CentOS7.2服务器上搭建Docker私有镜像仓库操作示例

本文实例讲述了CentOS7.2服务器上搭建 Docker私有镜像仓库操作。分享给大家供大家参考，具体如下：

鉴于国内pull镜像的速度较慢，很有必要搭建docker私有或者本地镜像仓库。

安装docker

1 2	`# yum -y install docker` `# systemctl start docker && systemctl enable docker`

使用自签名进行安全认证

创建存放证书和密钥的certs目录

1 2	`# mkdir -p /docker/certs` `# chcon -Rt svirt_sandbox_file_t /docker/certs/`

修改/etc/pki/tls/openssl.cnf配置文件

在该文件的[ v3_ca ]配置项中添加镜像仓库IP地址：

									[ v3_ca ]

									# Extensions for a typical CA

									subjectAltName = IP:192.168.120.128

生成证书和密钥

									# cd /docker && openssl req \

									-newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \

									-x509 -days 365 -out certs/domain.crt

									# mkdir -p /etc/docker/certs.d/192.168.120.128:5000/

									# cp certs/domain.crt /etc/docker/certs.d/192.168.120.128\:5000/ca.crt

创建存放镜像文件的后端存储

1 2	`# mkdir -p /docker/data/private_registry` `# chcon -Rt svirt_sandbox_file_t /docker/data/private_registry`

重新启动docker daemon

1	`# systemctl restart docker`

启动私有镜像仓库

									# docker run \

									-d \

									--name private_registry --restart=always \

									-u root \

									-p 5000:5000 \

									-v /docker/data/private_registry:/var/lib/registry \

									-v /docker/certs:/certs \

									-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \

									-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \

									registry:2

Docker加速器

该加速器可在pull镜像较慢时配置实用。

复制代码代码如下:

	# curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://c282dc88.m.daocloud.io

测试

本地测试

									# docker pull ubuntu

									# docker tag ubuntu 192.168.120.128:5000/ubuntu

									# docker pull 192.168.120.128:5000/ubuntu

									Using default tag: latest

									Trying to pull repository 192.168.120.128:5000/ubuntu ...

									latest: Pulling from 192.168.120.128:5000/ubuntu

									Digest: sha256:382452f82a8bbd34443b2c727650af46aced0f94a44463c62a9848133ecb1aa8

远程测试

在另一台主机上执行以下命令进行测试：

									# mkdir -p /etc/docker/certs.d/192.168.120.128:5000/

									# scp 192.168.120.128:/etc/docker/certs.d/192.168.120.128\:5000/ca.crt /etc/docker/certs.d/192.168.120.128\:5000/

									# systemctl restart docker

									# docker pull 192.168.120.128:5000/ubuntu

									Using default tag: latest

									Trying to pull repository 192.168.120.128:5000/ubuntu ...

									latest: Pulling from 192.168.120.128:5000/ubuntu

									b6f892c0043b: Pull complete

									55010f332b04: Pull complete

									2955fb827c94: Pull complete

									3deef3fcbd30: Pull complete

									cf9722e506aa: Pull complete

									Digest: sha256:382452f82a8bbd34443b2c727650af46aced0f94a44463c62a9848133ecb1aa8

希望本文所述对大家Docker容器使用有所帮助。

原文链接：https://blog.csdn.net/u012066426/article/details/72768229

CentOS7.2服务器上搭建Docker私有镜像仓库操作示例

相关文章

热门资讯