Docker镜像仓库(账号密码与Https访问)

说明:所有方括号[]中的内容,均需要替换为实际需要

一、安装仓库

1, 拉取镜像

docker pull registry

2,制作证书

如果有证书直接导入

mkdir /opt/certs
openssl req -newkey rsa:4096 -nodes -sha256 -keyout /opt/certs/dockerpull.key  -x509 -days 365 -out /opt/certs/dockerpull.crt

创建docker证书,其中域名、端口修改为自己的

mkdir /etc/docker/certs.d/[your-domain-name]
cp certs/dockerpull.crt  /etc/docker/certs.d/[your-domain-name]/ca.crt

ubantu的证书本机信任

cat certs/dockerpull.crt >> /etc/ssl/certs/ca-certificates.crt

3,创建账号密码

mkdir /opt/auth
echo "user:[your-user-name] passwd:[your-password]" >/opt/auth/htpasswd
docker run --entrypoint htpasswd registry:latest -Bbn [your-user-name] [your-password] >/opt/auth/htpasswd

不成功,可选:

htpasswd -Bbn [your-user-name] [your-password] >/opt/auth/htpasswd

创建名称为[your-registry-name]的仓库容器,数据卷挂载到本地;

导入证书、导入账号密码

docker run  -d -p 443:443 --restart=always --name [your-registry-name] -v `pwd`/opt/auth:/auth  -v /opt/docker/registry:/var/lib/registry -v /opt/certs/:/root/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/root/certs/dockerpull.crt  -e REGISTRY_HTTP_TLS_KEY=/root/certs/dockerpull.key  -e "REGISTRY_AUTH=htpasswd"  -e  "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm"   -e  REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd  registry

不带证书(可选)

docker run  -d -p 80:5000 --restart=always --name [your-registry-name] -v /opt/auth:/auth  -v /opt/docker/registry:/var/lib/registry  -e "REGISTRY_AUTH=htpasswd"  -e  "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm"   -e  REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd  registry

4,修改配置

vi /etc/docker/daemon.json

{
 "registry-mirrors": ["https://pee6w651.mirror.aliyuncs.com","http://hub-mirror.c.163.com"],
  "insecure-registries":["[your-domain-name]:80","192.168.X.X:80"]
}

5,重启

systemctl daemon-reload
systemctl restart docker

二、使用仓库

1,本地打包上传镜像

docker tag hello-world:latest [your-domain-name]/[your-project-name]/hello-world
docker push [your-domain-name]/[your-project-name]/hello-world

2,拉取镜像

docker login [your-domain-name]
username:[your-user-name]
pwd:[your-password]

docker pull [your-domain-name]/[your-project-name]/hello-world[version-可选]

3,Dotnet使用举例

Publish->Target->Docker Container Registry -> Other Docker Container Registry -> 仓库地址、账号、密码 -> Publish按钮
# docker # 安全
Logo
华为云开发者联盟

为开发者提供学习成长、分享交流、生态实践、资源工具等服务,帮助开发者快速成长。

更多推荐

cover

解锁HDC 2024之旅:从购票到报名,全程攻略

avatar 华为云开发者联盟
cover

从原始边列表到邻接矩阵Python实现图数据处理的完整指南

avatar 华为云开发者联盟
cover

华为云云原生FinOps解决方案,释放云原生最大价值

avatar 华为云开发者联盟