DC01-192.168.9.8
1. 工作目录
1 2 3 | $ mkdir -p /home/ubuntu/registry $ cd /home/ubuntu/registry # sudo docker run -d -p 5000:5000 -v `pwd`/data:/var/lib/registry --restart=always --name registry registry:2 |
2. CA证书
1 2 | $ mkdir certs $ openssl req -newkey rsa:2048 -nodes -sha256 -keyout certs/registry.mudan.com.key -x509 -days 3650 -out certs/registry.mudan.com.crt |
1 2 3 4 5 6 7 | Country Name (2 letter code) [AU]:CN State or Province Name (full name) [Some-State]:HB Locality Name (eg, city) []:Wuhan Organization Name (eg, company) [Internet Widgits Pty Ltd]:PEONY Organizational Unit Name (eg, section) []:DATA Common Name (e.g. server FQDN or YOUR name) []:registry.mudan.com Email Address []:peony_wh@163.com |
重新启动
1 2 3 4 5 6 7 8 9 10 | $ docker stop registry $ docker rm registry $ docker run -d -p 5000:5000 --restart=always --name registry \ -v `pwd`/data:/var/lib/registry \ -v `pwd`/certs:/certs \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registry.mudan.com.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/registry.mudan.com.key \ registry:2 $ sudo vi /etc/hosts 192.168.9.8 registry.mudan.com registry |
拷贝证书
1 2 3 | $ sudo mkdir -p /etc/docker/certs.d/registry.mudan.com:5000 $ sudo cp certs/registry.mudan.com.crt /etc/docker/certs.d/registry.mudan.com:5000/ca.crt $ sudo service docker restart |
推送镜像
1 2 3 | docker pull busybox:latest docker tag busybox:latest registry.mudan.com:5000/peony/busybox:latest docker push registry.mudan.com:5000/peony/busybox |
3. 其他节点
DC03 192.168.9.252
1 2 3 4 5 | $ sudo mkdir -p /etc/docker/certs.d/registry.mudan.com:5000 $ sudo scp ubuntu@192.168.9.8:/home/ubuntu/registry/certs/registry.mudan.com.crt \ /etc/docker/certs.d/registry.mudan.com:5000/ $ docker pull registry.mudan.com:5000/peony/busybox $ docker images |
4. 账号登陆,待完成
参考资料
https://github.com/docker/distribution/blob/master/docs/deploying.md
https://github.com/docker/distribution/blob/master/docs/configuration.md#storage
http://seanlook.com/2014/11/13/deploy-private-docker-registry-with-nginx-ssl/