Docker 创建私有仓库,并支持HTTPS进行push | pull | login
2018-02-11 10:19
1286 查看
覆盖掉目录/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem (对于刚拿到的系统,一定要先备份,切记!本教程适用于 循环创建Docker支持https的私有仓库)
cp /home/zsd/tls-ca-bundle.pem /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
删除/certs/中的registry.crt 和 registry.key
rm /certs/registry.*
删除docker中的registry容器
docker stop registry
docker rm registry
修改openssl.cnf文件
vi /etc/pki/tls/openssl.cnf
在[v3_ca]下面添加 subjectAltName = IP:192.168.0.11
openssl生成私有证书
openssl req [-subj “/C=CN/ST=BeiJing/L=Dongcheng/CN=192.168.0.11”] -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout registry.key -out registry.crt
openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout registry.key -out registry.crt
将生成证书内容追加到该服务器上的证书存放目录的内置信任的证书
cat /certs/registry.crt >> /etc/pki/tls/certs/ca-bundle.crt
重启docker
systemctl restart docker
运行registry
docker run -d -p 443:443 –name registry -v /deploy/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registry.crt -e REGISTRY_HTTP_TLS_KEY=/certs/registry.key registry:2
push镜像到registry
docker push 192.168.0.11/nginx
常见错误
a. Get https://192.168.0.11/v2/: x509: cannot validate certificate for 192.168.0.11 because it doesn’t contain any IP SANs 未操作第4步
b. Get https:///v2/: x509: certificate signed by unknown authority #未操作第6步
具体教程可参考x509: cannot validate certificate because of not containing any IP SANs
cp /home/zsd/tls-ca-bundle.pem /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
删除/certs/中的registry.crt 和 registry.key
rm /certs/registry.*
删除docker中的registry容器
docker stop registry
docker rm registry
修改openssl.cnf文件
vi /etc/pki/tls/openssl.cnf
在[v3_ca]下面添加 subjectAltName = IP:192.168.0.11
openssl生成私有证书
openssl req [-subj “/C=CN/ST=BeiJing/L=Dongcheng/CN=192.168.0.11”] -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout registry.key -out registry.crt
openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout registry.key -out registry.crt
将生成证书内容追加到该服务器上的证书存放目录的内置信任的证书
cat /certs/registry.crt >> /etc/pki/tls/certs/ca-bundle.crt
重启docker
systemctl restart docker
运行registry
docker run -d -p 443:443 –name registry -v /deploy/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registry.crt -e REGISTRY_HTTP_TLS_KEY=/certs/registry.key registry:2
push镜像到registry
docker push 192.168.0.11/nginx
常见错误
a. Get https://192.168.0.11/v2/: x509: cannot validate certificate for 192.168.0.11 because it doesn’t contain any IP SANs 未操作第4步
b. Get https:///v2/: x509: certificate signed by unknown authority #未操作第6步
具体教程可参考x509: cannot validate certificate because of not containing any IP SANs
相关文章推荐
- docker私有仓库pull和push
- Docker 私有仓库,pull镜像报错:server gave HTTP response to HTTPS client
- docker本地私有仓库的创建,及https错误修正
- docker向私有仓库push或者pull
- docker从私有仓库Harbor, push 及 pull 镜像
- docker 创建镜像,并推送到私有仓库
- docker私有仓库创建(1)
- docker push 私有镜像仓库失败
- 创建docker私有仓库
- 使用自签名的方式创建Docker私有仓库
- 【Docker】创建私有仓库, 查看私有仓库镜像, 方便本地共享
- docker创建私有镜像仓库搭建教程
- docker创建私有仓库及存储image
- 构建 Docker registry 私有镜像,解决docker私有仓库push出错问题
- Docker Registry Server 搭建,配置免费HTTPS证书,及拥有权限认证、TLS 的私有仓库
- 使用Docker registry镜像创建私有仓库的方法
- Docker Registry创建自己私有仓库
- docker创建私有仓库
- docker 创建私有镜像仓库
- 创建Docker私有仓库