使用阿里云加速
镜像默认可以从 docker hub 上下载,这是 docker 官方的公共仓库,为我们免费提供了大量 已经容器化的应用镜像,避免我们重复的去造轮子。但是官方并没有在国内部署服务器, 我们可以使用阿里云进行镜像加速直接下载镜像
[root@server1 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors":["https://h7seebfh.mirror.aliyuncs.com"]
}
[root@server1 ~]# systemctl daemon-reload
[root@server1 ~]# systemctl restart docker
# docker search 查询镜像
# docker pull 拉取镜像
# docker push 推送镜像
[root@server1 docker]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
743f2d6c1f65: Pull complete
6bfc4ec4420a: Pull complete
688a776db95f: Pull complete
Digest: sha256:23b4dcdf0d34d4a129755fc6f52e1c6e23bb34ea011b315d87e193033bcd1b68
Status: Downloaded newer image for nginx:latest
建立registry
[root@server1 ~]# docker load -i registry2.tar
[root@server1 ~]# docker run -d --name registry -p 5000:5000 -v /opt/registry:/var/lib/registry registry:2
[root@server1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
41647cbd10a3 registry:2 "/entrypoint.sh /etc…" 2 seconds ago Up 2 seconds 0.0.0.0:5000->5000/tcp registry
添加TLS加密
[root@server1 ~]# cd /tmp/docker/
[root@server1 docker]# mkdir -p certs
[root@server1 docker]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/westos.org.key -x509 -days 365 -out certs/westos.org.crt
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:westos.org
Email Address []:root@westos.org
[root@server1 docker]# docker run -d \
> --restart=always \
> --name registry \
> -v /tmp/docker/certs:/certs \
> -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
> -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt \
> -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key \
> -p 443:443 \
> -v /opt/registry:/var/lib/registry \
> registry:2
[root@server1 docker]# netstat -anltp
tcp6 0 0 :::443 :::* LISTEN 6669/docker-proxy
[root@server1 certs]# cd /etc/docker/
[root@server1 certs]# mkdir certs.d
[root@server1 certs.d]# vim /etc/hosts
172.25.24.1 server1 westos.org
[root@server1 certs.d]# mkdir westos.org
[root@server1 westos.org]# cp /tmp/docker/certs/westos.org.crt ca.crt
[root@server1 westos.org]# pwd
/etc/docker/certs.d/westos.org
[root@server1 certs.d]# docker tag game2048:latest westos.org/game2048
[root@server1 westos.org]# docker push westos.org/game2048
The push refers to repository [westos.org/game2048]
88fca8ae768a: Pushed
6d7504772167: Pushed
192e9fad2abc: Pushed
36e9226e74f8: Pushed
011b303988d2: Pushed
latest: digest: sha256:8a34fb9cb168c420604b6e5d32ca6d412cb0d533a826b313b190535c03fe9390 size: 1364
在server2上获取镜像
[root@server2 docker]# mkdir /etc/docker/certs.d/westos.org/ -p
[root@server1 westos.org]# scp ca.crt root@172.25.76.2:/etc/docker/certs.d/westos.org/
[root@server2 docker]# vim /etc/hosts
172.25.24.1 server1 westos.org
[root@server2 docker]# systemctl start docker
[root@server2 docker]# docker pull westos.org/game2048
Using default tag: latest
latest: Pulling from game2048
534e72e7cedc: Pull complete
f62e2f6dfeef: Pull complete
fe7db6293242: Pull complete
3f120f6a2bf8: Pull complete
4ba4e6930ea5: Pull complete
Digest: sha256:8a34fb9cb168c420604b6e5d32ca6d412cb0d533a826b313b190535c03fe9390
Status: Downloaded newer image for westos.org/game2048:latest
建立用户认证
[root@server1 westos.org]# cd /tmp/docker/
[root@server1 docker]# ls
certs Dockerfile dvd.repo nginx-1.15.8.tar.gz website
[root@server1 docker]# mkdir auth
[root@server1 docker]# docker run --rm --entrypoint htpasswd registry:2 -Bbn zcx redhat > auth/htpasswd
[root@server1 docker]# cat auth/htpasswd
zcx:$2y$05$25GzGOQtb6BgcYDiKxpy8OSj2FfX0yn7HA5KjPRmZhsEgcbuVbVTa
[root@server1 docker]# docker rm -f registry
registry
[root@server1 docker]# docker run -d --restart=always --name registry -v /tmp/docker/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key -p 443:443 -v /opt/registry:/var/lib/registry -v /tmp/docker/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry:2
7cd30da8595f7cae1f7e5e653eb1363b727f85f4b3da2db31ea73ecc26d5f1a2
[root@server1 docker]# docker login westos.org
Username: zcx
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@server1 docker]# cat /root/.docker/config.json
{
"auths": {
"westos.org": {
"auth": "emN4OnJlZGhhdA=="
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/18.06.1-ce (linux)"
}
}[root@server1 docker]# docker logout westos.org
Removing login credentials for westos.org
#测试上传
[root@server1 docker]# docker tag ubuntu:v1 westos.org/ubuntu
[root@server1 docker]# docker push westos.org/ubuntu
The push refers to repository [westos.org/ubuntu]
0140d922175b: Preparing
5f70bf18a086: Preparing
11083b444c90: Preparing
9468150a390c: Preparing
56abdd66ba31: Preparing
no basic auth credentials #没登陆所以失败
[root@server1 docker]# docker login westos.org
Username: zcx
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@server1 docker]# docker push westos.org/ubuntu
The push refers to repository [westos.org/ubuntu]
0140d922175b: Pushed
5f70bf18a086: Pushed
11083b444c90: Pushed
9468150a390c: Pushed
56abdd66ba31: Pushed
latest: digest: sha256:0a210a84b4e5bbd7c7cc1001f9d25a35f3ca3a0c2ba993a77398c208d5df2b6a size: 1358