Of Stack

Example of setting up Docker private mirror warehouse on CentOS7.2 server

  • 2020-11-25 07:43:54
  • OfStack

This article is an example of setting up an Docker private mirror warehouse on an CentOS7.2 server. To share for your reference, the details are as follows:

[

Given the slow speed of domestic pull mirroring, it is necessary to build private or local docker mirroring warehouses.

]

Install docker 


# yum -y install docker
# systemctl start docker && systemctl enable docker

Use self-signature for secure authentication

Create the certs directory for your certificates and keys 


# mkdir -p /docker/certs
# chcon -Rt svirt_sandbox_file_t /docker/certs/

Modify/etc pki/tls/openssl cnf configuration file

Add the mirror warehouse IP address to the [v3_ca] configuration item in this file: 


[ v3_ca ]
# Extensions for a typical CA
subjectAltName = IP:192.168.120.128

Generate certificates and keys 


# cd /docker && openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
-x509 -days 365 -out certs/domain.crt
# mkdir -p /etc/docker/certs.d/192.168.120.128:5000/
# cp certs/domain.crt /etc/docker/certs.d/192.168.120.128\:5000/ca.crt

Create a backend store for the image files 


# mkdir -p /docker/data/private_registry
# chcon -Rt svirt_sandbox_file_t /docker/data/private_registry

Restart docker daemon 


# systemctl restart docker

Start the private mirror repository 


# docker run \
-d \
--name private_registry --restart=always \
-u root \
-p 5000:5000 \
-v /docker/data/private_registry:/var/lib/registry \
-v /docker/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
registry:2

Docker accelerator

The accelerator can be configured to be useful when THE pull image is slow. 

# curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://c282dc88.m.daocloud.io

test

Local test 


# docker pull ubuntu
# docker tag ubuntu 192.168.120.128:5000/ubuntu
# docker pull 192.168.120.128:5000/ubuntu
Using default tag: latest
Trying to pull repository 192.168.120.128:5000/ubuntu ...
latest: Pulling from 192.168.120.128:5000/ubuntu
Digest: sha256:382452f82a8bbd34443b2c727650af46aced0f94a44463c62a9848133ecb1aa8

Remote testing

To test on another host, execute the following command: 


# mkdir -p /etc/docker/certs.d/192.168.120.128:5000/
# scp 192.168.120.128:/etc/docker/certs.d/192.168.120.128\:5000/ca.crt /etc/docker/certs.d/192.168.120.128\:5000/
# systemctl restart docker
# docker pull 192.168.120.128:5000/ubuntu
Using default tag: latest
Trying to pull repository 192.168.120.128:5000/ubuntu ...
latest: Pulling from 192.168.120.128:5000/ubuntu
b6f892c0043b: Pull complete
55010f332b04: Pull complete
2955fb827c94: Pull complete
3deef3fcbd30: Pull complete
cf9722e506aa: Pull complete
Digest: sha256:382452f82a8bbd34443b2c727650af46aced0f94a44463c62a9848133ecb1aa8

Hopefully, this article has been helpful in using the Docker container.

Related articles: