CentOs7 docker1.9 通过SSL把镜像上传到仓库
实现在仓库主机本机上通过SSL的方式把镜像上传到本机仓库Server端:
1.生成证书
1
rancher@test.registry.com:~$ sudo openssl req -x509 -nodes -days 365-subj '/CN='test.registry.com-newkey rsa:4096 -keyout certs/domain.key -out certs/domain.crt #把证书生成到certs目录下,生成一个test.registry.com域名证书
2.启动容器
1
2
3
4
5
6
rancher@test.registry.com:~$ docker run -d -p 5000:5000 --restart=always \
--name registry-v `pwd`/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
-v /images/:/var/lib/registry \
registry:2.1.1
3.测试
1
2
rancher@test.registry.com:~$ curl --cacert /etc/docker/certs.d/193.registry.com\:5000/domain.crt -XGET
{"repositories":["registry"]}
Client端
1.把证书移动到对应目录里
1
2
rancher@test.registry.com:~$ mkdir -p /etc/docker/certs.d/test.registry.com:5000/
rancher@test.registry.com:~$ cp certs/domain.crt /etc/docker/certs.d/test.registry.com:5000/.
2.把要上传到仓库的镜像打个标签
1
rancher@test.registry.com:~$ docker tag busyboxtest.registry.com:5000/busybox
3.上传到仓库,无需修改配置文件
1
rancher@test.registry.com:~$ dockerpulltest.registry.com:5000/busybox
脚本实现所有步骤
1
2
3
4
5
6
7
8
9
10
11
12
13
#!/bin/bash
ip_1=`ifconfig eth0|grep inet|awk '{print $2}' |head -1|awk -F ':' '{print $2}'`
ip=`ifconfig eth0|grep inet|awk '{print $2}' |head -1|awk -F ':' '{print $2}'|awk -F '.''{print $4}'`
sudochmod777 /etc/hostname
sudo echo $ip.registry.com > /etc/hostname
sudo hostname$ip.registry.com
sudo mkdircerts
sudo openssl req -x509 -nodes -days 365-subj '/CN='$ip'.registry.com'-newkey rsa:4096 -keyout certs/domain.key -out certs/domain.crt
sudo chmod -R777 /etc/docker
sudo mkdir -p /etc/docker/certs.d/$ip.registry.com:5000
sudo cp certs/domain.crt/etc/docker/certs.d/$ip.registry.com:5000/.
sudo docker run -d -p 5000:5000 --restart=always--name registry-v `pwd`/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key -v /images/:/var/lib/registry registry:2.1.1
sudochmod777 /etc/hosts
页:
[1]