搭建Docker私有仓库的详细教程(搭建docker私有仓库实验报告)

推荐整理分享搭建Docker私有仓库的详细教程(搭建docker私有仓库实验报告)，希望有所帮助，仅作参考，欢迎阅读内容。

文章相关热门搜索词:docker私有仓库部署,docker私有仓库搭建与使用实战,docker 私人仓库,docker 私人仓库,基于docker的私有云部署,搭建docker 私有仓库,dockerhub私有仓库搭建,dockerhub私有仓库搭建,内容如对您有帮助，希望把文章链接给更多的朋友！

1.Docker registry 说明本文记录的个人完整搭建docker registry操作过程，官方虽然提供了Docker Hub作为一个公开的集中仓库，但是天朝的网络可想而知，第一次pull一个镜像不是失败就是时间很长，为了解决这个问题需要创建一个私有的仓库在本地pull 本地push。我使用的docker版本是:1.5.0

2、安装docker-registry

复制代码代码如下:docker run -d -e SETTINGS_FLAVOR=dev -e STORAGE_PATH=/tmp/registry -v /alidata/registry:/tmp/registry -p : registry# 如果本地没有下载过docker-registry，则首次会pull registry 运行时会映射路径和端口，以后就可以从/data/registry下找到私有仓库

3、客户端上的操作#从本地仓库上获取有哪些镜像 复制代码代码如下:curl -X GET curl 1, "query": "", "results": [{"description": "", "name": "library/centos6"}]}

# 拉取到本地 复制代码代码如下:docker pull library/centos6

# tag 一个镜像 复制代码代码如下:docker tag ea9af9 registry.wpython.com:/centos6_x_.mini

# 将新的docker images push 到本地仓库 复制代码代码如下:docker push registry.wpython.com:/centos6_x_.mini

4、加入nginx认证Docker 启动监听端口后，使用的是 http，可以远程来管理 Docker 主机。这样的场景存在弊端，API 层面是没有提供用户验证、Token 之类身份验证功能，任何人都可以通过地址加端口来控制 Docker 主机，为了避免这样的情况发生，Docker 官方也支持 https 方式，不过需要我们自己来生成证书。新版本的docker 也强制必须使用https否则会报错

# 安装nginx过程略创建一个登陆用户(如果没有htpasswd命令 请安装httpd-tools这个包)

复制代码代码如下:htpasswd -c /alidata/server/nginx/docker-registry.htpasswd adminNew password: Re-type new password: Adding password for user admin

# 生成根密钥 复制代码代码如下:cd /etc/pki/CA/openssl genrsa -out private/cakey.pem

# 生成根证书 复制代码代码如下:openssl req -new -x -key private/cakey.pem -out cacert.pemCountry Name (2 letter code) [AU]:CNState or Province Name (full name) [Some-State]:BrijingLocality Name (eg, city) []:ChaoyangOrganization Name (eg, company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg, section) []:Common Name (e.g. server FQDN or YOUR name) []:registry.wpython.comEmail Address []:

# 为nginx服务器生成ssl密钥 复制代码代码如下:cd /alidata/server/nginx/ssl openssl genrsa -out nginx.key

# 为nginx生成的证书签署请求 复制代码代码如下: openssl req -new -key nginx.key -out nginx.csrYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [AU]:CNState or Province Name (full name) [Some-State]:BeijingLocality Name (eg, city) []:ChaoyangOrganization Name (eg, company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg, section) []:Common Name (e.g. server FQDN or YOUR name) []:registry.wpython.comEmail Address []: Please enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:An optional company name []:

# 私有CA根据请求来签发证书 复制代码代码如下:openssl ca -in nginx.csr -out nginx.crt # 如果报如下错误：Using configuration from /usr/local/ssl/openssl.cnf/etc/pki/CA/index.txt: No such file or directoryunable to open '/etc/pki/CA/index.txt':error::system library:fopen:No such file or directory:bss_file.c::fopen('/etc/pki/CA/index.txt','r'):error::BIO routines:FILE_CTRL:system lib:bss_file.c:: # 执行以下命令复制代码代码如下:cd /etc/pki/CA/mkdir newcerts touch index.txt touch serial echo > serialcd - openssl ca -in nginx.csr -out nginx.crt Using configuration from /usr/local/ssl/openssl.cnfCheck that the request matches the signatureSignature okCertificate Details: Serial Number: 1 (0x1) Validity Not Before: May :: GMT Not After : May :: GMT Subject: countryName = CN stateOrProvinceName = Beijing organizationName = Internet Widgits Pty Ltd commonName = registry.wpython.com emailAddress = @qq.com Xv3 extensions: Xv3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate Xv3 Subject Key Identifier: B5::C7:::D9::::F7::7E:4E:3A:F0:D9:0E:2C:F7:BD Xv3 Authority Key Identifier: keyid::F7:::1B:2B::CD:AF::EF::F4:E1:FA:EC:E7::1A: Certificate is to be certified until May :: GMT ( days)Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]yWrite out database with 1 new entriesData Base Updated

# 发现根证书

复制代码代码如下:# cp /etc/pki/tls/certs/ca-bundle.crt{,.bak} 备份以防出错# cat /etc/pki/CA/cacert.pem >> /etc/pki/tls/certs/ca-bundle.crt

# 创建nginx配置文件 复制代码代码如下:# vi /alidata/server/nginx/conf/vhosts/www.wpython.com.confupstream docker-registry { server localhost:;} server { listen ; server_name registry.wpython.com; # enabled ssl ssl on; ssl_certificate /alidata/server/nginx/ssl/nginx.crt; ssl_certificate_key /alidata/server/nginx/ssl/nginx.key; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; client_max_body_size 0; chunked_transfer_encoding on; location / { auth_basic "Restricted"; auth_basic_user_file docker-registry.htpasswd; proxy_pass } location /_ping { auth_basic off; proxy_pass } location /v1/_ping { auth_basic off; proxy_pass }}

# 完成测试

复制代码代码如下:# docker login adminPassword: Email: @qq.comLogin Succeeded

另类操作系统 三星Tizen2.4测试版SDK已经向开发者推送下载 除了主流的三大移动操作系统，现在的你还记得那些小众的移动操作系统吗？一直有传言说三星将Tizen系统作为备用，以防未来受到谷歌控制。时至今日

遗失的美好～已经消失的九大操作系统(绝对很经典) 有一句颇为调侃的话叫做走自己的路让别人无路可走,如果将这句话放到PC行业中,Wintel联盟显然是这句话最好的执行者,两者的强强联手统治了PC市场近

Docker的镜像理解以及容器的备份、恢复和迁移操作 Docker镜像的基本知识1.1什么是Docker镜像从整体的角度来讲，一个完整的Docker镜像可以支撑一个Docker容器的运行，在Docker容器运行过程中主要提供文件系