1、准备工作
先准备好域名:dockerhub.testfit.com 和安装好Docker-CE,安装Docker-CE,这里dockerhub为testfit.com的子域名。
2、Ceonts7下自制证书:
mkdir -p /app/docker-registry
cd /app/docker-registry
mkdir -p certs && openssl req \
-newkey rsa:4096 \
-nodes -sha256 \
-keyout certs/domain.key \
-x509 -days 365 \
-out certs/domain.crt
2、制作密码
mkdir auth
docker run --entrypoint htpasswd registry:2 -Bbn testUser abcXXDockerHub > auth/htpasswd
3、运行Registry
docker run -d -p 5000:5000 --restart=always --name registry \
-v /app/docker-registry:/var/lib/registry \
-v /app/docker-registry/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-v /app/docker-registry/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
-e REGISTRY_STORAGE_DELETE_ENABLED=true \
registry:2
4、将证书加入Docker Client信任
cd /app/docker-registry
sudo mkdir -p /etc/docker/certs.d/dockerhub.testfit.com:5000
sudo cp certs/domain.crt /etc/docker/certs.d/dockerhub.testfit.com:5000/ca.crt
systemctl restart docker
5、登录测试
[root@master3 docker-registry]# docker login dockerhub.testfit.com:5000
Username: XXX
Password:
Login Succeeded
7、利用docker stack发布服务
由于私有的Registry,需要输入密码,所以执行docker stack 需要这样执行,格式如下:
docker login -u #DockerHub Username# -p #DockerHub Password# \
#registry url# \
&& docker stack deploy -c \
docker-swarm.yml #STACK-NAME# --with-registry-auth
#DockerHub Username# :registry登录的用户名
#DockerHub Password#:registry登录的密码
#registry url# :registry url
#STACK-NAME#: stack名称
例如:我发布的testStack的服务,
docker login -u testUser -p abcXXDockerHub \
dockerhub.testfit.com:5000 \
&& docker stack deploy -c \
docker-compose.yaml testStack --with-registry-auth