构建私有docker仓库最佳解决方案
#拉取docker仓库镜像 docker pull registry:2.7.0 #创建临时文件夹(用于存储仓库所需密钥和证书以及挂载目录) mkdir -p /root/registry/auth /root/registry/certs /root/registry/share #生成仓库证书,master1为自定义的主机名,你可以直接使用IP地址 openssl req -x509 -days 3650 -subj '/CN=master1:5000/' -nodes -newkey rsa:2048 -keyout /root/registry/certs/domain.key -out /root/registry/certs/domain.crt #创建临时仓库容器,通过临时仓库容器内的密钥生成组件生成密钥 docker run --name registry --entrypoint htpasswd registry:2.7.0 -Bbn root Aa123456 > /root/registry/auth/htpasswd #删除临时仓库容器 docker rm -f registry #创建仓库容器 docker run -d -p 5000:5000 --restart always --name registry -v /root/registry/share:/var/lib/registry -v /root/registry/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -v /root/registry/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key registry:2.7.0 #创建仓库证书目录 mkdir -p /etc/docker/certs.d/master1:5000 #拷贝之前生成的证书到仓库证书目录中 cp /root/registry/certs/domain.crt /etc/docker/certs.d/master1:5000 #修改docker配置,注册私有仓库 vim /etc/docker/daemon.json { "exec-opts":["native.cgroupdriver=systemd"], "registry-mirrors":["https://6yu5a2i2.mirror.aliyuncs.com"], "insecure-registries":["master1:5000"] } #重载docker配置 systemctl reload docker #重启docker systemctl restart docker #拉取测试镜像 docker pull hello_world #重新指定测试镜像标签 docker tag hello_world master1:5000/hello_world #登录docker仓库 docker login master1:5000 #推送测试镜像到私有仓库 docker push master1:5000/hello_world #删除本地测试镜像 docker rmi master1:5000/hello_world #从私有仓库中重新拉取刚才推送的测试镜像 docker pull master1:5000/hello_world #查看当前本地镜像,如果成功,则表示从私有仓库中拉取测试镜像成功了 docker images #完结撒花