2.Docker-registry

Docker官方提供的Docker Repostory在国内连接不稳定,可以自行搭建私服。

私服可直接使用Docker提供的registry2,需先搭建Docker运行环境。

镜像所在服务器及测试服务器系统均为CentOS 7.3 Docker版本 17.09.0-ce

本地使用Docker 18.03.0-ce-mac60

1.服务器下载registry image

docker  pull  registry

2 服务器配置证书

进入/etc/docker目录,生成证书

mkdir -p certs && openssl req \ -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \ -x509 -days 365 -out certs/domain.crt

根据提示输入基本信息,注意:CommonName需配置成域名 本例使用docker.registry.server

创建目录

mkdir -p /etc/docker/certs.d/docker.registry.server:5000

拷贝证书到该目录

cp certs/domain.crt /etc/docker/certs.d/docker.registry.server:5000/ca.crt

3.服务器配置hosts文件

配置host文件 vim /etc/hosts

10.26.98.81 docker.registry.server

4 服务器配置密码

mkdir auth && docker run --entrypoint htpasswd registry -Bbn [用户名] [密码] > auth/htpasswd

5 服务器使用证书和密码启动

进入/etc/docker目录

创建资源目录mkdir registryDir

启动docker (pwd为当前路径 )

docker run -d -p 5000:5000 --restart=always --name registry \

-v `pwd`/auth:/auth \

-e "REGISTRY_AUTH=htpasswd" \

-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \

-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \

-v `pwd`/registryDir:/var/lib/registry \

-v `pwd`/certs:/certs \

-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \

-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \

registry

6.查看container

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

8ba12615dde8 registry "/entrypoint.sh /e..." 8 seconds ago Up 8 seconds 0.0.0.0:5000->5000/tcp registry

7.服务器本机push image测试

docker tag tutum/ntpd localhost:5000/tutum/ntpd

docker push localhost:5000/tutum/ntpd

8.客户端登录registry

8.1 配置hosts文件

59.110.14.120 docker.registry.server

8.2 配置公钥,将服务端crt拷贝到客户机以下目录

/etc/docker/certs.d/docker.registry.server:5000/ca.crt

8.3 登录

docker login docker.registry.server:5000

输入用户名及密码,提示 Login Succeeded

8.4 上传

docker tag hello-world docker.registry.server:5000/hello-world

docker push docker.registry.server:5000/hello-world

9.查看私服中的资源

https://59.110.14.120:5000/v2/_catalog

使用用户名密码登录,结果如下

{

repositories: [

"hello-world"

]

}

登录常见错误

1.run registry时没使用证书

The push refers to a repository [59.110.14.120:5000/hello-world]

Get https://59.110.14.120:5000/v2/: http: server gave HTTP response to HTTPS client

2.客户端没配置密钥

Error response from daemon: Get https://docker.registry.server:5000/v2/: x509: certificate signed by unknown authority

参照正文9.2配置证书即可

注意:mac docker ce安装后没有/etc/docker文件夹,需要手动配置证书

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain domain.crt

配置完成后restart docker

http://container-solutions.com/adding-self-signed-registry-certs-docker-mac/

3.安装docker客户端的mac报错,与代理设置有关,

Error response from daemon: Get https://docker.registry.server:5000/v2/: proxyconnect tcp: dial tcp 192.168.65.1:58701: getsockopt: connection refused

参考

https://blog.csdn.net/xiaojiang0829/article/details/50605534

http://hanqunfeng.iteye.com/blog/2331644

https://docs.docker.com/registry/deploying/

https://docs.docker.com/registry/spec/api/

你可能感兴趣的:(2.Docker-registry)