搭建环境:Debian 11 (bullseye)
1. 安装 docker 并配置镜像加速器
下载安装:https://docs.docker.com/engine/install/debian/
镜像加速器配置:https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors
2. 下载 registry 镜像
3. 配置 https 证书
# 创建证书存放目录
mkdir -p /opt/docker-registry/certs/
# 生成私钥 cd /opt/docker-registry/certs/ openssl genrsa 2048 >server.key # 生成证书请求文件 cat > csr.cnf <<END [req] default_bits = 2048 prompt = no default_md = sha256 distinguished_name = dn [dn] C = CN ST = Shanghai L = Shanghai O = demoduan OU = devan CN = registry.demoduan.com END openssl req -new -key server.key -config csr.cnf -out server.csr # 生成自签证书 openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt 4. 配置仓库登录帐密 # 创建账密存放目录 mkdir /opt/docker-registry/auth # 安装 htpasswd 命令
apt -y install apache2-utils
# 设置帐密
htpasswd -Bbn demoduan demoduan-registry >/opt/docker-registry/auth/htpasswd 5. 运行 registry 容器docker run --privileged -d -v /opt/docker-registry:/var/lib/registry:Z \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/var/lib/registry/certs/server.crt \
-e REGISTRY_HTTP_TLS_KEY=/var/lib/registry/certs/server.key \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/var/lib/registry/auth/htpasswd \
-p 5000:5000 --restart=always \
--name registry registry:latest
6. 登录查看 registry
在浏览器中输入:https://your_ip:5000
在命令行中查看 registry 中的镜像
7. registry 仓库上传下载镜像
8. 同网段安全访问
mkdir /etc/docker/certs.d/registry.demoduan.com:50000/ -p (同网段主机操作) scp /opt/docker-registry/certs/server.crt root@remote_host:/etc/docker/certs.d/registry.gzy.com:50000/ca.crt (docker-registry端操作) 标签:opt,私有,certs,registry,镜像,docker,REGISTRY From: https://www.cnblogs.com/demoduan/p/17366555.html