Docker deploy registry, create a private Docker image library, a self-signed certificate, Deploy a registry server

This is recorded when I deployed Docker Registry within the notes, the operating environment is Centos 7, Docker 18.06.1-ce

1, run registry

I currently use IP host is 192.168.1.249, working directory: / data / docker / registry,

   
   
# docker run -d -p 5000:5000 --restart always --name registry \
-v /data/docker/registry/data:/var/lib/registry registry:2
  
  

At this visit, http: //192.168.1.249: 5000 / v2 / _catalog, return to normal (empty json objects), proved successful deployment.

2, submitted mirror test

   
   
# docker pull nginx:alpine
# docker tag nginx:alpine 192.168.1.249:5000/nginx-alpine
# docker push 192.168.1.249:5000/nginx-alpine
  
  

Actual unsuccessful, an error is returned as follows:

   
   
The push refers to repository [ 192.168. 1.249: 5000/nginx-alpine]
Get https: //192.168.1.249:5000/v2/: http: server gave HTTP response to HTTPS client
  
  

View documents that add insecure-registries in the configuration file and then restart the docker to, the following:

   
   
# vim /etc/docker/daemon.json
{
"insecure-registries": [ "192.168.1.249:5000"]
}
# systemctl restart docker
  
  

Until then push really successful, in addition to using the configuration file, use the following to configure the self-signed certificate.

3, using a self-signed certificate

To generate a certificate using the domain name, I am here as: registry.docker.local, (without the domain name, the direct use of IP, to modify the openssl configuration file, the proposed domain name)

   
   
# mkdir -p /data/docker/registry/certs
# openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout /data/docker/registry/certs/domain.key \
-x509 -days 365 -out /data/docker/registry/certs/domain.crt
  
  

To enter the certificate when generating some of the information, attention Common Name Enter the domain name you want to use, other direct carriage return, as follows:

   
   
Country Name ( 2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [ Default City]:
Organization Name (eg, company) [ Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server 's hostname) []:registry.docker.local
Email Address []:
  
  

Starting container (case by adjusting related parameters, such as port 443 that you can use, so do not follow this with port 5000), as follows:

   
   
# docker run -d \
--restart=always \
--name registry \
-v /data/docker/registry/data:/var/lib/registry \
-v /data/docker/registry/certs:/certs \
-e REGISTRY_HTTP_ADDR=0.0.0.0:5000 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
-p 5000:5000 \
registry:2
  
  

4, test use

Note that, because it is just a custom domain name, remember to add the first domain registry.docker.local / etc / hosts file,

   
   
# docker tag nginx:alpine registry.docker.local:5000/nginx-alpine
# docker push registry.docker.local:5000/nginx-alpine
  
  

In this case it is given as follows:

   
   
The push refers to repository [registry.docker. local: 5000/nginx-alpine]
Get https: //registry.docker.local:5000/v2/: x509: certificate signed by unknown authority
  
  

Look at the document, that document should domain.crt into /etc/docker/certs.d/registry.docker.local:5000/ca.crt, (note that you do push operation in which desktop PC, which would put Taiwan machine ah)

   
   
# mkdir -p /etc/docker/certs.d/registry.docker.local:5000
# cp xxx/domain.crt /etc/docker/certs.d/registry.docker.local:5000/
  
  

This time to push on the successful, as follows:

   
   
# docker push registry.docker.local:5000/nginx-alpine
The push refers to repository [registry.docker.local: 5000/nginx-alpine]
a83dbde6ba05: Layer already exists
431a5c7929dd: Layer already exists
39e8483b9882: Layer already exists
df64d3292fd6: Layer already exists
latest: digest: sha256: 57a94fc99816c6aa225678b738ac40d85422e75dbb96115f1bb9b6ed77176166 size: 1153
  
  

Visit https: //registry.docker.local: 5000 / v2 / _catalog, also see the results, as follows:

   
   
# curl https://registry.docker.local:5000/v2/_catalog --insecure
{ "repositories":[ "nginx-alpine"]}
  
  

Look very inconvenient to customize the certificate, the certificate can be used for free: https://letsencrypt.org  (Let's Encrypt)

Reference:
https://docs.docker.com/registry/deploying/  
https://docs.docker.com/registry/insecure/#deploy-a-plain-http-registry

 

Original Address: https://blog.csdn.net/envon123/article/details/83623137