(转)部署 Docker Registry 服务
生成SSL证书
$ mkdir -p certs && openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt
Country Name (2 letter code) [XX]:CN // 国家代码
State or Province Name (full name) []:Guangdong // 省
Locality Name (eg, city) [Default City]:Guangzhou // 城市
Organization Name (eg, company) [Default Company Ltd]:dinghz // 组织或公司名
Organizational Unit Name (eg, section) []: // 不填
Common Name (eg, your name or your server’s hostname) []:docker.dinghz.com // 此处演示是通配符域名
Email Address []:admin@dinghz.com // 邮箱地址
配置身份验证
用户名:testuser 密码:testpassword
$ mkdir auth
$ docker run --entrypoint htpasswd registry:2 -Bbn testuser testpassword > auth/htpasswd
启动容器
$ docker run -d -p 5000:5000 --restart=always --name registry
-v pwd/auth:/auth
-e "REGISTRY_AUTH=htpasswd"
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm"
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
-v pwd/certs:/certs
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt
-e REGISTRY_HTTP_TLS_KEY=/certs/do main.key
registry:2
本地登录认证
$ docker login docker.dinghz.com:5000
测试
$ docker pull hello-world:latest
$ docker tag hello-world:latest docker.dinghz.com:5000/hello-world:latest
$ docker push docker.dinghz.com:5000/hello-world:latest
