Docker入门(三)Registry私有仓库搭建并认证
(一)registry定义和功能
一、registry注册中心是镜像存储的位置。
二、功能:集中的存储、分发镜像的服务,docker registry就是这样的服务。
三、Docker Registry组成:由三个部分组成:index,registry,registry client。node
- Index:是负责登陆、负责认证、负责存储镜像信息和负责对外显示的外部实现。
- repository:是负责存储镜像的内部实现 。 每一个仓库能够包含多个 标签(Tag);每一个标签对应一个镜像。一般,一个仓库会包含同一个软件不一样版本的镜像,而标签就经常使用于对应该软件的各个版本。 咱们能够经过 <仓库名>:<标签> 的格式来指定具体是这个软件哪一个版本的镜像。若是不给出标签,将以 latest 做为默认标签
- Registry Client:是docker客户端。
(二)、docker registry包括公共的 docker registry 和私有的docker registry nginx
2.1 Docker Registry 公开服务是开放给用户使用、容许用户管理镜像的 Registry 服务。通常这类公开服务容许用户免费上传、下载公开的镜像,并可能提供收费服务供用户管理私有镜像。 最经常使用的是官方的Docker Hub也是默认的Registry,并拥有高质量的官方镜像。国内的是阿里云docker
2.二、私有 Docker Registry。用户还能够在本地搭建私有 Docker Registry。私有仓库优点: 一、节省带宽。 二、更加安全。 三、内部镜像统一管理。json
备注:拉取镜像仓库镜像的格式: docker pull <registry>[:<port>]/[<namespace>/]<name>:<tag> registry:仓库服务器地址:不指定默认是docker hub port:端口;默认是443,由于是https协议 namespace:名称空间,指是哪一个用户的仓库,若是是顶层仓库,可省 name:仓库名 tag:标签名;默认是latest版本
(三)、搭建私有仓库
一、下载 ubuntu
[root@otrs004097 ~]# docker pull registry Using default tag: latest latest: Pulling from library/registry c87736221ed0: Pulling fs layer 1cc8e0bb44df: Pulling fs layer 54d33bcb37f5: Pulling fs layer e8afc091c171: Waiting b4541f6d3db6: Waiting latest: Pulling from library/registry c87736221ed0: Pull complete 1cc8e0bb44df: Pull complete 54d33bcb37f5: Pull complete e8afc091c171: Pull complete b4541f6d3db6: Pull complete Digest: sha256:8004747f1e8cd820a148fb7499d71a76d45ff66bac6a29129bfdbfdc0154d146 Status: Downloaded newer image for registry:latest docker.io/library/registry:latest
二、经过registry镜像启动一个容器 vim
[root@otrs004097 ~]# docker run -d -v /opt/docker-registry:/var/lib/registry -p 5000:5000 --name registry registry 6c01265a36274493fd362ab76819f262e344f8259b9a7b3ae056140ec11d1ec8 -itd:在容器中打开一个伪终端进行交互操做,并在后台运行; -v:把宿主机的/data/registry目录绑定 到 容器/var/lib/registry目录(这个目录是registry容器中存放镜像文件的目录),来实现数据的持久化; -p:映射端口;访问宿主机的5000端口就访问到registry容器的服务了; --restart=always:这是重启的策略,假如这个容器异常退出会自动重启容器; --name registry:建立容器命名为registry,你能够随便命名; registry:latest:这个是刚才pull下来的镜像;
三、查看运行情况 浏览器
root@otrs004097 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6c01265a3627 registry "/entrypoint.sh /etc…" 4 seconds ago Up 2 seconds 0.0.0.0:5000->5000/tcp registry
四、在浏览器输入改地址:http://192.168.4.97:5000/v2/,说明正常
{}安全
五、上传出现报错的时候 Get https://192.168.10.102:5000/v1/_ping: http: server gave HTTP response to HTTPS client
解决方法有两种:
方法一:修改注册中心文件/etc/docker/daemon.json,并重启docker服务器
[root@otrs004097 ~]# vim /etc/docker/daemon.json
{ "registry-mirrors": ["http://hub-mirror.c.163.com"], "insecure-registries": ["192.168.4.97:5000"] }
[root@otrs004097 ~]# systemctl restart docker
注释: insecure-registries----->开放注册https协议 registry-mirrors----->仓库源
方法2、经过建立证书自带的TLS认证dom
5.一、生成自签名证书
[root@otrs004097 ~]# mkdir -p /opt/docker/registry/certs
[root@otrs004097 ~]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout /opt/docker/registry/certs/domain.key -x509 -days 365 -out /opt/docker/registry/certs/domain.crt
Generating a 4096 bit RSA private key
.....................++
.....++
writing new private key to '/opt/docker/registry/certs/domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:shanghai
Locality Name (eg, city) [Default City]:shanghai
Organization Name (eg, company) [Default Company Ltd]:kj
Organizational Unit Name (eg, section) []:it
Common Name (eg, your name or your server's hostname) []:
Email Address []:
[root@otrs004097 ~]# ll /opt/docker/registry/certs/
total 8
-rw-r--r-- 1 root root 1944 Aug 20 11:04 domain.crt
-rw-r--r-- 1 root root 3272 Aug 20 11:04 domain.key
5.2.建立带有TLS认证的registry容器
[root@otrs004097 ~]# docker run -d --name registry2 -p 5000:5000 -v /opt/docker-registry/:/var/lib/registry -v /opt/docker/registry/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key registry:2
0ae56ecfbcd015e59503f01ec8e3f52143753d1137aab530a823d1461b989a01
5.三、经过浏览器输入进行访问
6.[root@otrs004097 certs.d]# curl -X GET https://192.168.4.97:5000/v2/ -k
{}
5.四、在其余服务器进行上传镜像。
[root@DEV004019 ~]# docker push 192.168.4.97:5000/lqb_nginx:v1
The push refers to repository [192.168.4.97:5000/lqb_nginx]
fe6a7a3b3f27: Pushed
d0673244f7d4: Pushed
d8a33133e477: Pushed
v1: digest: sha256:dc85890ba9763fe38b178b337d4ccc802874afe3c02e6c98c304f65b08af958f size: 948
5.五、查看上传的镜像
[root@otrs004097 certs.d]# curl -X GET https://192.168.4.97:5000/v2/_catalog -k
{"repositories":["lqb_nginx"]}
六、把须要上传的镜像,修改tag,为本地镜像,而后push。
[root@otrs004097 ~]# docker tag lqb2:v2.0 localhost:5000/lqb2v1:v1 [root@otrs004097 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE localhost:5000/yz v1.0 0011d86948f4 26 hours ago 346MB localhost:5000/yzv1 v1 0011d86948f4 26 hours ago 346MB lqb2 v2.0 62226ff8a5bc 27 hours ago 346MB localhost:5000/lqb2v1 v1 62226ff8a5bc 27 hours ago 346MB t1 latest ee097386456f 27 hours ago 380MB [root@otrs004097 ~]# docker push localhost:5000/lqb2v1:v1 The push refers to repository [localhost:5000/lqb2v1] fd214f756b32: Mounted from yzv1 v1: digest: sha256:dc7415d74223057a91d6525473e0aa7e1a8edd89ea63e9ec2166b2deeccb4fe2 size: 529
七、打开浏览器输入:如下,会显示上传的镜像列表
http://192.168.4.97:5000/v2/_catalog
{"repositories":["lqb2v1","myubuntu","yzv1"]}
[root@otrs004097 ~]# curl -XGET HTTP://192.168.4.97:5000/v2/_catalog
{"repositories":["lqb2v1","myubuntu","yzv1"]}
八、测试下载镜像,首先删除镜像,而后在下载
[root@otrs004097 ~]# docker rmi localhost:5000/lqb2v1:v1 Untagged: localhost:5000/lqb2v1:v1 Untagged: localhost:5000/lqb2v1@sha256:dc7415d74223057a91d6525473e0aa7e1a8edd89ea63e9ec2166b2deeccb4fe2 [root@otrs004097 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE localhost:5000/yzv1 v1 0011d86948f4 27 hours ago 346MB localhost:5000/yz v1.0 0011d86948f4 27 hours ago 346MB lqb2 v2.0 62226ff8a5bc 27 hours ago 346MB t1 latest ee097386456f 27 hours ago 380MB lqb1 v1.0 add4aac9e719 27 hours ago 369MB [root@otrs004097 ~]# docker pull localhost:5000/lqb2v1:v1 v1: Pulling from lqb2v1 Digest: sha256:dc7415d74223057a91d6525473e0aa7e1a8edd89ea63e9ec2166b2deeccb4fe2 Status: Downloaded newer image for localhost:5000/lqb2v1:v1 localhost:5000/lqb2v1:v1 [root@otrs004097 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE localhost:5000/yz v1.0 0011d86948f4 27 hours ago 346MB localhost:5000/yzv1 v1 0011d86948f4 27 hours ago 346MB lqb2 v2.0 62226ff8a5bc 27 hours ago 346MB localhost:5000/lqb2v1 v1 62226ff8a5bc 27 hours ago 346MB pull和push都正常上传下载了 备注: docker push <registry_ip>:5000/<image_name>:<version>;上传镜像至私有仓库 docker pull <registry_ip>:5000/<image_name>:<version>;从私有仓库pull镜像 docker run -d --name registry2 -p 5000:5000 -v /opt/docker-registry/:/var/lib/registry -v /opt/dcerts/:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key registry:2
相关文章
- 1. Docker私有仓库Registry及Auth-server认证搭建
- 2. docker registry带ssl认证的私有仓库搭建
- 3. Docker 私有仓库 Harbor registry 安全认证搭建 [Https]
- 4. docker私有仓库搭建及认证
- 5. Docker入门-搭建docker私有仓库
- 6. 快速搭建Docker Registry私有仓库
- 7. Docker:搭建私有仓库(Registry 2.4)
- 8. Docker Registry私有仓库搭建
- 9. Ubuntu Docker Registry 搭建私有仓库
- 10. 搭建docker私有仓库registry
- 更多相关文章...
- • Git 创建仓库 - Git 教程
- • Docker 仓库管理 - Docker教程
- • YAML 入门教程
- • Java Agent入门实战(三)-JVM Attach原理与使用
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
欢迎关注本站公众号,获取更多信息
相关文章
- 1. Docker私有仓库Registry及Auth-server认证搭建
- 2. docker registry带ssl认证的私有仓库搭建
- 3. Docker 私有仓库 Harbor registry 安全认证搭建 [Https]
- 4. docker私有仓库搭建及认证
- 5. Docker入门-搭建docker私有仓库
- 6. 快速搭建Docker Registry私有仓库
- 7. Docker:搭建私有仓库(Registry 2.4)
- 8. Docker Registry私有仓库搭建
- 9. Ubuntu Docker Registry 搭建私有仓库
- 10. 搭建docker私有仓库registry