1. 安装docker引擎并启动docker服务
2. 生成自签证书,脚本如下crt.sh:
#!/bin/bash
# 生成自签证书脚本
#common name默认是主机名
#CN=`hostname`
CN=‘docker.repo‘
#证书名
CrtName=‘registry‘
mkdir certs;cd certs
openssl req -x509 -days 3650 -subj "/CN=${CN}/" -nodes -newkey rsa:4096 -sha256 -keyout ${CrtName}.key -out ${CrtName}.crt
3. 下载docker-compose(容器):
$ curl -L https://github.com/docker/compose/releases/download/1.7.0/run.sh > /usr/local/bin/docker-compose
4. 编写docker-compose.yml
registry_web:
image: ‘hyper/docker-registry-web‘
ports:
- "80:8080"
restart: always
links:
- registry
environment:
- REGISTRY_HOST=registry
- REGISTRY_PORT=5000
- TRUST_ANY_SSL=true
registry:
image: ‘registry:2.2.1‘
ports:
- "443:5000"
restart: always
volumes:
- ./certs:/certs
- /dockrepo:/var/lib/registry
environment:
- REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registry.crt
- REGISTRY_HTTP_TLS_KEY=/certs/registry.key
- REGISTRY_STORAGE_DELETE_ENABLED=true
5. docker-compose up -d
6. 客户端需要做的是:
1. 拷贝registry.crt到/etc/docker/certs.d/docker.repo(即证书创建时指定的CN)/
2. echo ‘registry_ip docker.repo‘ >> /etc/hosts
7. 推送和拉取镜像,eg:
docker push docker.repo/busybox
docker pull docker.repo/busybox
8. 可以通过浏览器来访问,查看registry里的镜像:
http://docker.repo/本文出自 “一切皆有可能” 博客,请务必保留此出处http://noican.blog.51cto.com/4081966/1769825
原文地址:http://noican.blog.51cto.com/4081966/1769825
