CentOs7 docker1.9 通过SSL把镜像上传到仓库

实现在仓库主机本机上通过SSL的方式把镜像上传到本机仓库

Server端：

1.生成证书

[email protected]:~$ sudo openssl req -x509 -nodes -days 365  -subj '/CN='test.registry.com  -newkey rsa:4096 -keyout certs/domain.key -out certs/domain.crt #把证书生成到certs目录下，生成一个test.registry.com域名证书

2.启动容器

[email protected]:~$ docker run -d -p 5000:5000 --restart=always \ 
--name registry  -v `pwd`/certs:/certs \ 
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ 
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
-v /images/:/var/lib/registry \
registry:2.1.1

3.测试

[email protected]:~$ curl --cacert /etc/docker/certs.d/193.registry.com\:5000/domain.crt -XGET 
{"repositories":["registry"]}

Client端

1.把证书移动到对应目录里

[email protected]:~$ mkdir -p /etc/docker/certs.d/test.registry.com:5000/
[email protected]:~$ cp certs/domain.crt   /etc/docker/certs.d/test.registry.com:5000/.

2.把要上传到仓库的镜像打个标签

[email protected]:~$ docker tag busybox  test.registry.com:5000/busybox

3.上传到仓库，无需修改配置文件

[email protected]:~$ docker  pull  test.registry.com:5000/busybox

脚本实现所有步骤

#!/bin/bash
ip_1=`ifconfig eth0  |grep inet|awk '{print $2}' |head -1|awk -F ':' '{print $2}'`
ip=`ifconfig eth0  |grep inet|awk '{print $2}' |head -1|awk -F ':' '{print $2}'|awk -F '.'  '{print $4}'`
sudo  chmod  777 /etc/hostname
sudo echo $ip.registry.com > /etc/hostname
sudo hostname  $ip.registry.com
sudo mkdir  certs
sudo openssl req -x509 -nodes -days 365  -subj '/CN='$ip'.registry.com'  -newkey rsa:4096 -keyout certs/domain.key -out certs/domain.crt
sudo chmod -R  777   /etc/docker
sudo mkdir -p /etc/docker/certs.d/$ip.registry.com:5000
sudo cp certs/domain.crt  /etc/docker/certs.d/$ip.registry.com:5000/.
sudo docker run -d -p 5000:5000 --restart=always  --name registry  -v `pwd`/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key -v /images/:/var/lib/registry registry:2.1.1
sudo  chmod  777 /etc/hosts
sudo echo $ip_1  $ip.registry.com  >>   /etc/hosts