docker registry2 仓库搭建与使用
2016-12-01 10:12
288 查看
docker registry2 仓库搭建与使用
1) 以TLS证书认证启动docker registry2
产生证书
TLS证书认证启动docker registry2
2)非证书认证启动
访问非证书认证启动docker registry2
1)内部访问
直接使用命令push和pull docker镜像
2)外部访问
配置use an insecure registry
Open the /etc/default/docker file or /etc/sysconfig/docker for editing.
Depending on your operating system, your Engine daemon start options.
Edit (or add) the DOCKER_OPTS line and add the –insecure-registry flag.
This flag takes the URL of your registry, for example.
Close and save the configuration file.
Restart your Docker daemon
The command you use to restart the daemon depends on your operating system. For example, on Ubuntu, this is usually the service docker stop and service docker start command.
Repeat this configuration on every Engine host that wants to access your registry.
操作上成功
配置证书访问
官网上说
Instruct every docker daemon to trust that certificate.This is done by copying the domain.crt file to /etc/docker/certs.d/myregistrydomain.com:5000/ca.crt.
domain.crt是运行registry使用的证书
Don’t forget to restart the Engine daemon.
但是操作却未成功
参考
https://docs.docker.com/registry/insecure/
https://docs.docker.com/registry/deploying/#get-a-certificate
https://docs.docker.com/registry/introduction/
docker pull registry-1.docker.io/distribution/registry:2.1
1) 以TLS证书认证启动docker registry2
产生证书
mkdir -p certs && openssl req \ -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \ -x509 -days 365 -out certs/domain.crt
openssl req -newkey rsa:4096 -nodes -sha256 -keyout domain.key -x509 -days 365 -out domain.crt Generating a 4096 bit RSA private key .........................................................................................................................++ ......++ writing new private key to 'domain.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:XW State or Province Name (full name) []:gd Locality Name (eg, city) [Default City]:gz Organization Name (eg, company) [Default Company Ltd]:onecloud Organizational Unit Name (eg, section) []:gz Common Name (eg, your name or your server's hostname) []:host102.gzoc.xww Email Address []:xiongww@onecloud.cn
TLS证书认证启动docker registry2
docker run -d -p 5001:5000 --restart=always --name registrywithcerts --privileged=true -v /root/data:/var/lib/registry -v /root/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key registry:2
2)非证书认证启动
docker run -d -p 5000:5000 --restart=always --privileged=true --name registry -v /root/data:/var/lib/registry registry:2
访问非证书认证启动docker registry2
1)内部访问
直接使用命令push和pull docker镜像
docker tag f753707788c5 localhost:5001/ubuntu docker push localhost:5001/ubuntu
2)外部访问
配置use an insecure registry
Open the /etc/default/docker file or /etc/sysconfig/docker for editing.
$vi /etc/default/docker
Depending on your operating system, your Engine daemon start options.
Edit (or add) the DOCKER_OPTS line and add the –insecure-registry flag.
This flag takes the URL of your registry, for example.
DOCKER_OPTS="--insecure-registry myregistrydomain.com:5000" ADD_REGISTRY='--add-registry 192.168.153.102:5000'
Close and save the configuration file.
Restart your Docker daemon
The command you use to restart the daemon depends on your operating system. For example, on Ubuntu, this is usually the service docker stop and service docker start command.
Repeat this configuration on every Engine host that wants to access your registry.
sudo service docker stop sudo service docker start
操作上成功
配置证书访问
官网上说
Instruct every docker daemon to trust that certificate.This is done by copying the domain.crt file to /etc/docker/certs.d/myregistrydomain.com:5000/ca.crt.
$cp domain.crt \ /etc/docker/certs.d/myregistrydomain.com:5000/ca.crt
domain.crt是运行registry使用的证书
Don’t forget to restart the Engine daemon.
但是操作却未成功
参考
https://docs.docker.com/registry/insecure/
https://docs.docker.com/registry/deploying/#get-a-certificate
https://docs.docker.com/registry/introduction/
相关文章推荐
- docker私有仓库搭建 使用Portus管理docker registry 私有仓库
- Docker Hub 仓库使用,及搭建 Docker Registry
- 使用Docker Registry搭建Docker私有仓库-极简
- Docker Hub 仓库使用,及搭建 Docker Registry
- 使用官方 docker registry 搭建私有镜像仓库及部署 web ui
- CentOS 7 : Docker私有仓库搭建和使用
- 搭建和使用Docker私有仓库
- 使用Docker registry镜像创建私有仓库
- Docker 使用指南 (二)—— 搭建本地仓库
- 使用 harbor 搭建 docker 私有镜像仓库
- Docker仓库搭建(Registry + Portus)
- 搭建自 4000 己的docker registry仓库
- 使用Docker registry镜像创建私有仓库
- docker基础:私有仓库repository搭建(1):registry
- Docker 使用指南 (二)—— 搭建本地仓库
- Docker私有仓库Registry的搭建验证
- Docker私有仓库Registry的搭建验证
- 使用新浪云存储搭建Docker私有仓库服务
- docker-registry 搭建私有仓库服务器
- Docker私有仓库Registry 搭建