Docker 仓库分为公有云仓库和私有云仓库 公有云仓库:由互联网公司对外公开的仓库 官方 阿里云等第三方仓库 私有云仓库:组织内部搭建的仓库,一般只为组织内部使用,常使用下面软件搭建仓库 docker registory docker harbor 私有云单机仓库Docker Registry配置说明
#安装httpd工具包 yum -y install httpd-tools #创建目录保存用户信息以及数据 mkdir /docker/registry/ /docker/registry/auth /dokcer/registry/data -pv #在registry下创建auth目录,用于存放用于registry容器的用户名密码的文件,用户名密码不是必须的,如果不设置,则部署的仓库默认为公共仓库。 #生成密码加密的内容 [root@localhost7C registry]# htpasswd -Bbn root 123456 > /docker/registry/auth/htpasswd [root@localhost7C registry]# htpasswd -Bbn zzhz 123456 >> /docker/registry/auth/htpasswd # 以授权方式启动 docker run -d -p 5000:5000 --name registryA --restart=always --privileged=true \ -v /docker/registry/data:/var/lib/registry \ -v /docker/registry/auth:/auth \ -e "REGISTRY_AUTH=htpasswd" \ -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \ -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd docker.io/registry:latest
客户端http登录设置非安全模式登录 方法一、在daedom.json输入"insecure-registries":["192.168.80.120:5000"] 方法二、启动文件中设置 [root@localhost7B haproxy]# vim /lib/systemd/system/docker.service [Service] Type=notify ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.80.120:5000 ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 Restart=always 测试:登录 [root@localhost7B haproxy]# docker login 192.168.80.120:5000 Username: root Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See Login Succeeded #标签 [root@localhost7B haproxy]# docker tag nginx:v1 192.168.80.120:5000/nginx:v1 [root@localhost7B haproxy]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.80.120:5000/nginx v1 e6b2d5a5a6b4 2 weeks ago 1.16GB nginx v1 e6b2d5a5a6b4 2 weeks ago 1.16GB 192.168.80.120:5000/centos-base v1 568629c634fc 2 weeks ago 782MB #上传 [root@localhost7B haproxy]# docker push The push refers to repository [192.168.80.120:5000/nginx] ee3adf110ce8: Pushed 379c896bedff: Pushed f205cc2e9b67: Pushed #客户端下载 [root@localhost ~]# docker login 192.168.80.120:5000 [root@localhost ~]# docker pull 192.168.80.120:5000/nginx:v1 v1: Pulling from nginx 2d473b07cdd5: Pull complete 44d65ce0708e: Pull complete Digest: sha256:b39f7d7a09cdcaefbb63811503fcb6b2b2a1035029b44d1b262c26c06ca4d6f3 Status: Downloaded newer image for 192.168.80.120:5000/nginx:v1 192.168.80.120:5000/nginx:v1 [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.80.120:5000/nginx v1 e6b2d5a5a6b4 2 weeks ago 1.16GB registry latest dcb3d42c1744 4 weeks ago 24.1MB
问题:使用https一直无法登录,提示一直输入密码。测试失败。
设置https方式
使用openssl自建域名证书,此处假设域名为registry.abc.com.并创建/docker/registry/certs目录用于专门存放证书文件
[root@localhost7B ]# yum -y install openssl openssl-devel
生成根证书,执行命令后依次要输入:国家代码(两个英文字母)、省份、城市、组织、单位、域名(www.abc.com)、邮箱。
[root@localhost7B ]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout /docker/registry/certs/domain.key -x509 -days 3000 -out /docker/registry/certs/domain.crt
# 以授权方式启动,
docker run -d -p 5000:5000 -p 443:443 –name registryA –restart=always –privileged=true \
-v /docker/registry/certs:/certs \
-v /docker/registry/data:/var/lib/registry \
-v /docker/registry/auth:/auth \
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
-e “REGISTRY_AUTH=htpasswd” \
-e “REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm” \
-e REGISTRY_AUTH_HTPASSWD_PATH=/var/lib/registry/auth/htpasswd docker.io/registry:latest
#注意下,进入到/etc/docker/certs.d/后,创建目录名同docker的仓库地址(我的是www.abc.com)
mkdir /etc/docker/certs.d/www.abc.com
cp domain.crt /etc/docker/certs.d/www.abc.com
#无BASIC认证账号使用https是可以的。
docker run -d -p 5000:5000 -p 443:443 –name registryA –restart=always –privileged=true \
-v /docker/registry/certs:/certs \
-v /docker/registry/data:/var/lib/registry \
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key docker.io/registry:latest
客户端要做hosts解析。
原文地址:http://www.cnblogs.com/Yuanbangchen/p/16870538.html
