This is recorded when I deployed Docker Registry within the notes, the operating environment is Centos 7, Docker 18.06.1-ce
1, run registry
I currently use IP host is 192.168.1.249, working directory: / data / docker / registry,
-
# docker run -d -p 5000:5000 --restart always --name registry \
-
-v /data/docker/registry/data:/var/lib/registry registry:2
At this visit, http: //192.168.1.249: 5000 / v2 / _catalog, return to normal (empty json objects), proved successful deployment.
2, submitted mirror test
-
# docker pull nginx:alpine
-
# docker tag nginx:alpine 192.168.1.249:5000/nginx-alpine
-
# docker push 192.168.1.249:5000/nginx-alpine
Actual unsuccessful, an error is returned as follows:
-
The push refers
to repository [
192.168.
1.249:
5000/nginx-alpine]
-
Get https:
//192.168.1.249:5000/v2/: http: server gave HTTP response to HTTPS client
View documents that add insecure-registries in the configuration file and then restart the docker to, the following:
-
# vim /etc/docker/daemon.json
-
{
-
"insecure-registries": [
"192.168.1.249:5000"]
-
}
-
# systemctl restart docker
Until then push really successful, in addition to using the configuration file, use the following to configure the self-signed certificate.
3, using a self-signed certificate
To generate a certificate using the domain name, I am here as: registry.docker.local, (without the domain name, the direct use of IP, to modify the openssl configuration file, the proposed domain name)
-
# mkdir -p /data/docker/registry/certs
-
# openssl req \
-
-newkey rsa:4096 -nodes -sha256 -keyout /data/docker/registry/certs/domain.key \
-
-x509 -days 365 -out /data/docker/registry/certs/domain.crt
To enter the certificate when generating some of the information, attention Common Name Enter the domain name you want to use, other direct carriage return, as follows:
-
Country
Name (
2 letter code) [XX]:
-
State
or Province
Name (full
name) []:
-
Locality
Name (eg, city) [
Default City]:
-
Organization
Name (eg, company) [
Default Company Ltd]:
-
Organizational
Unit
Name (eg, section) []:
-
Common
Name (eg, your
name
or your server
's hostname) []:registry.docker.local
-
Email Address []:
Starting container (case by adjusting related parameters, such as port 443 that you can use, so do not follow this with port 5000), as follows:
-
# docker run -d \
-
--restart=always \
-
--name registry \
-
-v /data/docker/registry/data:/var/lib/registry \
-
-v /data/docker/registry/certs:/certs \
-
-e REGISTRY_HTTP_ADDR=0.0.0.0:5000 \
-
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
-
-p 5000:5000 \
-
registry:2
4, test use
Note that, because it is just a custom domain name, remember to add the first domain registry.docker.local / etc / hosts file,
-
# docker tag nginx:alpine registry.docker.local:5000/nginx-alpine
-
# docker push registry.docker.local:5000/nginx-alpine
In this case it is given as follows:
-
The push refers
to repository [registry.docker.
local:
5000/nginx-alpine]
-
Get https:
//registry.docker.local:5000/v2/: x509: certificate signed by unknown authority
Look at the document, that document should domain.crt into /etc/docker/certs.d/registry.docker.local:5000/ca.crt, (note that you do push operation in which desktop PC, which would put Taiwan machine ah)
-
# mkdir -p /etc/docker/certs.d/registry.docker.local:5000
-
# cp xxx/domain.crt /etc/docker/certs.d/registry.docker.local:5000/
This time to push on the successful, as follows:
-
# docker push registry.docker.local:5000/nginx-alpine
-
The
push refers to repository [registry.docker.local:
5000/nginx-alpine]
-
a83dbde6ba05: Layer already
exists
-
431a5c7929dd: Layer already
exists
-
39e8483b9882: Layer already
exists
-
df64d3292fd6: Layer already
exists
-
latest: digest: sha256:
57a94fc99816c6aa225678b738ac40d85422e75dbb96115f1bb9b6ed77176166 size:
1153
Visit https: //registry.docker.local: 5000 / v2 / _catalog, also see the results, as follows:
-
# curl https://registry.docker.local:5000/v2/_catalog --insecure
-
{
"repositories":[
"nginx-alpine"]}
Look very inconvenient to customize the certificate, the certificate can be used for free: https://letsencrypt.org (Let's Encrypt)
Reference:
https://docs.docker.com/registry/deploying/
https://docs.docker.com/registry/insecure/#deploy-a-plain-http-registry
Original Address: https://blog.csdn.net/envon123/article/details/83623137