Shulou(Shulou.com)05/31 Report--

This article mainly explains "how to create a docker image repository for self-signed certificates". Interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let Xiaobian take you to learn "how to create docker image repository with self-signed certificate"!

First determine the hostname of your host

You can see it in/etc/hosts.

Assume here that your host name is docker.dev.com

Generate certificates using openssl

The certificate file is stored in the/data/certs directory. Note that this folder should be created first. It can also be placed elsewhere. Readers can feel free.

openssl req -newkey rsa:4096 -nodes -sha256 -keyout /data/certs/docker.dev.com.key -x509 -days 365 -out /data/certs/docker.dev.com.crt

Note Common Name Enter your domain name

Then start the registry mirror repository

Note that the mount directory is/data/certs, please change it to the path of your certificate, only then can you find the certificate inside the container.

If port number 443 is occupied, 8443 can be used.

docker run -d \

--restart=always \

--name registry8443 \

-v /data/certs:/certs \

-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \

-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/docker.dev.com.crt \

-e REGISTRY_HTTP_TLS_KEY=/certs/docker.dev.com.key \

-p 8443:443 \

registry:2.6.2

docker logs registry8443 to see if it starts properly

Then use docker to pull docker.dev.com:8443 inside the mirror or push mirror to the repository will prompt the certificate problem.

The next step is to configure the certificate trust. After configuration, you don't need to restart docker.

Rename docker.dev.com.crt copy to client.crt

Then under the/etc/docker/certs.d/folder, if there is no certs.d folder, create

Create a folder docker.dev.com:8443 inside

If the default port is 443, you don't need to add a port number, just put client.crt in the folder.

Then you can use the pull, push command to use the repository freely.

Note that if you need to push to this repository on other hosts, you need to add certificate trust under docker of the same host.

Also add the host domain name to etc/hosts, if there is a dns service discovery, you can ignore it.

At this point, I believe that everyone has a deeper understanding of "how to create a docker image repository for self-signed certificates". Let's actually operate it! Here is the website, more related content can enter the relevant channels for inquiry, pay attention to us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.