Build a Docker private warehouse (self-signed method)

In order to centrally manage the images we created and facilitate the deployment of services, we will create a private Docker repository. After reading the official documentation, I found that Docker needs CA certification to ensure the safe use of TLS. The long certification time costs money, and the free expiration time is too short. It is still simpler to use self-signed.

Prepare the environment

Environment: Two Centos 7 virtual machines

Server IP: 10.57.220.244, used as a Docker repository

》Client IP: 10.57.220.220, used as a client to upload or pull images

》Domain name: lpxxn.com

Docker version 17.03.0-ce has been installed on both machines

If you don't use a real domain name like me, you only need to modify the hosts file on the client machine.

Generate a self-signed certificate

Generate a self-signed certificate on the server host and create a folder to store the certificate

mkdir -p certs 

Generate Certificate

openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/lpxxn.com.key -x509 -days 365 -out certs/lpxxn.com.crt

It should be noted that when filling in the Common Name, it should be the same as your domain name.

ll certs folder, you can see the two generated files

Run the repository image. If there is no corresponding image locally, it will be downloaded from the Docker server and then started. You can use the docker ps command to check whether there is already a window running.

You can also specify a local directory to save the uploaded docker image

At this point the server is started. The last step is to copy the generated lpxxn.com.crt to the client. You can copy it in your own way. I use scp to copy it to the /home/test directory first, and then to the /etc/pki/ca-trust/source/anchors directory.

scp -r lpxxn.com.crt [email protected]:/home/test

Configuring the Client

Copy the lpxxn.com.crt generated on the server to the /etc/pki/ca-trust/source/anchors directory on the client server and check it out.

Renew the certificates and restart docker.

update-ca-trust

service docker stop && service docker start 

ok. Use curl to check the warehouse

curl https://lpxxn.com:5000/v2/_catalog 

Can access normally. Try uploading and downloading with the docker command

Use docker tag to mark the local image centos:6 as lpxxn.com:5000/centos6:1.0

Push to the warehouse

Execute the push command

docker push lpxxn.com:5000/centos6:1.0 

View warehouse information

Use curl to view the images and versions in the repository

curl https://lpxxn.com:5000/v2/_catalog
curl https://lpxxn.com:5000/v2/centos6/tags/list 

Pull the image from the repository

Delete the local image first

docker rmi lpxxn.com:5000/centos6:1.0
docker rmi centos:6

Pull and run

docker pull lpxxn.com:5000/centos6:1.0 

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.