[root@server1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest 59788edf1f3e 2 years ago 1.15MB
demo v1 59788edf1f3e 2 years ago 1.15MB
rhel7 latest 0a3eb3fde7fd 7 years ago 140MB
[root@server1 ~]# ls
busybox.tar game2048.tar harbor-offline-installer-v1.10.1.tgz mario.tar registry2.tar rhel7.tar
[root@server1 ~]# docker load -i registry2.tar
d9ff549177a9: Loading layer [==================================================>] 4.671MB/4.671MB
f641ef7a37ad: Loading layer [==================================================>] 1.587MB/1.587MB
d5974ddb5a45: Loading layer [==================================================>] 20.08MB/20.08MB
5bbc5831d696: Loading layer [==================================================>] 3.584kB/3.584kB
73d61bf022fd: Loading layer [==================================================>] 2.048kB/2.048kB
Loaded image: registry:2
[root@server1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry 2 f32a97de94e1 2 years ago 25.8MB
busybox latest 59788edf1f3e 2 years ago 1.15MB
demo v1 59788edf1f3e 2 years ago 1.15MB
rhel7 latest 0a3eb3fde7fd 7 years ago 140MB
[root@server1 ~]# docker run -d --name registry -p 5000:5000 -v /opt/registry:/var/lib/registry registry:2
ef5ec038db718e076851f99fe72486dc31ab9004559aa2812e1e0cd3edde1db6
[root@server1 ~]# netstat -antlp | grep 5000
tcp6 0 0 :::5000 :::* LISTEN 17683/docker-proxy
[root@server1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ef5ec038db71 registry:2 "/entrypoint.sh /etc…" 2 minutes ago Up 2 minutes 0.0.0.0:5000->5000/tcp registry
上传
[root@server1 ~]# ls /opt/registry/[root@server1 ~]# docker tag game2048:latest localhost:5000/game2048:latest
Error response from daemon: No such image: game2048:latest
[root@server1 ~]# ls
busybox.tar game2048.tar harbor-offline-installer-v1.10.1.tgz mario.tar registry2.tar rhel7.tar
[root@server1 ~]# docker load -i game2048.tar
011b303988d2: Loading layer [==================================================>] 5.05MB/5.05MB
36e9226e74f8: Loading layer [==================================================>] 51.46MB/51.46MB
192e9fad2abc: Loading layer [==================================================>] 3.584kB/3.584kB
6d7504772167: Loading layer [==================================================>] 4.608kB/4.608kB
88fca8ae768a: Loading layer [==================================================>] 629.8kB/629.8kB
Loaded image: game2048:latest
[root@server1 ~]# docker tag game2048:latest localhost:5000/game2048:latest[root@server1 ~]# docker push localhost:5000/game2048
The push refers to repository [localhost:5000/game2048]
88fca8ae768a: Pushed
6d7504772167: Pushed
192e9fad2abc: Pushed
36e9226e74f8: Pushed
011b303988d2: Pushed
latest: digest: sha256:8a34fb9cb168c420604b6e5d32ca6d412cb0d533a826b313b190535c03fe9390 size: 1364
[root@server1 ~]# ls /opt/registry/
docker
[root@server1 ~]# curl localhost:5000/v2/_catalog{"repositories":["game2048"]}[root@server1 ~]# [root@server1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ef5ec038db71 registry:2 "/entrypoint.sh /etc…" 9 minutes ago Up 9 minutes 0.0.0.0:5000->5000/tcp registry
[root@server1 ~]# docker rm -f registry
registry
[root@server1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@server1 ~]# docker run -d --name registry -p 5000:5000 -v /opt/registry:/var/lib/registry registry:2
e687b6520514ea7e3940da8f3a5050d9c4ba945e017b7ded67723914da947a07
[root@server1 ~]# curl localhost:5000/v2/_catalog{"repositories":["game2048"]}[root@server1 ~]#
生成证书
生成证书
创建certs目录保存认证和密钥
[root@server1 ~]# mkdir certs
生成密钥
[root@server1 ~]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/westos.org.key -x509 -days 365 -out certs/westos.org.crt
Generating a 4096 bit RSA private key
...................................................++
..............................................................................................................++
writing new private key to 'certs/westos.org.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code)[XX]:cn
State or Province Name (full name)[]:shanxi
Locality Name (eg, city)[Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname)[]:reg.westos.org
Email Address []:root@westos.org
编辑hosts解析
[root@server1 ~]# vim /etc/hosts
172.25.12.1 server1 reg.westos.org
加密上传
拉起容器
[root@server1 ~]# docker load -i registry2.tar[root@server1 ~]# docker tag registry:2 registry:latest[root@server1 ~]# docker run -d --name registry -v /opt/registry:/var/lib/registry -p443:443 -v "$(pwd)"/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key registry
cbdcb771552a8e51646a2ebef31d10b5a05f1de0178a351b6ce6912dc6a551c9
[root@server1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cbdcb771552a registry "/entrypoint.sh /etc…" 2 seconds ago Up 2 seconds 0.0.0.0:443->443/tcp, 5000/tcp registry
复制认证到/etc/docker/certs.d/reg.westos.org/
[root@server1 ~]# cd /etc/docker/[root@server1 docker]# mkdir certs.d/[root@server1 docker]# ls
certs.d Dockerfile dvd.repo key.json nginx-1.20.1.tar.gz
[root@server1 docker]# cd certs.d/[root@server1 certs.d]# ls[root@server1 certs.d]# mkdir reg.westos.org[root@server1 certs.d]# cd reg.westos.org/[root@server1 reg.westos.org]# ls[root@server1 reg.westos.org]# cp ~/certs/westos.org.crt ca.crt[root@server1 reg.westos.org]# ls
ca.crt
[root@server1 ~]# yum install -y httpd-tools
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Package httpd-tools-2.4.6-88.el7.x86_64 already installed and latest version
Nothing to do[root@server1 ~]# mkdir auth[root@server1 ~]# htpasswd -Bc auth/htpasswd admin
New password:
Re-type new password:
Adding password for user admin
[root@server1 ~]# htpasswd -B auth/htpasswd chen
New password:
Re-type new password:
Adding password for user chen
[root@server1 ~]# cat auth/htpasswd
admin:$2y$05$VfzL7QyaE7u.XvBCUxGlz.6lItkdqb9aw9IfT3tgmhhhHJwIX95ta
chen:$2y$05$jFusulAxVWlNRzA2..B44Oqv.9Qlmgt6UN2hTvQf2heuIlq/X.BiK
删除之前的仓库并重新拉取
[root@server1 ~]# docker rm -f registry
registry
[root@server1 ~]# docker run -d --name registry -v /opt/registry:/var/lib/registry -p 443:443 -v /root/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key -v /root/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
74af0403f38c7698ecca53d93c59633531b8d1b13f2b693e4a0ec74557f59d9b
[root@server1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
74af0403f38c registry "/entrypoint.sh /etc…" 2 seconds ago Up 1 second 0.0.0.0:443->443/tcp, 5000/tcp registry
认证后上传拉取前需要登陆
[root@server1 sysctl.d]# docker push reg.westos.org/westos/game2048:latest
The push refers to repository [red.westos.org/westos/game2048]
88fca8ae768a: Preparing
6d7504772167: Preparing
192e9fad2abc: Preparing
36e9226e74f8: Preparing
011b303988d2: Preparing
denied: requested access to the resource is denied
[root@server1 sysctl.d]# docker login reg.westos.org
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@server1 sysctl.d]# docker push reg.westos.org/westos/game2048:latest
The push refers to repository [reg.westos.org/westos/game2048]
88fca8ae768a: Pushed
6d7504772167: Pushed
192e9fad2abc: Pushed
36e9226e74f8: Pushed
011b303988d2: Pushed
latest: digest: sha256:8a34fb9cb168c420604b6e5d32ca6d412cb0d533a826b313b190535c03fe9390 size: 1364
Repository的搭建 Repository的搭建1 生成证书1.生成证书2.编辑hosts解析3.加密 上传4.用户认证 Repository的搭建1[root@server1 ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEbusybox latest 59788edf1f3e