1.安裝企業(yè)docker倉庫(registryserver)
? 在master節(jié)點(diǎn)所在的ECS
Server下載registry鏡像并啟動registry-server:
???docker pull registry:latest
???docker run -idt -v /opt/registry:/var/lib/registry -p 5000:5000registry:latest
? ?dockerps|grep registry
? #需在ECS Server管理控制臺上配置安全組規(guī)則苍匆,加上規(guī)則開放5000 port
???curl http://:5000/v2
2.設(shè)置用戶
?docker ps -a|grep registry
?docker rm -f?registry容器id
?docker run --entrypoint htpasswd registry:latest? -Bbn user "password"? > /root/auth/htpasswd
3.registry server支持SSL
1)在master節(jié)點(diǎn)上生成證書
?mkdir /root/certs
?openssl req -newkey rsa:2048 -nodes -sha256 -keyout /root/certs/registry域名.key -x509
-days 3650 -out /root/certs/registry域名.crt?
2)在master節(jié)點(diǎn)上重啟registry
?docker ps -a|grep registry
? dockerrm -f registry容器id
?docker run -d -p 5000:5000 --privileged=true -v/opt/registry:/var/lib/registry -v /root/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registry域名.crt -e
?REGISTRY_HTTP_TLS_KEY=/certs/registry域名.key?? -v /root/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd?--name registry-server registry:latest
4.node節(jié)點(diǎn)支持以https方式訪問registryserver?
1)將證書放入node節(jié)點(diǎn)
? 將上面生成的domain.crt拷貝至node節(jié)點(diǎn)的/root/certs下
?mkdir /etc/docker/certs.d/registry域名:5000
? cp /root/certs/registry域名.crt? /etc/docker/certs.d/registry域名:5000/ca.crt
2)將domain.crt內(nèi)容添加至/etc/pki/tls/certs/ca-bundle.crt末尾?
? cat /root/certs/registry域名.crt >> /etc/pki/tls/certs/ca-bundle.crt
3)測試以https方式訪問registryserver
?curl https://registry域名:5000/v2?
5.用戶登錄?
?docker login -u user -p password? registry域名:5000
