# ls
ca.crt
[root@home westos.org]# pwd
/etc/docker/certs.d/westos.org
[root@home westos.org]# docker pull westos.org/nginx
Using default tag: latest
latest: Pulling from nginx
Digest: sha256:179412c42fe3336e7cdc253ad4a2e03d32f50e3037a860cf5edbeb1aaddb915c
Status: Downloaded newer image for westos.org/nginx:latest
westos.org/nginx:latest
[root@home westos.org]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
test v7 27e37cd868a7 9 hours ago 1.22MB
test v6 96a2ff083421 9 hours ago 1.22MB
test v5 fd70823e4cba 9 hours ago 1.22MB
test v1 25694edbced5 9 hours ago 1.22MB
demo v4 1b4e49be4c1d 10 hours ago 1.22MB
demo v3 6c98e824b17b 10 hours ago 1.22MB
demo v2 ee0c276ce9d6 11 hours ago 1.22MB
demo v1 a01f4516eeb3 11 hours ago 1.22MB
<none> <none> fb118f8a8bff 21 hours ago 1.22MB
busybox latest edabd795951a 5 days ago 1.22MB
nginx latest 4bb46517cac3 3 weeks ago 133MB
localhost:5000/nginx latest 4bb46517cac3 3 weeks ago 133MB
westos.org/nginx latest 4bb46517cac3 3 weeks ago 133MB
registry latest 2d4f4b5309b1 2 months ago 26.2MB
893789337/game2048 latest 19299002fdbe 3 years ago 55.5MB
game2048 latest 19299002fdbe 3 years ago 55.5MB
mario latest 9a35a9e43e8c 5 years ago 198MB
2.5 测试
先要配置域名的解析,默认是以域名方式通信mkdir -p /etc/docker/certs.d/red.org 创建证书目录cp/ root/certs/red.org.crt /etc/docker/certs.d/red.org/ca.crt拷贝证书docker tag nginx:latest red.org/nginx:latest 打 标 签 , red.org 必须要有解析docker push red.org/nginx上传成功,此时使用的就是 tls 加密
3.docker 仓库添加用户认证功能
1 添加用户mkdir auth
docker run --rm\
>--entrypointht passwd\
>registry-Bbnadminwestos
>auth/htpasswd2 再次添加用户docker run --rm --entrypoint htpasswd registry -Bbn wsp redhat >> auth/htpasswd
3.用户认证docker rm -f registry
docker run -d
--restart=always
--name registry
-v "$(pwd)"/certs:/certs
-e REGISTRY_HTTP_ADDR=0.0.0.0:443
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/red.org.crt
-e REGISTRY_HTTP_TLS_KEY=/certs/red.org.key
-p 443:443
-v "$(pwd)"/auth:/auth
-e "REGISTRY_AUTH=htpasswd"
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm"
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
registry4.测试docker login westos.org 测试认证登录docker logout westos.org 测试认证登出docker push westos.org/nginx 无法上传docker login westos.org 登录上传,可以
4.远程主机连接仓库
未加密情况下:
server1(远程客户端):
[root@server1 test]# ls
container-selinux-2.77-1.el7.noarch.rpm
[root@server1 test]#yum install -y docker-ce container-selinux-2.77-1.el7.noarch.rpm
[root@server1 test]# systemctl start docker
[root@server1 test]# vim /etc/docker/daemon.json
[root@server1 test]# cat /etc/docker/daemon.json
{
"insecure-registries": ["172.25.1.1:5000"]
}
[root@server1 test]# systemctl restart docker
[root@server1 test]# docker pull 172.25.1.11:5000/nginx
Using default tag: latest
latest: Pulling from nginx
bf5952930446: Pull complete
cb9a6de05e5a: Pull complete
9513ea0afb93: Pull complete
b49ea07d2e93: Pull complete
a5e4a503d449: Pull complete
Digest: sha256:179412c42fe3336e7cdc253ad4a2e03d32f50e3037a860cf5edbeb1aaddb915c
Status: Downloaded newer image for 172.25.1.11:5000/nginx:latest
172.25.1.11:5000/nginx:latest
[root@server1 test]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
172.25.1.11:5000/nginx latest 4bb46517cac3 3 weeks ago 133MB
加密情况下:
服务端:
[root@home westos.org]# scp -r /etc/docker/certs.d/ server1:/etc/docker
root@server1's password:
redhat-entitlement-authority.crt 100% 2626 26.8KB/s 00:00
ca.crt 100% 2094 344.4KB/s 00:00
[root@home westos.org]# curl -k https://westos.org/v2/_catalog
{"repositories":["nginx"]}
[root@home westos.org]# 客户端:直接拉取
[root@server1 docker]# docker pull westos.org/nginx
Using default tag: latest
latest: Pulling from nginx
Digest: sha256:179412c42fe3336e7cdc253ad4a2e03d32f50e3037a860cf5edbeb1aaddb915c
Status: Downloaded newer image for westos.org/nginx:latest
westos.org/nginx:latest
[root@server1 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
172.25.1.11:5000/nginx latest 4bb46517cac3 3 weeks ago 133MB
westos.org/nginx latest 4bb46517cac3 3 weeks ago 133MB
server2 上安装docker,并且要做解析
scp -r /etc/docker/* server2:/etc/docker/ 把证书发送给 server2, 必须有证书才能登录(server1 在启动容器时加入了认证,所以要先认证)
docker login red.org认证登录docker pull red.org/nginx 成功拉取docker run -d --name nginx -p 80:80 red.org/nginx 运行容器curl localhost
469
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
