Docker部署注册中心、Docker建立私有镜像库、自签名证书、Deploy a registry server
这是我在内部部署Docker Registry时记录下来的笔记,操做环境是Centos 七、Docker 18.06.1-cehtml
一、运行registrynode
我当前所使用的主机的IP是192.168.1.249,工做目录在:/data/docker/registry,nginx
-
# docker run -d -p 5000:5000 --restart always --name registry \
-
-v /data/docker/registry/data:/var/lib/registry registry:2
此时访问,http://192.168.1.249:5000/v2/_catalog ,返回正常(空json对象),证实部署成功。docker
二、测试提交镜像json
-
# docker pull nginx:alpine
-
# docker tag nginx:alpine 192.168.1.249:5000/nginx-alpine
-
# docker push 192.168.1.249:5000/nginx-alpine
实际不成功,返回错误以下:vim
-
The push refers
to repository [
192.168.
1.249:
5000/nginx-alpine]
-
Get https:
//192.168.1.249:5000/v2/: http: server gave HTTP response to HTTPS client
查看文档得知,在配置文件中添加insecure-registries而后重启docker便可,以下:bash
-
# vim /etc/docker/daemon.json
-
{
-
"insecure-registries": [
"192.168.1.249:5000"]
-
}
-
# systemctl restart docker
此时再push果真成功,除了使用配置文件,下面来配置使用自签名证书。dom
三、使用自签名证书curl
生成证书要使用域名,我这里定为:registry.docker.local,(不用域名,直接用IP的话,要修改openssl配置文件,建议用域名)测试
-
# mkdir -p /data/docker/registry/certs
-
# openssl req \
-
-newkey rsa:4096 -nodes -sha256 -keyout /data/docker/registry/certs/domain.key \
-
-x509 -days 365 -out /data/docker/registry/certs/domain.crt
生成证书时要输入一些信息,注意Common Name要输入你使用的域名,其它可直接回车,以下:
-
Country
Name (
2 letter code) [XX]:
-
State
or Province
Name (full
name) []:
-
Locality
Name (eg, city) [
Default City]:
-
Organization
Name (eg, company) [
Default Company Ltd]:
-
Organizational
Unit
Name (eg, section) []:
-
Common
Name (eg, your
name
or your server
's hostname) []:registry.docker.local
-
Email Address []:
启动容器(相关参数按状况调整下,如你可以使用443端口,这样在后续就不用带5000这个端口),以下:
-
# docker run -d \
-
--restart=always \
-
--name registry \
-
-v /data/docker/registry/data:/var/lib/registry \
-
-v /data/docker/registry/certs:/certs \
-
-e REGISTRY_HTTP_ADDR=0.0.0.0:5000 \
-
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
-
-p 5000:5000 \
-
registry:2
四、测试使用
注意,因为是随便自定义的域名,记得先把域名 registry.docker.local添加到/etc/hosts文件,
-
# docker tag nginx:alpine registry.docker.local:5000/nginx-alpine
-
# docker push registry.docker.local:5000/nginx-alpine
此时报错,以下:
-
The push refers
to repository [registry.docker.
local:
5000/nginx-alpine]
-
Get https:
//registry.docker.local:5000/v2/: x509: certificate signed by unknown authority
看文档,得知要把 domain.crt 文件放到 /etc/docker/certs.d/registry.docker.local:5000/ca.crt ,(注意,你在哪台机作push操做,就放到哪台机呀)
-
# mkdir -p /etc/docker/certs.d/registry.docker.local:5000
-
# cp xxx/domain.crt /etc/docker/certs.d/registry.docker.local:5000/
这时候再push就成功了,以下:
-
# docker push registry.docker.local:5000/nginx-alpine
-
The
push refers to repository [registry.docker.local:
5000/nginx-alpine]
-
a83dbde6ba05: Layer already
exists
-
431a5c7929dd: Layer already
exists
-
39e8483b9882: Layer already
exists
-
df64d3292fd6: Layer already
exists
-
latest: digest: sha256:
57a94fc99816c6aa225678b738ac40d85422e75dbb96115f1bb9b6ed77176166 size:
1153
访问 https://registry.docker.local:5000/v2/_catalog,也看到结果,以下:
-
# curl https://registry.docker.local:5000/v2/_catalog --insecure
-
{
"repositories":[
"nginx-alpine"]}
看来自定义证书还很不方便,可使用免费证书:https://letsencrypt.org (Let's Encrypt)
参考:
https://docs.docker.com/registry/deploying/
https://docs.docker.com/registry/insecure/#deploy-a-plain-http-registry
- 1. Docker部署注册中心、Docker建立私有镜像库、自签名证书、Deploy a registry server
- 2. Docker registry自签名证书
- 3. docker 建立私有镜像之 registry
- 4. 搭建docker registry私有镜像仓库
- 5. Docker 搭建私有镜像仓库Registry
- 6. docker部署harbor私有镜像库(3)
- 7. 部署私有Docker Registry
- 8. centos7上安装部署私有镜像仓库(docker-registry)
- 9. 10.部署私有 docker registry
- 10. Docker建立私有Registry
- 更多相关文章...
- • Docker 镜像加速 - Docker教程
- • Docker 镜像使用 - Docker教程
- • Docker容器实战(一) - 封神Server端技术
- • Spring Cloud 微服务实战(三) - 服务注册与发现
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. 安装cuda+cuDNN
- 2. GitHub的使用说明
- 3. phpDocumentor使用教程【安装PHPDocumentor】
- 4. yarn run build报错Component is not found in path “npm/taro-ui/dist/weapp/components/rate/index“
- 5. 精讲Haproxy搭建Web集群
- 6. 安全测试基础之MySQL
- 7. C/C++编程笔记:C语言中的复杂声明分析,用实例带你完全读懂
- 8. Python3教程(1)----搭建Python环境
- 9. 李宏毅机器学习课程笔记2:Classification、Logistic Regression、Brief Introduction of Deep Learning
- 10. 阿里云ECS配置速记
- 1. Docker部署注册中心、Docker建立私有镜像库、自签名证书、Deploy a registry server
- 2. Docker registry自签名证书
- 3. docker 建立私有镜像之 registry
- 4. 搭建docker registry私有镜像仓库
- 5. Docker 搭建私有镜像仓库Registry
- 6. docker部署harbor私有镜像库(3)
- 7. 部署私有Docker Registry
- 8. centos7上安装部署私有镜像仓库(docker-registry)
- 9. 10.部署私有 docker registry
- 10. Docker建立私有Registry