基於centos6.7的docker私有倉庫搭建
1 倉庫配置https認證
cd /etc/docker/
mkdir certs
[root@docker01 docker]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/docker01.key -x509 -days 365 -out certs/docker01.crt
填好相應的簡稱及email即可
2 執行registry容器
[root@docker01 docker]# docker run -d -P -it \
-p 5000:5000 --restart=always \
--name registry -v `pwd`/certs:/etc/docker/certs/ \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/docker/certs/docker01.crt \
-e REGISTRY_HTTP_TLS_KEY=/etc/docker/certs/docker01.key registry
3 配置客戶端docker02
mkdir -p /etc/docker/certs.d/docker01:5000
scp docker01:/etc/docker/certs/docker01.crt /etc/docker/certs.d/docker01:5000/ca.crt
檢視映象
[root@docker02 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
swarm latest 8eadaf3525b0 2 weeks ago 15.77 MB
上傳映象
docker tag swarm docker01:5000/swarm
[root@docker02 docker]# docker push docker01:5000/swarm
docker01想上傳資料同樣需要配置證書,同docker02
4 鑑權管理
將以上的registry容器刪除乾淨,包括倉庫的本地檔案
還是在/etc/docker目錄下操作
mkdir auth
docker run --entrypoint htpasswd registry -Bbn bsoft bsoft > auth/htpasswd
[root@docker01 docker]# docker run -d -p 5000:5000 --restart=always \
--name registry -v `pwd`/certs:/etc/docker/certs/ \
-v `pwd`/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-v `pwd`/data:/var/lib/registry \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/docker/certs/docker01.crt \
-e REGISTRY_HTTP_TLS_KEY=/etc/docker/certs/docker01.key \
registry
啟動後即可push,push不僅需要證書還要輸入使用者、密碼和郵箱,而pull只需要有證書即可
注意pull的時候需要帶上版本號,而curl檢視是看不到版本號的
curl檢視:
curl --cacert /etc/docker/certs/docker01.crt --basic --user bsoft:bsoft https://docker01:5000/v2/_catalog
curl --cacert /etc/docker/certs.d/docker01:5000/ca.crt --basic --user bsoft:bsoft https://docker01:5000/v2/_catalog