Docker镜像仓库(账号密码与Https访问)
搭建内部私有的镜像仓库,供开发、CI/CD、快速部署使用。通过账号密码的管理控制镜像的安全,能够对接阿里、AWS等连接到本地进行部署
·
Docker镜像仓库(账号密码与Https访问)
说明:所有方括号[]中的内容,均需要替换为实际需要
一、安装仓库
1, 拉取镜像
docker pull registry
2,制作证书
如果有证书直接导入
mkdir /opt/certs
openssl req -newkey rsa:4096 -nodes -sha256 -keyout /opt/certs/dockerpull.key -x509 -days 365 -out /opt/certs/dockerpull.crt
创建docker证书,其中域名、端口修改为自己的
mkdir /etc/docker/certs.d/[your-domain-name]
cp certs/dockerpull.crt /etc/docker/certs.d/[your-domain-name]/ca.crt
ubantu的证书本机信任
cat certs/dockerpull.crt >> /etc/ssl/certs/ca-certificates.crt
3,创建账号密码
mkdir /opt/auth
echo "user:[your-user-name] passwd:[your-password]" >/opt/auth/htpasswd
docker run --entrypoint htpasswd registry:latest -Bbn [your-user-name] [your-password] >/opt/auth/htpasswd
不成功,可选:
htpasswd -Bbn [your-user-name] [your-password] >/opt/auth/htpasswd
创建名称为[your-registry-name]的仓库容器,数据卷挂载到本地;
导入证书、导入账号密码
docker run -d -p 443:443 --restart=always --name [your-registry-name] -v `pwd`/opt/auth:/auth -v /opt/docker/registry:/var/lib/registry -v /opt/certs/:/root/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/root/certs/dockerpull.crt -e REGISTRY_HTTP_TLS_KEY=/root/certs/dockerpull.key -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
不带证书(可选)
docker run -d -p 80:5000 --restart=always --name [your-registry-name] -v /opt/auth:/auth -v /opt/docker/registry:/var/lib/registry -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
4,修改配置
vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://pee6w651.mirror.aliyuncs.com","http://hub-mirror.c.163.com"],
"insecure-registries":["[your-domain-name]:80","192.168.X.X:80"]
}
5,重启
systemctl daemon-reload
systemctl restart docker
二、使用仓库
1,本地打包上传镜像
docker tag hello-world:latest [your-domain-name]/[your-project-name]/hello-world
docker push [your-domain-name]/[your-project-name]/hello-world
2,拉取镜像
docker login [your-domain-name]
username:[your-user-name]
pwd:[your-password]
docker pull [your-domain-name]/[your-project-name]/hello-world[version-可选]
3,Dotnet使用举例
Publish->Target->Docker Container Registry -> Other Docker Container Registry -> 仓库地址、账号、密码 -> Publish按钮
更多推荐
已为社区贡献2条内容
所有评论(0)