【docker】私有仓库搭建

主要参考：http://blog.csdn.net/gqtcgq/article/details/51163558

 

假设我们在1.1.1.1:5000上搭建私人仓库，并在2.2.2.2上访问这个私人仓库，开启tls认证。

1. 在1.1.1.1上打开/etc/pki/tls/openssl.cnf，里面[ v3_ca ]上添加选项

[ v3_ca ]
subjectAltName = IP:1.1.1.1

 

2. 在1.1.1.1生成证书

mkdir -p /opt/docker/registry/certs  
  
openssl req -x509 -days 3650 -nodes -newkey rsa:2048 \  
-keyout /opt/docker/registry/certs/1_1_1_1.key \  
-out /opt/docker/registry/certs/1_1_1_1.crt  
...  
Country Name (2 letter code) [XX]:  
State or Province Name (full name) []:  
Locality Name (eg, city) [Default City]:  
Organization Name (eg, company) [Default Company Ltd]:  
Organizational Unit Name (eg, section) []:  
Common Name (eg, your name or your server's hostname) []:1.1.1.1:5000  
Email Address []:  

 

3. 创建私人仓库容器

docker run \  
-d \  
--name docker-registry-no-proxy  --restart=always \  
-v /opt/docker/registry/data:/var/lib/registry \  
-u root \  
-p 1.1.1.1:5000:5000 \  
-v /opt/docker/registry/certs:/certs \  
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/1_1_1_1.crt \  
-e REGISTRY_HTTP_TLS_KEY=/certs/1_1_1_1.key \  
registry

 

4. 拷贝证书到指定位置， 1.1.1.1和2.2.2.2上都要做 (有这个证书的机器才能访问搭建的私人仓库)

mkdir -p /etc/docker/certs.d/1.1.1.1:5000/

cp /opt/docker/registry/certs/1_1_1_1.crt /etc/docker/certs.d/1.1.1.1:5000/

 

5. 上传镜像my_image,先将镜像打上带仓库地址的标签，然后push

docker tag my_image 1.1.1.1:5000/my_image
docker push 1.1.1.1:5000/my_image

 

6. 下载镜像

docker pull 1.1.1.1:5000/my_image