Nexus部署docker本地仓库

上一篇讲了怎么部署Nexus,及用Nexus部署yum源，现在讲一下使用Nexus部署docker仓库，为以后部署k8s等做本地仓库。

下面安装docker。

环境：centos7

yum -y install docker

yum -y install nginx

因为docker在传输的过程中默认使用的是https,在网上搜了一下有些说可以把它取消掉，做了一下测试，发现在上传的时候还是有问题，因此我还是使用https的方式，所以在本地搭建了一个nginx用来做反向代理。

nginx配置：

[root@yangdong ~]# cat /usr/local/nginx/conf/conf.d/nexus.conf 
upstream nexus_docker_get {
    server 192.168.105.233:8082;
}
 
upstream nexus_docker_put {
    server 192.168.105.233:8083;
}
server {
    listen 80;
    listen 443 ssl;
    server_name idocker.yangdong.com;
    access_log /var/log/nginx/idocker.io.log;
    ssl_certificate  certs/server.crt;
    ssl_certificate_key certs/server.key;
    ssl_protocols TLSv1.1 TLSv1.2;
    ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    client_max_body_size 0;
    chunked_transfer_encoding on;
    if ( $request_method ~* 'GET') {
        set $upstream "nexus_docker_get";
    }
    index index.html index.htm index.php;
    if ( $request_method !=  'GET' ) {
    set $upstream "nexus_docker_put";
    }
    location / {
            proxy_pass http://$upstream;
            proxy_set_header Host $host;
            proxy_connect_timeout 3600;
            proxy_send_timeout 3600;
            proxy_read_timeout 3600;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_buffering off;
            proxy_request_buffering off;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto http;
    }
}

#证书需要自己签发一个，我这里是自己签发了一个idocker.yangdong.com的证书。因为这是本地签发的因此需要在客户端上做一下hosts解析。

vim /etc/hosts
192.168.105.233  idocker.yangdong.com

这时候还需要做一下docker的证书认证：

[root@yangdong certs.d]# cd /etc/docker/certs.d/
[root@yangdong certs.d]# ls idocker.yangdong.com/
ca.crt

#在docker的证书目录下新建一个目录，把自签发的crt证书拷贝过来，记住一定要把名字改为ca.crt

重启docker:

systemctl restart docker

验证：

[root@yangdong ~]# docker login -uadmin -padmin123  idocker.yangdong.com
Login Succeeded
[root@yangdong ~]# docker images
REPOSITORY                                         TAG                 IMAGE ID            CREATED           
  SIZEdocker.io/nginx                                    latest              5a3221f0137b        5 days ago        
  126 MBfdfsimg.vip.test.suixinhuan.com/nginx              latest              5a3221f0137b        5 days ago        
  126 MBidocker.yangdong.com/nginx-v1                      latest              5a3221f0137b        5 days ago        
  126 MB192.168.105.233:8084/redis                         latest              f7302e4ab3a8        6 days ago        
  98.2 MBdocker.io/redis                                    latest              f7302e4ab3a8        6 days ago        
  98.2 MBfdfsimg.vip.test.suixinhuan.com/redis-v1           latest              f7302e4ab3a8        6 days ago        
  98.2 MBfdfsimg.vip.test.suixinhuan.com/redis              latest              f7302e4ab3a8        6 days ago        
  98.2 MBfdfsimg.vip.test.suixinhuan.com/gitlab/gitlab-ce   latest              eb85f9e7e4b4        8 days ago        
  1.84 GB[root@yangdong ~]# docker login -uadmin -padmin123  idocker.yangdong.com
Login Succeeded
[root@yangdong ~]# docker tag docker.io/redis idocker.yangdong.com/redis
[root@yangdong ~]# docker push idocker.yangdong.com/redis
The push refers to a repository [idocker.yangdong.com/redis]
567b5c120525: Layer already exists 
56f790a1596e: Layer already exists 
07c26782b55f: Layer already exists 
57ad49a0010c: Layer already exists 
00ac47184776: Layer already exists 
1c95c77433e8: Layer already exists 
latest: digest: sha256:0e67625224c1da47cb3270e7a861a83e332f708d3d89dde0cbed432c94824d9a size: 1572

这时候我们去Nexus上查看可以发现redis已经上传到本地仓库了。

 同理docker pull you_want_images也可以下载下来。