1.环境:

[root@docker02 anchors]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
[root@docker02 anchors]# docker info
Containers:
Running:
Paused:
Stopped:
Images:
Server Version: 17.03.1-ce
.....
10.60.10.39     docker01.lo   -->仓库
10.60.10.40 docker02.lo -->客户端
10.60.10.41 docker03.lo -->客户端

2.仓库配置https认证

a.配置hosts文件

[root@docker01 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.60.10.39 docker01.lo
10.60.10.40 docker02.lo
10.60.10.41 docker03.lo

b.生成证书

[root@docker01 ~]# cd /etc/docker/
[root@docker01 docker]# mkdir certs
#切到docker配置文件目录,新建certs目录。
[root@docker01 docker]# openssl req -newkey rsa: -nodes -sha256 -keyout certs/docker01.lo.key -x509 -days  -out certs/docker01.lo.crt
Generating a bit RSA private key
..........................................................................................................................................................................................................................................................................++
..............++
writing new private key to 'certs/docker01.lo.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name ( letter code) [XX]:CN
State or Province Name (full name) []:ZJ
Locality Name (eg, city) [Default City]:HZ
Organization Name (eg, company) [Default Company Ltd]:ZX
Organizational Unit Name (eg, section) []:ZX
Common Name (eg, your name or your server's hostname) []:docker01.lo
Email Address []:TEST@.com

注意,以上红色字体的三处关键字要一致,这里我用得是仓库主机的主机名。

[root@docker01 docker]# ll certs/
total
-rw-r--r--. root root Jun : docker01.lo.crt
-rw-r--r--. root root Jun : docker01.lo.key

3.运行registry容器

docker run -d -P -it -p : --restart=always  --name registry_https01 -v `pwd`/certs:/etc/docker/certs/ -e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/docker/certs/docker01.lo.crt  -e REGISTRY_HTTP_TLS_KEY=/etc/docker/certs/docker01.lo.key registry
[root@docker01 docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4b10b23f3dd0 registry "/entrypoint.sh /e..." seconds ago Up seconds 0.0.0.0:->/tcp registry_https01
[root@docker01 docker]# netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0.0.0.0: 0.0.0.0:* LISTEN /sshd
tcp 127.0.0.1: 0.0.0.0:* LISTEN /master
tcp6 ::: :::* LISTEN /sshd
tcp6 ::: :::* LISTEN /master
tcp6 ::: :::* LISTEN /dockerd
tcp6 ::: :::* LISTEN /docker-proxy
tcp6 ::: :::* LISTEN /dockerd
tcp6 ::: :::* LISTEN /dockerd

4.配置客户端( 需要配置hosts文件如步骤2-a)

a.远程拷贝docker01.lo.crt到客户端/etc/pki/ca-trust/source/anchors目录下

[root@docker01 docker]# scp certs/docker01.lo.crt 10.60.10.40:/etc/pki/ca-trust/source/anchors
root@10.60.10.40's password:
docker01.lo.crt % .0KB/s :
[root@docker01 docker]# scp certs/docker01.lo.crt 10.60.10.41:/etc/pki/ca-trust/source/anchors
root@10.60.10.41's password:
docker01.lo.crt % .0KB/s :

b.更新证书

[root@docker02 ~]# cd /etc/pki/ca-trust/source/anchors
[root@docker02 anchors]# update-ca-trust
[root@docker03 ~]# cd /etc/pki/ca-trust/source/anchors
[root@docker03 anchors]# update-ca-trust

c.上传image

[root@docker02 anchors]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 958a7ae9e569 weeks ago MB
swarm latest 36b1e23becab months ago 15.9 MB
centos 6.8 0cd976dc0a98 months ago MB
[root@docker02 anchors]# docker tag centos:6.8 docker01.lo:/centos:6.8
[root@docker02 anchors]# docker push docker01.lo:/centos
The push refers to a repository [docker01.lo:/centos]
b1b065555b8a: Pushed
6.8: digest: sha256:c338f851dc6520fc3f7ece01e4fbe207eaa78b775a0738f2bfdd6f36144e6b8a size:
[root@docker02 anchors]# curl https://docker01.lo:5000/v2/_catalog
{"repositories":["centos"]}

-----------------------------------------------------------------------------

[root@docker03 anchors]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest 7b9b13f7b9c0 weeks ago MB
nginx latest 958a7ae9e569 weeks ago MB
swarm latest 36b1e23becab months ago 15.9 MB
centos 6.8 0cd976dc0a98 months ago MB
[root@docker03 anchors]# docker tag ubuntu docker01.lo:5000/ubuntu
[root@docker03 anchors]# docker push docker01.lo:/ubuntu
The push refers to a repository [docker01.lo:/ubuntu]
d8b353eb3025: Pushed
f2e85bc0b7b1: Pushed
fc9e1e5e38f7: Pushed
fe9a3f9c4559: Pushed
6a8bf8c8edbd: Pushed
latest: digest: sha256:ea1d854d38be82f54d39efe2c67000bed1b03348bcc2f3dc094f260855dff368 size:
[root@docker03 anchors]# curl https://docker01.lo:5000/v2/_catalog
{"repositories":["centos","ubuntu"]}

d.下载image

[root@docker02 anchors]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 958a7ae9e569 weeks ago MB
swarm latest 36b1e23becab months ago 15.9 MB
centos 6.8 0cd976dc0a98 months ago MB
docker01.lo:/centos 6.8 0cd976dc0a98 months ago MB
[root@docker02 anchors]# docker pull docker01.lo:/ubuntu
Using default tag: latest
latest: Pulling from ubuntu
bd97b43c27e3: Pull complete
6960dc1aba18: Pull complete
2b61829b0db5: Pull complete
1f88dc826b14: Pull complete
73b3859b1e43: Pull complete
Digest: sha256:ea1d854d38be82f54d39efe2c67000bed1b03348bcc2f3dc094f260855dff368
Status: Downloaded newer image for docker01.lo:/ubuntu:latest
[root@docker02 anchors]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker01.lo:/ubuntu latest 7b9b13f7b9c0 weeks ago MB
nginx latest 958a7ae9e569 weeks ago MB
swarm latest 36b1e23becab months ago 15.9 MB
centos 6.8 0cd976dc0a98 months ago MB
docker01.lo:/centos 6.8 0cd976dc0a98 months ago MB

-------------------------------------------------

[root@docker03 anchors]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker01.lo:/ubuntu latest 7b9b13f7b9c0 weeks ago MB
ubuntu latest 7b9b13f7b9c0 weeks ago MB
nginx latest 958a7ae9e569 weeks ago MB
swarm latest 36b1e23becab months ago 15.9 MB
centos 6.8 0cd976dc0a98 months ago MB
[root@docker03 anchors]# docker pull docker01.lo:/centos:6.8
6.8: Pulling from centos
Digest: sha256:c338f851dc6520fc3f7ece01e4fbe207eaa78b775a0738f2bfdd6f36144e6b8a
Status: Downloaded newer image for docker01.lo:/centos:6.8
[root@docker03 anchors]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker01.lo:/ubuntu latest 7b9b13f7b9c0 weeks ago MB
ubuntu latest 7b9b13f7b9c0 weeks ago MB
nginx latest 958a7ae9e569 weeks ago MB
swarm latest 36b1e23becab months ago 15.9 MB
centos 6.8 0cd976dc0a98 months ago MB
docker01.lo:/centos 6.8 0cd976dc0a98 months ago MB

5.问题解决:

[root@docker03 anchors]# docker push docker01.lo:5000/centos
The push refers to a repository [docker01.lo:5000/centos]
Get https://docker01.lo:5000/v1/_ping: x509: certificate signed by unknown authority

如碰到上述问题:

[root@docker03 anchors]# cat docker01.l.crt >> /etc/pki/tls/certs/ca-bundle.crt
[root@docker03 anchors]# update-ca-trust
[root@docker03 anchors]# systemctl restart docker

centos7搭建docker私有仓库的更多相关文章

  1. CentOS7搭建Docker私有仓库----Docker

    有时候使用Docker Hub这样的公共仓库可能不方便,这种情况下用户可以使用registry创建一个本地仓库供私人使用,这点跟Maven的管理类似.目前Docker Registry已经升级到了v2 ...

  2. 一步步搭建docker私有仓库并从私有仓库中下载镜像

    一步步搭建docker私有仓库 #下载镜像 docker pull registry#查看镜像 docker images #运行私有仓库,指定端口和数据卷 docker run -d -p : -v ...

  3. 搭建docker私有仓库

    保存镜像的地方成为仓库(registry).目前有2种仓库:公共仓库和私有仓库. 最方便的是使用公共仓库上传和下载镜像,下载不需要注册,上传需要到公共仓库注册.公共仓库网站:https://hub.d ...

  4. Centos7搭建Harbor私有仓库(二)

    1 说明 前文Centos7搭建Harbor私有仓库(一)中成功搭建了Harbor,但,是以http方式搭建的,这里我们修改为https方式 以下基于镜像CentOS-7-x86_64-Minimal ...

  5. windows 环境下搭建docker私有仓库

    windows 环境下搭建docker私有仓库 1.在公用仓库中pull仓库镜像 docker pull regitry 2.启动仓库镜像 //-d意思是后台运行,-p是做端口映射,这里是将本地的50 ...

  6. Docker自学纪实(六)搭建docker私有仓库

    docker的镜像仓库分两种:一种是从官方公有仓库拉取:还有就是自己搭建私有仓库.官方的镜像仓库是面对整个应用市场的:私有仓库一般用于公司内部,就是公司项目自身所需的镜像.搭建私有仓库有什么好处?私有 ...

  7. 搭建docker私有仓库,建立k8s集群

    服务器IP角色分布 192.168.5.2 etcd server 192.168.5.2 kubernetes master 192.168.5.3 kubernetes node 192.168. ...

  8. 手把手教你搭建Docker私有仓库

    章节一:centos7 docker安装和使用_入门教程 章节二:使用docker部署Asp.net core web应用程序 有了前面的基础,接下来的操作就比较简单了.先准备两台虚拟机,两台机器上都 ...

  9. 03搭建docker私有仓库

    搭建docker私仓,可以使用docker官方提供的registry镜像.该镜像目前有2.0,2.3和2.3.1版本.它只与1.6.0以上版本的docker兼容.搭建私仓的步骤如下: 一:无代理.无认 ...

随机推荐

  1. Mongodb安全认证

    Mongodb安全认证在单实例和副本集两种情况下不太一样,单实例相对简单,只要在启动时加上 --auth参数即可,但副本集则需要keyfile. 一.单实例 1.启动服务(先不要加auth参数) 2. ...

  2. [hadoop] hdfs 格式化错误 java.net.UnknownHostException

    执行 hdfs namenode -format 抛出错误 主机名称异常,查看主机信息 原来 通过 bogon 无法找到主机 ,在host 中也没有对应的映射信息 修改后即可 再次执行 hdfs na ...

  3. SpringMVC------报错:java.lang.ClassNotFoundException: org.springframework.web.filter.CharacterEncodingFilter

    详细信息: java.lang.ClassNotFoundException: org.springframework.web.filter.CharacterEncodingFilter 严重: E ...

  4. MongoDB聚合管道

    通过上一篇文章中,认识了MongoDB中四个聚合操作,提供基本功能的count.distinct和group,还有可以提供强大功能的mapReduce. 在MongoDB的2.2版本以后,聚合框架中多 ...

  5. 通过SSH实现Windows与linux之间传输文件

    Linux是非常好的开发环境,但很多时候我们希望能够在Windows上操作,通过SSH协议可以实现两者之间传输文件. 一 需要在Linux系统上安装ssh-server,有的linux系统自带了. 查 ...

  6. 使用powerdesigner连接MySQL并设置逆向工程图文教程

    我用的是Win7 x64的系统,安装了64为的mysql-connector-odbc-5.1.10-winx64.msi在数据源中test正常,但在powerdesigner连接Mysql总是弹出“ ...

  7. sharepoint权限操作(记录以备忘)

    using Microsoft.SharePoint; using System; using System.Collections.Generic; using System.Linq; using ...

  8. vmware 安装 Mac OS X 10.9 Mavericks

    This guide shows how to install fresh OS X 10.9 Mavericks on VMware workstation with Windows 7 or Wi ...

  9. iOS开发-UIImageView响应点击事件

    UIImageView是不能够响应点击事件的,在开发过程中我们需要经常对头像等添加点击事件,上网搜索一番后发现有如下两个方法: 1.找到点击图片Event,添加事件处理函数 UIImageView.u ...

  10. SaltStack 批量分发目录

    这里演示如何将 salt-master 上的目录批量分发到多台 salt-minion,步骤如下: [root@localhost ~]$ cat /srv/salt/top.sls # 先定义入口配 ...