1.环境:

[root@docker02 anchors]# cat /etc/redhat-release

CentOS Linux release 7.3.1611 (Core) 
[root@docker02 anchors]# docker info

Containers:

 Running:

 Paused:

 Stopped:

Images:

Server Version: 17.03.1-ce
.....
10.60.10.39     docker01.lo   -->仓库

10.60.10.40     docker02.lo   -->客户端
10.60.10.41     docker03.lo   -->客户端

2.仓库配置https认证

a.配置hosts文件

[root@docker01 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.60.10.39 docker01.lo
10.60.10.40 docker02.lo
10.60.10.41 docker03.lo

b.生成证书

[root@docker01 ~]# cd /etc/docker/

[root@docker01 docker]# mkdir certs
#切到docker配置文件目录,新建certs目录。
[root@docker01 docker]# openssl req -newkey rsa: -nodes -sha256 -keyout certs/docker01.lo.key -x509 -days  -out certs/docker01.lo.crt

Generating a  bit RSA private key

..........................................................................................................................................................................................................................................................................++

..............++

writing new private key to 'certs/docker01.lo.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name ( letter code) [XX]:CN

State or Province Name (full name) []:ZJ

Locality Name (eg, city) [Default City]:HZ

Organization Name (eg, company) [Default Company Ltd]:ZX

Organizational Unit Name (eg, section) []:ZX

Common Name (eg, your name or your server's hostname) []:docker01.lo

Email Address []:TEST@.com

注意,以上红色字体的三处关键字要一致,这里我用得是仓库主机的主机名。

[root@docker01 docker]# ll certs/

total

-rw-r--r--.  root root  Jun  : docker01.lo.crt

-rw-r--r--.  root root  Jun  : docker01.lo.key

3.运行registry容器

docker run -d -P -it -p : --restart=always  --name registry_https01 -v `pwd`/certs:/etc/docker/certs/ -e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/docker/certs/docker01.lo.crt  -e REGISTRY_HTTP_TLS_KEY=/etc/docker/certs/docker01.lo.key registry
[root@docker01 docker]# docker ps -a

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES

4b10b23f3dd0        registry            "/entrypoint.sh /e..."    seconds ago      Up  seconds       0.0.0.0:->/tcp   registry_https01
[root@docker01 docker]# netstat -ntpl

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name

tcp               0.0.0.0:              0.0.0.0:*               LISTEN      /sshd

tcp               127.0.0.1:            0.0.0.0:*               LISTEN      /master

tcp6              :::                   :::*                    LISTEN      /sshd

tcp6              :::                  :::*                    LISTEN      /master

tcp6              :::                 :::*                    LISTEN      /dockerd

tcp6              :::                 :::*                    LISTEN      /docker-proxy

tcp6              :::                 :::*                    LISTEN      /dockerd

tcp6              :::                 :::*                    LISTEN      /dockerd

4.配置客户端( 需要配置hosts文件如步骤2-a)

a.远程拷贝docker01.lo.crt到客户端/etc/pki/ca-trust/source/anchors目录下

[root@docker01 docker]# scp certs/docker01.lo.crt 10.60.10.40:/etc/pki/ca-trust/source/anchors

root@10.60.10.40's password:

docker01.lo.crt                                                                                                                                            %      .0KB/s   :

[root@docker01 docker]# scp certs/docker01.lo.crt 10.60.10.41:/etc/pki/ca-trust/source/anchors

root@10.60.10.41's password:

docker01.lo.crt                                                                                                                                            %      .0KB/s   :

b.更新证书

[root@docker02 ~]# cd /etc/pki/ca-trust/source/anchors

[root@docker02 anchors]# update-ca-trust
[root@docker03 ~]# cd /etc/pki/ca-trust/source/anchors

[root@docker03 anchors]# update-ca-trust

c.上传image

[root@docker02 anchors]# docker images

REPOSITORY              TAG                 IMAGE ID            CREATED             SIZE

nginx                   latest              958a7ae9e569         weeks ago          MB

swarm                   latest              36b1e23becab         months ago        15.9 MB

centos                  6.8                 0cd976dc0a98         months ago         MB
[root@docker02 anchors]# docker tag centos:6.8 docker01.lo:/centos:6.8

[root@docker02 anchors]# docker push docker01.lo:/centos

The push refers to a repository [docker01.lo:/centos]

  b1b065555b8a: Pushed

6.8: digest: sha256:c338f851dc6520fc3f7ece01e4fbe207eaa78b775a0738f2bfdd6f36144e6b8a size: 
[root@docker02 anchors]# curl https://docker01.lo:5000/v2/_catalog

{"repositories":["centos"]}

-----------------------------------------------------------------------------

[root@docker03 anchors]# docker images

REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE

ubuntu              latest              7b9b13f7b9c0         weeks ago          MB

nginx               latest              958a7ae9e569         weeks ago          MB

swarm               latest              36b1e23becab         months ago        15.9 MB

centos              6.8                 0cd976dc0a98         months ago         MB
[root@docker03 anchors]# docker tag ubuntu docker01.lo:5000/ubuntu
[root@docker03 anchors]# docker push docker01.lo:/ubuntu

The push refers to a repository [docker01.lo:/ubuntu]

d8b353eb3025: Pushed

f2e85bc0b7b1: Pushed

fc9e1e5e38f7: Pushed

fe9a3f9c4559: Pushed

6a8bf8c8edbd: Pushed

latest: digest: sha256:ea1d854d38be82f54d39efe2c67000bed1b03348bcc2f3dc094f260855dff368 size: 
[root@docker03 anchors]# curl https://docker01.lo:5000/v2/_catalog

{"repositories":["centos","ubuntu"]}

d.下载image

[root@docker02 anchors]# docker images

REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE

nginx                     latest              958a7ae9e569         weeks ago          MB

swarm                     latest              36b1e23becab         months ago        15.9 MB

centos                    6.8                 0cd976dc0a98         months ago         MB

docker01.lo:/centos   6.8                 0cd976dc0a98         months ago         MB
[root@docker02 anchors]# docker pull docker01.lo:/ubuntu

Using default tag: latest

latest: Pulling from ubuntu

bd97b43c27e3: Pull complete

6960dc1aba18: Pull complete

2b61829b0db5: Pull complete

1f88dc826b14: Pull complete

73b3859b1e43: Pull complete

Digest: sha256:ea1d854d38be82f54d39efe2c67000bed1b03348bcc2f3dc094f260855dff368

Status: Downloaded newer image for docker01.lo:/ubuntu:latest
[root@docker02 anchors]# docker images

REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE

docker01.lo:/ubuntu   latest              7b9b13f7b9c0         weeks ago          MB

nginx                     latest              958a7ae9e569         weeks ago          MB

swarm                     latest              36b1e23becab         months ago        15.9 MB

centos                    6.8                 0cd976dc0a98         months ago         MB

docker01.lo:/centos   6.8                 0cd976dc0a98         months ago         MB

-------------------------------------------------

[root@docker03 anchors]# docker images

REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE

docker01.lo:/ubuntu   latest              7b9b13f7b9c0         weeks ago          MB

ubuntu                    latest              7b9b13f7b9c0         weeks ago          MB

nginx                     latest              958a7ae9e569         weeks ago          MB

swarm                     latest              36b1e23becab         months ago        15.9 MB

centos                    6.8                 0cd976dc0a98         months ago         MB
[root@docker03 anchors]# docker pull docker01.lo:/centos:6.8

6.8: Pulling from centos

Digest: sha256:c338f851dc6520fc3f7ece01e4fbe207eaa78b775a0738f2bfdd6f36144e6b8a

Status: Downloaded newer image for docker01.lo:/centos:6.8
[root@docker03 anchors]# docker images

REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE

docker01.lo:/ubuntu   latest              7b9b13f7b9c0         weeks ago          MB

ubuntu                    latest              7b9b13f7b9c0         weeks ago          MB

nginx                     latest              958a7ae9e569         weeks ago          MB

swarm                     latest              36b1e23becab         months ago        15.9 MB

centos                    6.8                 0cd976dc0a98         months ago         MB

docker01.lo:/centos   6.8                 0cd976dc0a98         months ago         MB

5.问题解决:

[root@docker03 anchors]# docker push docker01.lo:5000/centos
The push refers to a repository [docker01.lo:5000/centos]
Get https://docker01.lo:5000/v1/_ping: x509: certificate signed by unknown authority

如碰到上述问题:

[root@docker03 anchors]# cat docker01.l.crt >> /etc/pki/tls/certs/ca-bundle.crt

[root@docker03 anchors]# update-ca-trust
[root@docker03 anchors]# systemctl restart docker

centos7搭建docker私有仓库的更多相关文章

  1. CentOS7搭建Docker私有仓库----Docker

    有时候使用Docker Hub这样的公共仓库可能不方便,这种情况下用户可以使用registry创建一个本地仓库供私人使用,这点跟Maven的管理类似.目前Docker Registry已经升级到了v2 ...

  2. 一步步搭建docker私有仓库并从私有仓库中下载镜像

    一步步搭建docker私有仓库 #下载镜像 docker pull registry#查看镜像 docker images #运行私有仓库,指定端口和数据卷 docker run -d -p : -v ...

  3. 搭建docker私有仓库

    保存镜像的地方成为仓库(registry).目前有2种仓库:公共仓库和私有仓库. 最方便的是使用公共仓库上传和下载镜像,下载不需要注册,上传需要到公共仓库注册.公共仓库网站:https://hub.d ...

  4. Centos7搭建Harbor私有仓库(二)

    1 说明 前文Centos7搭建Harbor私有仓库(一)中成功搭建了Harbor,但,是以http方式搭建的,这里我们修改为https方式 以下基于镜像CentOS-7-x86_64-Minimal ...

  5. windows 环境下搭建docker私有仓库

    windows 环境下搭建docker私有仓库 1.在公用仓库中pull仓库镜像 docker pull regitry 2.启动仓库镜像 //-d意思是后台运行,-p是做端口映射,这里是将本地的50 ...

  6. Docker自学纪实(六)搭建docker私有仓库

    docker的镜像仓库分两种:一种是从官方公有仓库拉取:还有就是自己搭建私有仓库.官方的镜像仓库是面对整个应用市场的:私有仓库一般用于公司内部,就是公司项目自身所需的镜像.搭建私有仓库有什么好处?私有 ...

  7. 搭建docker私有仓库,建立k8s集群

    服务器IP角色分布 192.168.5.2 etcd server 192.168.5.2 kubernetes master 192.168.5.3 kubernetes node 192.168. ...

  8. 手把手教你搭建Docker私有仓库

    章节一:centos7 docker安装和使用_入门教程 章节二:使用docker部署Asp.net core web应用程序 有了前面的基础,接下来的操作就比较简单了.先准备两台虚拟机,两台机器上都 ...

  9. 03搭建docker私有仓库

    搭建docker私仓,可以使用docker官方提供的registry镜像.该镜像目前有2.0,2.3和2.3.1版本.它只与1.6.0以上版本的docker兼容.搭建私仓的步骤如下: 一:无代理.无认 ...

随机推荐

  1. VCard介绍

    91助手和豌豆荚用VCard来存储通讯录,今天调查了一下. 1. 方案 使用VCard存储通讯录,文件扩展名为 vcf,  数据文件可以直接导入IPhone/Windows Phone/android ...

  2. springmvc+jquery实现省市区地址下拉框联动

    参考资料:http://www.cnblogs.com/whgw/archive/2012/05/11/2496667.html 1.jsp页面实现 <%@ page language=&quo ...

  3. Chrome扩展应用

    现在越来越多的用户将chrome浏览器设置为自己默认的浏览器,不仅是因为他的界面美,最重要的是他对html5和CSS3完美的支持,且调试工具非常好用,还有丰富的扩展库.如何安装自己的扩展呢? 点击自定 ...

  4. highcharts图表中级入门:非histock图表的highcharts图表如何让图表产生滚动条

    最近highcharts图表讨论群里面很多朋友都在问如何让highcharts图表在X轴数据多的情况下产生滚动条的问题,其实之前有一个解决办法是将装载图表的div容器用css样式表弄一个滚动条出来.这 ...

  5. c# 匿名反序列化

    1.先new一个匿名对象,然后再反序列化好处是能点点点,坏处是得先new匿名对象 2.借用Newtonsoft.Json.Linq.JObject.Parse,好处是不需要new匿名对象,坏处是不能点 ...

  6. OC中Runtime浅析

    近期了解了一下OC的Runtime,真的是OC中非常强大的一个机制,看起来比較底层,但事实上能够有非常多活用的方式. 什么是Runtime 我们尽管是用Objective-C写的代码,事实上在运行过程 ...

  7. Java重定向输出流实现程序日志

    创建一个类,在该类的main主方法中,保存System类的out成员变量为临时变量,然后创建一个新的文件输出流,并把这个输出流设置为System类新的输出流.在程序关键位置输出调试信息,这些调试信息将 ...

  8. 【Access2007】将Excel表导入至Access2007的当中一张已存在的表之中

    将Excel表导入至Access2007,你会发现万恶的Access2007会帮你自己主动创建一张表.全然没有问你是否要插入一张已存在的表之中. 那么,我们须要这样解决: 一.依照正常的步骤先将Exc ...

  9. 【数据分析】Superset 之四 直接安装

    apt install python-pip pip install --upgrade pip apt-get install build-essential libssl-dev libffi-d ...

  10. Webgoat学习笔记

    Webgoat 分为简单版和开发版,具体版本及安装方法详见:https://github.com/WebGoat/WebGoat 本机环境为:Windows+Tomcat,故下载war包,自动解压缩进 ...