Docker 创建私有仓库,并支持HTTPS进行push | pull | login

于 2019-06-01 19:59:25 发布
阅读量1.6k 收藏
点赞数
CC 4.0 BY-SA版权
分类专栏: # DOCKER
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/h106140873/article/details/90732168

修改openssl.cnf文件
vi /etc/pki/tls/openssl.cnf
在[v3_ca]下面添加 subjectAltName = IP:192.168.20.105

openssl生成私有证书

[root@k3s-node2 ~]# mkdir /certs
[root@k3s-node2 ~]# cd /certs
[root@k3s-node2 certs]# openssl req -subj "/C=CN/ST=BeiJing/L=Dongcheng/CN=192.168.20.105" -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout registry.key -out registry.crt

将生成证书内容追加到该服务器上的证书存放目录的内置信任的证书
 

[root@k3s-node2 certs]# cat /certs/registry.crt >> /etc/pki/tls/certs/ca-bundle.crt

重启docker

[root@k3s-node2 certs]# systemctl restart docker

运行registry

[root@k3s-node2 ~]# docker run -d -p 443:443 --restart=always \
--name registry -v /certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registry.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/registry.key registry:2

查看日志

[root@k3s-node2 ~]# docker logs registry
time="2019-06-01T11:43:43.697818245Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable." go.version=go1.11.2 instance.id=4b9378fe-350a-4143-88f5-3b5894f1a9b9 service=registry version=v2.7.1
time="2019-06-01T11:43:43.697951189Z" level=info msg="redis not configured" go.version=go1.11.2 instance.id=4b9378fe-350a-4143-88f5-3b5894f1a9b9 service=registry version=v2.7.1
time="2019-06-01T11:43:43.697992216Z" level=info msg="Starting upload purge in 11m0s" go.version=go1.11.2 instance.id=4b9378fe-350a-4143-88f5-3b5894f1a9b9 service=registry version=v2.7.1
time="2019-06-01T11:43:43.719287359Z" level=info msg="using inmemory blob descriptor cache" go.version=go1.11.2 instance.id=4b9378fe-350a-4143-88f5-3b5894f1a9b9 service=registry version=v2.7.1
time="2019-06-01T11:43:43.720676812Z" level=info msg="listening on [::]:443, tls" go.version=go1.11.2 instance.id=4b9378fe-350a-4143-88f5-3b5894f1a9b9 service=registry version=v2.7.1

push镜像到registry

[root@k3s-node2 certs]# docker pull nginx
[root@k3s-node2 certs]# docker tag docker.io/nginx 192.168.20.105/nginx:latest
[root@k3s-node2 certs]# docker push 192.168.20.105/nginx
The push refers to a repository [192.168.20.105/nginx]
332fa54c5886: Pushed
6ba094226eea: Pushed
6270adb5794c: Pushed
latest: digest: sha256:e770165fef9e36b990882a4083d8ccf5e29e469a8609bb6b2e3b47d9510e2c8d size: 948

 

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值