CentOs7 docker1.9 通过SSL把镜像上传到仓库

2eew

实现在仓库主机本机上通过SSL的方式把镜像上传到本机仓库

Server端：
1.生成证书

1	rancher@test.registry.com:~$ sudo openssl req -x509 -nodes -days 365  -subj '/CN='test.registry.com  -newkey rsa:4096 -keyout certs/domain.key -out certs/domain.crt #把证书生成到certs目录下，生成一个test.registry.com域名证书

2.启动容器

1 2 3 4 5 6

rancher@test.registry.com:~$ docker run -d -p 5000:5000 --restart=always \ --name registry  -v `pwd`/certs:/certs \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \ -v /images/:/var/lib/registry \ registry:2.1.1

3.测试

1 2	rancher@test.registry.com:~$ curl --cacert /etc/docker/certs.d/193.registry.com\:5000/domain.crt -XGET {"repositories":["registry"]}

Client端
1.把证书移动到对应目录里

1 2	rancher@test.registry.com:~$ mkdir -p /etc/docker/certs.d/test.registry.com:5000/ rancher@test.registry.com:~$ cp certs/domain.crt   /etc/docker/certs.d/test.registry.com:5000/.

2.把要上传到仓库的镜像打个标签

1	rancher@test.registry.com:~$ docker tag busybox  test.registry.com:5000/busybox

3.上传到仓库，无需修改配置文件

1	rancher@test.registry.com:~$ docker  pull  test.registry.com:5000/busybox

脚本实现所有步骤

1 2 3 4 5 6 7 8 9 10 11 12 13

#!/bin/bash ip_1=`ifconfig eth0  |grep inet|awk '{print $2}' |head -1|awk -F ':' '{print $2}'` ip=`ifconfig eth0  |grep inet|awk '{print $2}' |head -1|awk -F ':' '{print $2}'|awk -F '.'  '{print $4}'` sudo  chmod  777 /etc/hostname sudo echo $ip.registry.com > /etc/hostname sudo hostname  $ip.registry.com sudo mkdir  certs sudo openssl req -x509 -nodes -days 365  -subj '/CN='$ip'.registry.com'  -newkey rsa:4096 -keyout certs/domain.key -out certs/domain.crt sudo chmod -R  777   /etc/docker sudo mkdir -p /etc/docker/certs.d/$ip.registry.com:5000 sudo cp certs/domain.crt  /etc/docker/certs.d/$ip.registry.com:5000/. sudo docker run -d -p 5000:5000 --restart=always  --name registry  -v `pwd`/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key -v /images/:/var/lib/registry registry:2.1.1 sudo  chmod  777 /etc/hosts