docker私有仓库搭建

安装docker
===================
1. sudo apt-get update
2. curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
3. sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
4. sudo apt-get update
5. sudo apt-get -y install docker-ce
6. docker run hello-world                  # 验证docker安装正确      
7. sudo systemctl enable docker            # 自启动


安装registry
===================
1. docker pull registry:2
2. docker run -d -p 5000:5000 --restart=always -v /data/docker/registry/:/var/lib/registry/ --name registry registry:2
3. docker pull hello-world
4. docker tag hello-world 127.0.0.1:5000/hello-world
5. docker push 127.0.0.1:5000/hello-world
6. docker pull 127.0.0.1:5000/hello-world


设置服务器TLS认证
===================
1. 一般情况下，证书只支持域名访问，要使其支持IP地址访问，需要修改配置文件openssl.cnf。在ubuntu系统下：
sudo vim /etc/ssl/openssl.cnf  在[ v3_ca ]下加入：subjectAltName = IP:192.168.9.26  
2. 生成自签名的证书：
1. sudo mkdir -p /data/docker/tls_certs
2. cd /data/docker/tls_certs
3. sudo openssl req -x509 -days 3650 -nodes -newkey rsa:2048 -keyout docker_reg.key -out docker_reg.crt -subj "/C=CN/ST=BJ/L=Beijing/CN=192.168.9.26:5000"
4. 运行docker registry
docker run -d --name docker-registry-no-proxy  --restart=always -u root -p 5000:5000 -v /data/docker/registry/:/var/lib/registry -v /data/docker/tls_certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/docker_reg.crt -e REGISTRY_HTTP_TLS_KEY=/certs/docker_reg.key registry:2


设置客户端TLS认证
===================
1. sudo mkdir -p /etc/docker/certs.d/192.168.9.26:5000/
2. sudo cp docker_reg.crt /etc/docker/certs.d/192.168.9.26:5000/ca.crt


使用私有仓库
===================
1. 从docker下载一个镜像：
docker pull hello-world
2. 给该镜像打上私有仓库的标签：
docker tag hello-world 192.168.9.26:5000/hello-world
3. 将其推送到私有仓库：
docker push 192.168.9.26:5000/hello-world
4. 从私有仓库下载镜像：
docker pull 192.168.9.26:5000/hello-world