1. registry 服务器 上的配置
# 1. 生成自签名证书
mkdir -p certs
openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 36500 -out certs/domain.crt # 一路回车,等到 Common Name (eg, your name or your server's hostname) []: 时输入域名比如 xview.registry.local 然后回车到结束
# 2. 启动docker registry服务
docker run -d --restart=always --name registry -v "$(pwd)"/certs:/certs -v /mnt/registry:/var/lib/registry -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key -p 443:443 registry:2
# 3. 在想要连接此 registry 的服务器上配置 hosts
echo "10.221.127.236 xview.registry.local" >> /etc/hosts # 10.221.127.236 为 registry 服务器的IP
# 4. 拷贝证书到指定目录,使docker信任该证书 (该路径与证书域名有关,请按实际域名创建证书拷贝路径)
mkdir -p /etc/docker/certs.d/xview.registry.local
cp certs/domain.crt /etc/docker/certs.d/xview.registry.local/ca.crt
# 5. 配置 /etc/docker/daemon.json 内容如下
{
"insecure-registries": ["xview.registry.local"]
}
# 6. 验证服务可用性
docker images # 假设有镜像 xview-api:1.0.4
docker tag xview-api:1.0.4 xview.registry.local/xview-api:1.0.4 # 给镜像打个 tag
docker push xview.registry.local/xview-api:1.0.4 # 将此镜像推到了 registry
2. client 端服务器配置
# 1. 在想要连接此 registry 的服务器上配置 hosts
echo "10.221.127.236 xview.registry.local" >> /etc/hosts # 10.221.127.236 为 registry 服务器的IP
# 2. 配置 /etc/docker/daemon.json 内容如下
{
"insecure-registries": ["xview.registry.local"]
}
# 3. 验证服务可用性
curl -k https://xview.registry.local:/v2/_catalog # 查看 registry 上有多少个镜像
curl -k https://xview.registry.local:/v2/xview-api/tags/list # 查看指定镜像 xview-api 的 tags
docker pull xview.registry.local/xview-api:1.0.4 # 拉取镜像
标签:xview,api,certs,registry,https,docker,local From: https://www.cnblogs.com/aaron-agu/p/18059545