# 服务端
# 拉去registry2.2镜像
docker pull registry:2.2

docker  --registry-mirror=http://4e53bc26.m.daocloud.io pull registry:2.2

# 创建证书
mkdir registry && cd registry && mkdir certs && cd certs
openssl req -x509 -days 3650 -subj '/CN=reg.ops.ac.cn/' -nodes -newkey rsa:2048 -keyout registry.key -out registry.crt

cd .. && mkdir auth
docker run --entrypoint htpasswd registry:2.3 -Bbn wangyongge 123123 >> auth/htpasswd
docker run --entrypoint htpasswd registry:2.3 -Bbn ops 123123 >> auth/htpasswd

# 启动docker registry。注意,数据目录是放在了 /data/docker/下面
docker run -d -p 5000:5000 --restart=always --name registry -v `pwd`/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -v `pwd`/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registry.crt -e REGISTRY_HTTP_TLS_KEY=/certs/registry.key -v /data:/var/lib/registry registry:2.3

# 确保registry是up状态
docker ps -a | grep registry

# 启动脚本
/data2/reg.ops.ac.cn/registry/start.sh

启动脚本,带有验证

#!/bin/bash

docker stop  registry
docker rm registry

docker run -d \
-p 5000:5000 \
--restart=always \
--name registry \
-v `pwd`/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-v `pwd`/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registry.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/registry.key \
-v /data:/var/lib/registry registry:2.3

启动脚本,不带有验证

#!/bin/bash

docker stop  registry
docker rm registry

docker run -d \
-p 5000:5000 \
--restart=always \
--name registry \
-v `pwd`/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registry.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/registry.key \
-v /data:/var/lib/registry registry:2.3

配置文件,for portus

version: 0.1
loglevel: debug
log:
  fields:
    service: registry
storage:
    cache:
        blobdescriptor: inmemory
    filesystem:
        rootdirectory: /var/lib/registry
http:
    addr: :5000
    headers:
        X-Content-Type-Options: [nosniff]
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3
auth:
  token:
    realm: http://portus.ops.ac.cn:3000/v2/token
    service: reg.ops.ac.cn:5000
    issuer: portus.ops.ac.cn
    rootcertbundle: /certs/registry.crt
notifications:
  endpoints:
    - name: portus
      url: http://portus.ops.ac.cn:3000/v2/webhooks/events
      timeout: 500ms
      threshold: 5
      backoff: 1s

客户端

# 客户端
mkdir -p /etc/docker/certs.d/reg.carson.com:5000

# 下载证书
scp -r root@192.168.1.10:~/registry/certs/registry.crt /etc/docker/certs.d/reg.carson.com:5000

# 登录验证
docker login reg.carson.com:5000

# 更改镜像tag
docker tag busybox reg.carson.com:5000/busybox:1.0

# 推送本地镜像到远端
docker push reg.carson.com:5000/busybox:1.0
Copyright © opschina.org 2017 with zzlyzq@gmail.com all right reserved,powered by Gitbook该文件修订时间: 2017-07-11 11:32:48

results matching ""

    No results matching ""