利用docker官网提供的registry镜像创建私有仓库
一、首先从docker官网拉取registry镜像:
docker pull registry
二、然后运行该镜像:
docker run --name MyRegistry -d -v /data/DockerRegistry:/var/lib/registry -p 5000:5000 registry
其中,-v /data/DockerRegistry:/var/lib/registry表示将镜像库映射到宿主机的/data目录
验证仓库运行:
http://ip:5000/v2/
其中,v2表示registry的tag,该url会返回一个空'{}'。
三、推送本地镜像到仓库:
先说下docker仓库中镜像的命名格式:registry.mydaemon.com/redis/redis-master:latest,共由三部分组成。
registry.mydaemon.com:表示仓库服务器地址
redis:表示镜像仓库的分类
redis-master:表示镜像名称
:latest:表示版本
1、首先对本地镜像打tag,告知镜像仓库的地址:
docker tag redis-master 192.168.0.100:5000/redis/redis-master:1.0
2、推送镜像到仓库:
docker push 192.168.0.100:5000/redis/redis-master:1.0
注意,push的时候可能会遇到一下提示:
The push refers to a repository [192.168.0.100:5000/redis/redis-master]
Get https://192.168.0.100:5000/v1/_ping: http: server gave HTTP response to HTTPS client
这是因为客户端push的时候采用https协议,而registry未使用https导致的。
解决方法如下:
在/etc/docker/目录下创建daemon.json文件,并写入如下内容:
{ "insecure-registries":["192.168.0.110:5000"] }
然后重启docker:
service docker restart
接着再执行push就可以了:
[root@ahaii docker]# docker push 192.168.0.100:5000/redis/redis-master:1.0 The push refers to a repository [192.168.0.100:5000/redis/redis-master] e5bc8ffdee47: Pushed babc1e95c4f0: Pushed ebc4b691c405: Pushed 6363afe92ed2: Pushed 78e49376f417: Pushed b8aa150f5f16: Pushed b51149973e6a: Pushed 1.0: digest: sha256:7c60ce71ba4026b2b35e78c86dfgddf7ae171bf1d2903a567b964ad9a07f26f9 size: 1786
通过页面可以看到镜像已经存在:
以上的搭建,是最简单模式,没有安全认证的设置。
下面用官方的registry v2搭建私有仓库,自生成签字证书(用于https),并设置登陆认证
1、获取registry:
docker pull registry:2
2、在registry仓库目录下创建cert目录,并利用openssl自生成签名:
#mkdir certs #openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 99999 -out certs/domain.crt
出现如下信息:
Generating a 4096 bit RSA private key ..........................++ ............................................................................................++ writing new private key to 'certs/domain.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:beijing Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]:docker Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:docker.damoin.com Email Address []:ahaii@ahaii.com
主要输入registry服务器的域名,其他的可以不用填写。
3、创建登陆帐号密码:
#mkdir auth #docker run --entrypoint htpasswd registry:2 -Bbn ahaii ahaii123 > auth/htpasswd
这里创建的帐号/密码为:ahaii/ahaii123
4、运行带有TLS认证的registry容器:
[root@ahaii DockerRegistry]# docker run -d -p 5000:5000 --restart=always --name registry > -v `pwd`/auth:/auth > -v /data/local/DockerRegistry:/var/lib/registry > -e "REGISTRY_AUTH=htpasswd" > -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" > -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd > -v `pwd`/certs:/certs > -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt > -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key > registry:2
5、运行成功后,可以通过页面登陆查看:
地址栏里输入:https://docker.damoin.com:5000/v2/后,会要求登陆。输入ahaii/ahaii123后登陆成功:
注意:是https。
6、将本地镜像推送到仓库:
registry客户端登陆:
docker login docker.damoin.com:5000
会要求输入帐号密码,输入之后提示:
Error response from daemon: Get https://docker.damoin.com:5000/v1/users/: x509: certificate signed by unknown authority
客户端不信任registry自生成的证书,解决->让registry客户端信任registry自生成的证书:
[root@ahaii DockerRegistry]# ls /etc/docker/certs.d/docker.damoin.com:5000/ ca.crt
然后继续登陆仓库,提示登陆成功:
[root@ahaii certs]# docker login docker.damoin.com:5000 Username: ahaii Password: Login Succeeded
好,现在继续push镜像到仓库:
[root@ahaii DockerRegistry]# docker push docker.damoin.com:5000/redis/redis-master:1.0 The push refers to a repository [docker.damoin.com:5000/redis/redis-master] e5bc8ffdee47: Pushed babc1e95c4f0: Pushed ebc4b691c405: Pushed 6363afe92ed2: Pushed 78e49376f417: Pushed b8aa150f5f16: Pushed b51149973e6a: Pushed 1.0: digest: sha256:7c60ce71ba4026b2b35df7c86118ddf7ae171bf1d2903a567b964ad9a07f26f9 size: 1786
OK,push成功,通过浏览器查看如下:
