docker pull registry:22、创建相应文件夹
cd /root mkdir registry cd registry mkdir auth mkdir certs mkdir data3、设置密码
docker run --entrypoint htpasswd httpd:2 -Bbn lh kyyf2022 > htpasswd4、创建证书
cd certs/
sudo openssl req -subj '/C=CN/ST=GD/L=GZ/CN=IP地址'
-newkey rsa:4096 -nodes -sha256 -keyout /root/registry/certs/domain.key
-x509 -days 365 -out /root/registry/certs/domain.crt
查看证书有效期
openssl x509 -in domain.crt -noout -dates
5、编写docker-compose
cd /root/registry touch docker-compose.yml vi docker-compose.yml
version: '3.3'
services:
registry:
container_name: registry
restart: always
image: registry:2
ports:
- 443:443
environment:
REGISTRY_HTTP_ADDR: 0.0.0.0:443
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt
REGISTRY_HTTP_TLS_KEY: /certs/domain.key
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
volumes:
- /root/registry/data:/var/lib/registry
- /root/registry/certs:/certs
- /root/registry/auth:/auth
6、运行
docker-compose up -d
7、客户端添加信任方式一:
编辑daemon.json默认位置 /etc/docker/daemon.json
如果该daemon.json文件不存在,请创建它
{
"insecure-registries" : ["IP地址"]
}
重启docker
service docker restart
这种方式不是太好
启用不安全的注册表后,Docker 会执行以下步骤:
首先,尝试使用 HTTPS。
如果 HTTPS 可用但证书无效,则忽略证书错误。
如果 HTTPS 不可用,请回退到 HTTP。
docker login https://xxx.xxx.xxx.xxx
docker pull hello-world docker image ls docker image tag hello-world:latest xxx.xxx.xxx.xxx/hello-world:1.0 docker image ls docker push xxx.xxx.xxx.xxx/hello-world:1.0 docker pull xxx.xxx.xxx.xxx/hello-world:1.0
