How does docker set up a private warehouse (ubuntu 14.04 Docker version 1.6.4)
- 2020-06-03 08:50:11
- OfStack
docker builds private warehouses
This article describes how multiple machines can access their own private warehouses in an Intranet that requires CA authentication! The simplest, the lowest safeguard private warehouse security! In a relatively large cluster, you can run replica for multiple private warehouses and then borrow the agent to request balance!
1. Test environment
My test environment is ubuntu 14.04, version 1.6.4 of Docker (version is slightly older, the installation process of new version is one sample). The official website says :You need to Docker version 1.6.0 or newer.
Two machines are running on aliyun:
CPU: 1 Nuclear memory: 1024 MB (I/O optimized)
112.74.165.87 (male)
172.18.222.77 (private)
112.74.166.40 (male)
172.18.222.78 (private)
2. docker installation (two machines)
3. Create CA certificates with openssl
In 172.18.222.77 machine, root directory:
$ mkdir certs
Create a certificate
$ openssl req \
-newkey rsa:2048 -nodes -keyout certs/domain.key \
-x509 -days 365 -out certs/domain.crt
One key and one crt are generated under the certs directory
Start the container with ca
In the 172.18.222.77 machine, pull the mirror image
$ sudo docker pull registry
Create a container
docker run -d -p 5000:5000 --restart=always --name registry \
-v `pwd`/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
registry
5. Configure hosts file (two machines)
Configure the ip address
$ vim /etc/hosts
Configure the ES74en. com address as the ip address of the private warehouse and add:
172.18.222.77 my.com
6. Configure certificates
The certificate will be generated cp to/etc/docker/certs d/my com: 5000 / ca crt, need to use domain name my. com all need to configure the mirror.
docker is best restarted 1 time
$ service docker restart
7. Test
Do the following while the private warehouse is installed
$ docker tag registry my.com:5000/registry
$ docker push my.com:5000/registry
$ docker pull my.com:5000/registry
Execute on another machine
$ docker pull my.com:5000/registry
Then perform
$ docker images
The output
$ openssl req \
-newkey rsa:2048 -nodes -keyout certs/domain.key \
-x509 -days 365 -out certs/domain.crt
0
Thank you for reading, I hope to help you, thank you for your support to this site!