Deploying docker registry v2

生成证书

openssl genrsa -out mydomain.key 2048

生成秘钥

openssl req -newkey rsa:4096 -nodes -sha256 -keyout mydomain.key -x509 -days 365 -out mydomain.crt

将生成的秘钥放置在所有将要pull镜像的docker服务器的目录/etc/docker/certs.d/mydomain/下
scp mydomain.crt xxx@xxx:/etc/docker/certs.d/mydomain/
注意：放置好秘钥文件后记得重启所在机器的docker-daemin

生成账户密码文件

docker run --entrypoint htpasswd registry:2.2 -Bbn tester 123456 > auth/htpasswd;

运行registry

docker run -d -p 6000:5000 --restart=always --name registry \
  -v `pwd`/auth:/auth \
  -e "REGISTRY_AUTH=htpasswd" \
  -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
  -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
  -v `pwd`/certs:/certs \
  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/mydomain.crt \
  -e REGISTRY_HTTP_TLS_KEY=/certs/mydomain.key \
  registry:2.5.1

登陆 docker login xxx:6000


参考

https://docs.docker.com/registry/insecure/#using-self-signed-certificates
https://docs.docker.com/registry/deploying/#running-a-domain-registry
http://www.cnblogs.com/modprobe/p/6026033.html

posted @ 2017-04-20 17:30 xuchenCN 阅读(182) 评论(0) 编辑收藏举报

Deploying docker registry v2

公告