Shulou(Shulou.com)06/01 Report--

This article focuses on "how to use self-signature to build a private Docker warehouse", interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "how to build a Docker private warehouse by self-signature".

Prepare the environment

Environment: two centos 7 virtual machines

"Server ip:10.57.220.244, used as a docker repository

"client ip:10.57.220.220, which uploads or pulls the image as the client

"Domain name: lpxxn.com

Docker version 17.03.0-ce has been installed on both machines

If you don't use a real domain name like me, you just need to modify the hosts file on the client.

Generate a self-signed certificate

Generate a self-signed certificate on the server host and create a folder to store the certificate

Mkdir-p certs

Generate a certificate

Openssl req-newkey rsa:4096-nodes-sha256-keyout certs/lpxxn.com.key-x509-days 365-out certs/lpxxn.com.crt

It should be noted that when filling in, common name and your domain name are the same.

You can see the two generated files in the ll certs folder.

Run the repository image. If there is no corresponding image locally, it will be downloaded from the docker server and then started. You can use the docker ps command to see if there is already a window running.

The copy code is as follows:

Docker run-d-p 5000 registry_http_tls_certificate=/home/certs/lpxxn.com.crt 5000-- restart=always-- name registry_https-v `pwd` / certs:/home/certs-e registry_http_tls_certificate=/home/certs/lpxxn.com.crt-e registry_http_tls_key=/home/certs/lpxxn.com.key registry:2

You can also specify the local directory to save the uploaded docker image.

The copy code is as follows:

Docker run-d-p 5000 name registry_https 5000-v `pwd` / dockerregister:/var/lib/registry-- restart=always-- name registry_https-v `pwd` / certs:/home/certs-e registry_http_tls_certificate=/home/certs/lpxxn.com.crt-e registry_http_tls_key=/home/certs/lpxxn.com.key registry:2

The server is ready to start at this point. The last step is to copy the generated lpxxn.com.crt to the client. You can copy it in your own way. The scp I use is copied to the / home/test directory first, and then to the / etc/pki/ca-trust/source/anchors directory.

Scp-r lpxxn.com.crt li@10.57.220.220:/home/test

Configure the client

Copy the lpxxn.com.crt generated on the server side to the / etc/pki/ca-trust/source/anchors directory of the client server, and ll check it.

Update the certificate and restart docker.

Update-ca-trustservice docker stop & & service docker start

Ok. Use curl to check the warehouse

Curl https://lpxxn.com:5000/v2/_catalog

It's ready for normal access. Use the docker command to upload and download again.

Use docker tag to mark the local mirror centos:6 as lpxxn.com:5000/centos6:1.0

Push to the warehouse.

Execute the push command

Docker push lpxxn.com:5000/centos6:1.0

View warehouse information

Use curl to check which images and versions are available in the repository

Curl https://lpxxn.com:5000/v2/_catalogcurl https://lpxxn.com:5000/v2/centos6/tags/list

Pull the image from the warehouse

Delete the local image first

Docker rmi lpxxn.com:5000/centos6:1.0docker rmi centos:6

Pull and then run

Docker pull lpxxn.com:5000/centos6:1.0

At this point, I believe you have a deeper understanding of "how to use self-signature to build a private Docker warehouse". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.