|
实现在仓库主机本机上通过SSL的方式把镜像上传到本机仓库
Server端:
1.生成证书
1
| rancher@test.registry.com:~$ sudo openssl req -x509 -nodes -days 365 -subj '/CN='test.registry.com -newkey rsa:4096 -keyout certs/domain.key -out certs/domain.crt #把证书生成到certs目录下,生成一个test.registry.com域名证书
|
2.启动容器
1
2
3
4
5
6
| rancher@test.registry.com:~$ docker run -d -p 5000:5000 --restart=always \
--name registry -v `pwd`/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
-v /images/:/var/lib/registry \
registry:2.1.1
|
3.测试
1
2
| rancher@test.registry.com:~$ curl --cacert /etc/docker/certs.d/193.registry.com\:5000/domain.crt -XGET
{"repositories":["registry"]}
|
Client端
1.把证书移动到对应目录里
1
2
| rancher@test.registry.com:~$ mkdir -p /etc/docker/certs.d/test.registry.com:5000/
rancher@test.registry.com:~$ cp certs/domain.crt /etc/docker/certs.d/test.registry.com:5000/.
|
2.把要上传到仓库的镜像打个标签
1
| rancher@test.registry.com:~$ docker tag busybox test.registry.com:5000/busybox
|
3.上传到仓库,无需修改配置文件
1
| rancher@test.registry.com:~$ docker pull test.registry.com:5000/busybox
|
脚本实现所有步骤
1
2
3
4
5
6
7
8
9
10
11
12
13
| #!/bin/bash
ip_1=`ifconfig eth0 |grep inet|awk '{print $2}' |head -1|awk -F ':' '{print $2}'`
ip=`ifconfig eth0 |grep inet|awk '{print $2}' |head -1|awk -F ':' '{print $2}'|awk -F '.' '{print $4}'`
sudo chmod 777 /etc/hostname
sudo echo $ip.registry.com > /etc/hostname
sudo hostname $ip.registry.com
sudo mkdir certs
sudo openssl req -x509 -nodes -days 365 -subj '/CN='$ip'.registry.com' -newkey rsa:4096 -keyout certs/domain.key -out certs/domain.crt
sudo chmod -R 777 /etc/docker
sudo mkdir -p /etc/docker/certs.d/$ip.registry.com:5000
sudo cp certs/domain.crt /etc/docker/certs.d/$ip.registry.com:5000/.
sudo docker run -d -p 5000:5000 --restart=always --name registry -v `pwd`/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key -v /images/:/var/lib/registry registry:2.1.1
sudo chmod 777 /etc/hosts
|
|
|
|
|
|
|
|