Docker public mirror warehouse and private mirror warehouse construction

Others 2021-03-28 15:25:27 views: null

Article Directory

1. Use of DockerHub public mirror warehouse

1. Log in to the docker.com official website to register an account

Insert picture description here

2. Log in to the docker official website

docker login 
#输入用户ID和密码

3. Push the image to the warehouse

为了方便测试,我们将hello-world 镜像拉取至本地,然后再上传至DockerHub仓库中。
先给镜像设置标签docker tag local-image:tagname new-repo:tagname;
再将镜像推送至仓库docker push new-repo:tagname

docker tag hello-world:latest mrgcc1314/test-hello-world:1.0.0    #将镜像打上标签

docker push mrgcc1314/test-hello-world:1.0.0         #将镜像上传到docker中


docker pull mrgcc1314/test-hello-world:1.0.0         #在docker仓库中拉取镜像测试是否创建成功

docker logout        #退出当前登录的docker账号

2. Construction and certification of Docker private warehouse

DockerHub provides us with many official mirrors and mirrors uploaded by individuals. We can download mirrors provided by institutions or individuals, or upload our own local mirrors, but the disadvantages are:
● Due to network reasons, the speed of downloading and uploading mirrors from DockerHub It may be slower;
● The Docker image used in production may contain our code, configuration information, etc., and do not want to be obtained by outsiders. Only developers on the intranet are allowed to download.

In order to solve the above problems, Docker officially provides a mirror called registry for building local private warehouses. The Docker private warehouse built on the internal network can make the download and upload of the internal network personnel very fast, not affected by external network bandwidth and other factors. At the same time, those who are not on the internal network cannot download our image, and the private warehouse also supports configuration Warehouse authentication function. Next, explain in detail the process of setting up the registry private warehouse.

1. Pull the private warehouse image

拉取私有仓库镜像。
docker pull registey

2. Modify the configuration

Modify the daemon.json file.

vi /etc/docker/daemon.json

添加以下内容,用于让Docker信任私有仓库地址,保存退出。
{
    
    
......
"insecure-registries": ["192.168.200.60:5000"]
}

Reload the configuration information and restart the Docker service.

#重新加载某个服务的置文件
systemctl daemon-reload

#重新启动docker
systemctl restart docker

3. Create a private warehouse container

创建私有仓库容器:	
docker run -di --name registry -p 5000:5000 -v /mydata/docker_registry:/var/lib/registry registry
●-d :后台运行容器;
●--name :为创建的容器命名;
●-p :表示端口映射,前者是宿主机端口,后者是容器内的映射端口。可以使用多个-p做多个端口映射;
●-v :将容器内/var/lib/registry 目录下的数据挂载至宿主机/mydata/docker_registry 目录下;

Open the browser and enter: http://192.168.200.60:5000/v2/_catalog If you see {"repositories":[]}, it means that the private repository is successfully built and the content is empty.

Or directly enter the command:

curl -XGET http://192.168.200.60:5000/v2/_catalog

4. Push the image to the private warehouse

先给镜像设置标签docker tag local-image:tagname new-repo:tagname;
再将镜像推送至私有仓库docker push new-repo:tagname

docker tag hello-world:latest 192.168.200.60:5000/test-hello-world:1.0.0
docker push 192.168.200.60:5000/test-hello-world:1.0.0

Open the browser and enter: http://192.168.200.60:5000/v2/_catalog You can see the uploaded image in the private warehouse.

Or directly enter the command:

curl -XGET http://192.168.200.60:5000/v2/_catalog

#当创建好私有仓库并且上传镜像到该私有仓库以后,便可以通过该私有仓库中的镜像创建容器了
docker run -it --name hello 192.168.200.60:5000/test-hello-world:1.0.0

5. Configure private warehouse authentication

The private warehouse has been set up. To ensure the security of the private warehouse, a security certification certificate is also needed to prevent unexpected things from happening. Therefore, a self-signed certificate needs to be generated on the Docker host where the private warehouse is built.

#创建证书存储目录。
mkdir -p /usr/1ocal/registry/certs

#生成自签名证书命令。
openssl req -newkey rsa:2048 -nodes -sha256 -keyout /usr/1ocal/registry/certs/domain.key -x509 -days 365 -out /usr/1ocal/registry/certs/domain.crt

选项:
openssl req :创建证书签名请求等功能;
-newkey :创建CSR证书签名文件和RSA私钥文件;
rsa:2048 :指定创建的RSA私钥长度为2048;
-nodes :对私钥不进行加密;
-sha256 :使用SHA256算法;
-keyout :创建的私钥文件名称及位置;
-x509 :自签发证书格式;
-days :证书有效期; 
-out :指定CSR输出文件名称及位置;

5.1. Generate a self-signed certificate

First generate a self-signed certificate through openssl. After running the command, you need to fill in some certificate information. The most important part is: Common Name (eg, your name or your server's hostname) []:192.168.200.60, here is the private warehouse address.

[ root@localhost ~]# openssl req -newkey rsa:2048 -nodes -sha256 -keyout /usr/1ocal/registry/certs/domain.key -x509 -days 365 -out /usr/1ocal/registry/certs/domain.crt
Generating a 2048 bit RSA private key
...........+++
..............+++
writing new private key to '/usr/1ocal/registry/certs/domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:192.168.200.60
Email Address []:

5.2. Generate authentication password file

#创建存储鉴权密码文件目录
mkdir -p /usr/local/registry/auth

#如果没有htpasswd 功能需要安装httpd
yum install -y httpd

#创建用户和密码
htpasswd -Bbn root 1234 > /usr/local/registry/auth/htpasswd
htpasswd 是apache http的基本认证文件,使用htpasswd命令可以生成用户及密码文件。

5.3. Create a private warehouse container

docker run -di --name registry -p 5000:5000 \
-v /mydata/docker_registry:/var/lib/registry \
-v /usr/1ocal/registry/certs:/certs \
-v /usr/1ocal/registry/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
registry

5.4. Failed to push the image to the private warehouse

#先给镜像设置标签
[root@localhost ~]#docker tag hello-world:latest 192.168.200.60:5000/test-hello-world:1.0.0 

#再将镜像推送至私有仓库
[root@localhost ~]#docker push 192.168.200.60:5000/test-hello-world:1.0.0 
The push refers to repository [192.168.200.60:5000/test-hello-world]
f22b99068db9: Preparing 
no basic auth credentials

If you push the image directly, it will definitely fail, and there will be an error of no basic auth credentials, this is because we did not perform login authentication.

5.5. Login account

通过docker login 命令输入账号密码登录私有仓库。
docker login 192.168.200.60:5000

5.6. Successfully pushed the image to the private warehouse

再次push镜像,发现已经可以推送成功了。
docker push 192.168.200.60:5000/test-hello-world:1.0.0

5.7. Log out of account

通过docker logout 命令退出账号。
docker logout 192.168.200.60

Guess you like

Origin blog.csdn.net/Gengchenchen/article/details/115125438
Recommended
Rushing to the GitHub hot list——How can open source programming languages and frameworks be so cute?
Beijing Humanoid Robot Innovation Center launches Tiangong, the world's first full-size humanoid robot with purely electric drive for anthropomorphic running
Ranking
8个无需编写代码即可使用 Python 内置库的方法
Java collections interview knowledge Lite
Machine learning algorithms foundation - Introduction a (watermelon materials for the book)
(Easy) Ransom Note - LeetCode
[Five days] Qt from entry to actual combat: the second day
Remember once extremely pit father can not download Maven Jar package of issues: IDEA question
The minimum cost Shortest
OSPF study map (the most complete version)
Network Takeaways
GnuPG
Daily
More
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)

Code World

© 2018 codetd.com