其他
Linux下Docker私有仓库2:配置TLS证书
先放个链接,万一有人关注呢
优质文章推荐
↓ ↓ ↓ ↓ ↓
[root@Docker-1 ~]# mkdir -p /opt/Docker/registry/certs
[root@Docker-1 ~]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout /opt/Docker/registry/certs/domain.key -x509 -days 365 -out /opt/Docker/registry/certs/domain.crt
Generating a 4096 bit RSA private key
.................................................++
..............................................................................................................................................................+
writing new private key to '/opt/Docker/registry/certs/domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
#输入两个字符的国家名,例如:中国的为CN
State or Province Name (full name) []:bj
#输入省份名称
Locality Name (eg, city) [Default City]:bj
#输入城市名称
Organization Name (eg, company) [Default Company Ltd]:
#输入公司名称
Organizational Unit Name (eg, section) []:
#输入部门名称
Common Name (eg, your name or your server's hostname) []:registry.Docker.com
#姓名,通常指证书名称
Email Address []:
#电子邮箱地址
[root@Docker-1 ~]# docker run -it -d \
> --name registry-TLS \
> -p 5000:5000 \
> -v /opt/Docker/registry/certs/:/certs \
> -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
> -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key registry
6f4f8bbc439201d318140726da8a294f1820c194260f256f9d1311fce6797d3c
[root@Docker-1 ~]# cat /etc/hosts
192.168.56.146 registry.Docker.com
[root@Docker-2 ~]# cat /etc/hosts
192.168.56.146 registry.Docker.com
#两台机器均已做好解析
[root@Docker-2 ~]# mkdir /etc/Docker/certs.d
[root@Docker-2 ~]# cd /etc/Docker/certs.d/
[root@Docker-2 certs.d]# mkdir registry.Docker.com:5000
[root@Docker-1 ~]# scp -r -p /opt/Docker/registry/certs/domain.crt \
> 192.168.56.147:/etc/Docker/certs.d/registry.Docker.com:5000/ca.crt
root@192.168.56.147's password:
domain.crt 100% 2000 1.1MB/s 00:00
[root@Docker-2 certs.d]# ls registry.Docker.com\:5000/
ca.crt
[root@Docker-2 ~]# docker tag busybox:latest registry.Docker.com:5000/busybox:latest
[root@Docker-2 ~]# docker push registry.Docker.com:5000/busybox:latest
The push refers to repository [registry.Docker.com:5000/busybox]
0b97b1c81a32: Pushed
latest: digest: sha256:f79f7a10302c402c052973e3fa42be0344ae6453245669783a9e16da3d56d5b4 size: 527
[root@Docker-2 ~]# curl -X GET https://registry.Docker.com:5000/v2/_catalog -k
{"repositories":["busybox"]}
[root@Docker-1 ~]# vim /etc/pki/tls/Openssl.cnf
[ v3_ca ]
subkectAltName = IP:192.168.56.146
[root@Docker-1 ~]# mkdir /opt/Docker/registry/auth
[root@Docker-1 ~]# docker run --entrypoint htpasswd registry -Bbn testuser testpassword > /opt/Docker/registry/auth/htpasswd
[root@Docker-1 ~]# docker run -d -it \
> --name registry-auth \
> -p 5000:5000 \
> -v /opt/Docker/registry/auth/:/auth \
> -e "REGISTRY_AUTH=htpasswd" \
> -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
> -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
> -v /opt/Docker/registry/certs:/certs \
> -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
> -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key registry
fc1df62e3e252a9cdcf1efad1a30db71b71e4b683f256649537863c15cba14ae
[root@Docker-2 ~]# docker push 192.168.56.146:5000/busybox
The push refers to repository [192.168.56.146:5000/busybox]
0b97b1c81a32: Preparing
no basic auth credentials
[root@Docker-2 ~]# docker login registry.Docker.com:5000
Username: testuser
Password:
Login Succeeded
[root@Docker-2 ~]# docker tag busybox:latest registry.Docker.com:5000/busybox
[root@Docker-2 ~]# docker push registry.Docker.com:5000/busybox
The push refers to repository [registry.Docker.com:5000/busybox]
0b97b1c81a32: Pushed
latest: digest: sha256:f79f7a10302c402c052973e3fa42be0344ae6453245669783a9e16da3d56d5b4 size: 527
未完待续。。。。。。
来不及解释了,快上车!(进群看公告)
欢迎新的小伙伴加入!在这里,我们鼓励大家积极参与群内讨论和交流,分享自己的见解和经验,一起学习和成长。同时,也欢迎大家提出问题和建议,让我们不断改进和完善这个平台。
↓↓↓ 点个在看,你最好看!