其他
Linux下Docker私有仓库2:配置TLS证书
先放个链接,万一有人关注呢
优质文章推荐
↓ ↓ ↓ ↓ ↓
[root@Docker-1 ~]# mkdir -p /opt/Docker/registry/certs[root@Docker-1 ~]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout /opt/Docker/registry/certs/domain.key -x509 -days 365 -out /opt/Docker/registry/certs/domain.crtGenerating a 4096 bit RSA private key.................................................++..............................................................................................................................................................+writing new private key to '/opt/Docker/registry/certs/domain.key'-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [XX]:CN#输入两个字符的国家名,例如:中国的为CNState or Province Name (full name) []:bj#输入省份名称Locality Name (eg, city) [Default City]:bj#输入城市名称Organization Name (eg, company) [Default Company Ltd]:#输入公司名称Organizational Unit Name (eg, section) []:#输入部门名称Common Name (eg, your name or your server's hostname) []:registry.Docker.com#姓名,通常指证书名称Email Address []:#电子邮箱地址[root@Docker-1 ~]# docker run -it -d \ > --name registry-TLS \ > -p 5000:5000 \ > -v /opt/Docker/registry/certs/:/certs \ > -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ > -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key registry 6f4f8bbc439201d318140726da8a294f1820c194260f256f9d1311fce6797d3c[root@Docker-1 ~]# cat /etc/hosts 192.168.56.146 registry.Docker.com [root@Docker-2 ~]# cat /etc/hosts 192.168.56.146 registry.Docker.com #两台机器均已做好解析 [root@Docker-2 ~]# mkdir /etc/Docker/certs.d [root@Docker-2 ~]# cd /etc/Docker/certs.d/ [root@Docker-2 certs.d]# mkdir registry.Docker.com:5000[root@Docker-1 ~]# scp -r -p /opt/Docker/registry/certs/domain.crt \> 192.168.56.147:/etc/Docker/certs.d/registry.Docker.com:5000/ca.crtroot@192.168.56.147's password: domain.crt 100% 2000 1.1MB/s 00:00 [root@Docker-2 certs.d]# ls registry.Docker.com\:5000/ca.crt[root@Docker-2 ~]# docker tag busybox:latest registry.Docker.com:5000/busybox:latest[root@Docker-2 ~]# docker push registry.Docker.com:5000/busybox:latestThe push refers to repository [registry.Docker.com:5000/busybox]0b97b1c81a32: Pushed latest: digest: sha256:f79f7a10302c402c052973e3fa42be0344ae6453245669783a9e16da3d56d5b4 size: 527[root@Docker-2 ~]# curl -X GET https://registry.Docker.com:5000/v2/_catalog -k{"repositories":["busybox"]}[root@Docker-1 ~]# vim /etc/pki/tls/Openssl.cnf[ v3_ca ]subkectAltName = IP:192.168.56.146[root@Docker-1 ~]# mkdir /opt/Docker/registry/auth[root@Docker-1 ~]# docker run --entrypoint htpasswd registry -Bbn testuser testpassword > /opt/Docker/registry/auth/htpasswd[root@Docker-1 ~]# docker run -d -it \> --name registry-auth \> -p 5000:5000 \> -v /opt/Docker/registry/auth/:/auth \> -e "REGISTRY_AUTH=htpasswd" \> -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \> -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \> -v /opt/Docker/registry/certs:/certs \> -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \> -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key registryfc1df62e3e252a9cdcf1efad1a30db71b71e4b683f256649537863c15cba14ae[root@Docker-2 ~]# docker push 192.168.56.146:5000/busyboxThe push refers to repository [192.168.56.146:5000/busybox]0b97b1c81a32: Preparing no basic auth credentials[root@Docker-2 ~]# docker login registry.Docker.com:5000Username: testuserPassword: Login Succeeded[root@Docker-2 ~]# docker tag busybox:latest registry.Docker.com:5000/busybox[root@Docker-2 ~]# docker push registry.Docker.com:5000/busyboxThe push refers to repository [registry.Docker.com:5000/busybox]0b97b1c81a32: Pushed latest: digest: sha256:f79f7a10302c402c052973e3fa42be0344ae6453245669783a9e16da3d56d5b4 size: 527未完待续。。。。。。
来不及解释了,快上车!(进群看公告)
欢迎新的小伙伴加入!在这里,我们鼓励大家积极参与群内讨论和交流,分享自己的见解和经验,一起学习和成长。同时,也欢迎大家提出问题和建议,让我们不断改进和完善这个平台。
↓↓↓ 点个在看,你最好看!