想搭建一个私有的Docker仓库,查看了各种资料,大多是使用Nginx做代理,可是由于对于Nginx不熟悉,各种关于权限认证的问题,折腾了两天也没有搞定,后来无意在网上看到一篇使用已有镜像的方法,终于搞定了,原文参考:http://cloud.51cto.com/art/201412/458680_all.htm
测试环境
192.168.40.71 CoreOS 仓库服务器
192.168.40.83 CoreOS 客户机
仓库服务器配置
执行下面的命令,启动registry镜像,以及Nginx代理镜像
docker run -d --name registry -v /root/my_registry:/tmp/registry -p 5000:5000 registry
docker run -d --hostname dokk.co --name nginx --link registry:registry -p 443:443 larrycai/nginx-auth-proxy
客户机配置
- 将下面的内容添加到/etc/hosts文件中
192.168.40.71 dokk.co
- 下载ca.pem文件到客户机(https://github.com/Eric-aihua/nginx-auth-proxy/blob/master/ca.pem)
- 将ca.pem添加到信任列表
$ sudo cat ca.pem >> /etc/ssl/certs/ca-certificates.crt $ sudo /etc/init.d/docker restart
在修改
/etc/ssl/certs/ca-certificates.crt文件时,会因为该文件是只读的而不能修改,后来通过查询资料,发现在CoreOS中该文件是链接到
/usr/share/ca-certificates/ca-certificates.crt文件,而/usr整个路径被挂载到只读分区上,详细情况可查询(
https://coreos.com/blog/new-filesystem-btrfs-cloud-config/
),可以通过下面方法解决上面问题
localhost ~ # cp /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt.bak
localhost ~ # mv /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt.ln
localhost ~ # cp /etc/ssl/certs/ca-certificates.crt.bak /etc/ssl/certs/ca-certificates.crt
localhost ~ # cat ca.pem >> /etc/ssl/certs/ca-certificates.crt
验证
基本认证测试:
localhost ~ # curl -i -k https://larrycai:passwdpasswd[email protected]
HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Tue, 09 Jun 2015 14:27:33 GMT
Content-Type: application/json
Content-Length: 28
Connection: keep-alive
Expires: -1
Pragma: no-cache
Cache-Control: no-cache
"\"docker-registry server\""l
镜像上传测试:
登录
localhost ~ # docker login -u larrycai -p passwd -e "[email protected]" dokk.coWARNING: login credentials saved in /root/.dockercfg.Login Succeeded
上传
介绍文档参考:
http://cloud.51cto.com/art/201412/458680_all.htm
dockerhub参考:https://registry.hub.docker.com/u/larrycai/nginx-auth-proxy/
git参考:https://github.com/Eric-aihua/nginx-auth-proxy
时间: 2024-11-03 05:28:19