便于镜像的直接拉取
将已经暂停的容器都删除
创建钥匙,在创建仓库后,拥有证书钥匙的用户才能使用镜像仓库
安全证书的仓库建立
删除所有关闭的容器
[root@foundation23 docker]# docker container prune
WARNING! This will remove all stopped containers.
Are you sure you want to continue? [y/N] y
重命名,生成新的镜像
[root@foundation23 docker]# docker tag nginx localhost:5000/nginx
[root@foundation23 docker]# openssl req -newkey rsa:4095 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt
Generating a 4095 bit RSA private key
..........++
.......................++
writing new private key to 'certs/domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:westos.org
Email Address []:[email protected]
[root@foundation23 docker]# ls
certs Dockerfile dvd.repo ssh supervisord.conf test web
[root@foundation23 docker]# cd certs/
[root@foundation23 certs]# ls
domain.crt domain.key
创建镜像仓库,必须在/tmp/docker目录中
[root@foundation23 docker]# docker run -d \
> --restart=always \
> --name registry \
> -v `pwd`/certs:/certs \
> -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
> -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
> -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
> -p 443:443 \
> registry:2
d52d1f3f28f6b558378963b47cfa827e8437983d4e17cd4c5b7e51cd6f1d7f11
删除镜像
[root@foundation23 docker]# docker rmi westos.org:5000/nginx
Untagged: westos.org:5000/nginx:latest
[root@foundation23 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
791c3795b8e7 registry:2 "/entrypoint.sh /e..." 2 minutes ago Up 2 minutes 0.0.0.0:5000->5000/tcp cocky_golick
d52d1f3f28f6 registry:2 "/entrypoint.sh /e..." 9 minutes ago Up 9 minutes 0.0.0.0:443->443/tcp, 5000/tcp registry
220f96fba555 ubuntu "/bin/bash" About an hour ago Up About an hour vm1
ca8c7e03c7a3 ubuntu "/bin/bash" 4 hours ago Up 4 hours frosty_turing
[root@foundation23 docker]# docker tag nginx westos.org/rhel7
[root@foundation23 docker]# docker images
[root@foundation23 docker]# cd /etc/docker
[root@foundation23 docker]# ls
demon.json key.json
[root@foundation23 docker]# mkdir certs.d
[root@foundation23 certs.d]# cd certs.d
[root@foundation23 certs.d]# mkdir westos.org
[root@foundation23 certs.d]# cd westos.org/
[root@foundation23 westos.org]# cp /tmp/docker/certs/domain.crt ./ca.crt
[root@foundation23 westos.org]# ls
ca.crt上传镜像
[root@foundation23 westos.org]# docker push westos.org/rhel7
The push refers to a repository [westos.org/rhel7]
08d25fa0442e: Pushed
a8c4aeeaa045: Pushed
cdb3f9544e4c: Pushed
latest: digest: sha256:2de9d5fc6585b3f330ff5f2c323d2a4006a49a476729bbc0910b695771526e3f size: 948删除本机镜像进行下载
[root@foundation23 docker]# docker rmi westos.org/rhel7
Untagged: westos.org/rhel7:latest
Untagged: westos.org/rhel7@sha256:2de9d5fc6585b3f330ff5f2c323d2a4006a49a476729bbc0910b695771526e3f
Deleted: sha256:c82521676580c4850bb8f0d72e47390a50d60c8ffe44d623ce57be521bca9869
Deleted: sha256:2c1f65d17acf8759019a5eb86cc20fb8f8a7e84d2b541b795c1579c4f202a458
Deleted: sha256:8f222b457ca67d7e68c3a8101d6509ab89d1aad6d399bf5b3c93494bbf876407
Deleted: sha256:cdb3f9544e4c61d45da1ea44f7d92386639a052c620d1550376f22f5b46981af
[root@foundation23 docker]# docker pull westos.org/rhel7
Using default tag: latest
latest: Pulling from rhel7
2da35ff30a7d: Pull complete
831fb1a65ced: Pull complete
7a63da4e8a19: Pull complete
Digest: sha256:2de9d5fc6585b3f330ff5f2c323d2a4006a49a476729bbc0910b695771526e3f
Status: Downloaded newer image for westos.org/rhel7:latest
具有用户认证的镜像仓库的建立
创建用户和密码
[root@foundation23 docker]# mkdir auth
[root@foundation23 docker]# docker run --entrypoint htpasswd registry:2 -Bbn wxh westos > auth/htpasswd
[root@foundation23 docker]# cat auth/htpasswd
wxh:$2y$05$KzmM5wos/9WoYNtsY0RbhesjCRShouEsUoQ7vCU0MqRn1WqGnmq2i
[root@foundation23 docker]# docker run --entrypoint htpasswd registry:2 -Bbn admin admin> > auth/htpa[[root@foundation23 docker]# docker run --entrypoint htpasswd registry:2 -Bbn admin admin>> auth/htpasswd
[root@foundation23 docker]# cat auth/htpasswd
wxh:$2y$05$KzmM5wos/9WoYNtsY0RbhesjCRShouEsUoQ7vCU0MqRn1WqGnmq2i
admin:$2y$05$oCP5.6s6arDc/Wq.NBFHWebiQGCKphTfESIT95OT0nI3xQxLOSD2e
[root@foundation23 docker]# cd /tmp/docker/
[root@foundation23 docker]# docker run -d --restart=always --name registry -v `pwd`/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key -v `pwd`/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -p 443:443 registry:2
14506a8a67adab458a3a7be8184e026dae826d1852b21d3c3b0c0385910ad445
上传失败:没有用户认证
[root@foundation23 docker]# docker push westos.org/rhel7
The push refers to a repository [westos.org/rhel7]
08d25fa0442e: Preparing
a8c4aeeaa045: Preparing
cdb3f9544e4c: Preparing
no basic auth credentials
[root@foundation23 ~]# netstat -antlup | grep :443
tcp6 0 0 :::443 :::* LISTEN 7227/docker-proxy 
使用用户登陆
[root@foundation23 ~]# docker login -u wxh -p westos westos.org
Login Succeeded
[root@foundation23 ~]# docker push westos.org/rhel7
The push refers to a repository [westos.org/rhel7]
08d25fa0442e: Pushed
a8c4aeeaa045: Pushed
cdb3f9544e4c: Pushed
latest: digest: sha256:2de9d5fc6585b3f330ff5f2c323d2a4006a49a476729bbc0910b695771526e3f size: 948
查看用户认证存储信息,第二次同一个用户不用再次认证
[root@foundation23 ~]# cd
[root@foundation23 ~]# cd .docker/
[root@foundation23 .docker]# ls
config.json
[root@foundation23 .docker]# cat config.json
{
"auths": {
"westos.org": {
"auth": "d3hoOndlc3Rvcw=="
}
}