1.进行加密数据运算对配置文件底下的内容进行删除
[root@localhost ~]# vim /etc/docker/daemon.json
重新启动docker程序
[root@localhost ~]# systemctl restart docker
2.建立加密目录,生成认证key和证书
[root@localhost ~]# mkdir certs
[root@localhost ~]# openssl req -newkey rsa:4096 -nodes -sha256 \
> -keyout certs/timinglee.org.key \
> -addext "subjectAltName = DNS:reg.timinglee.org" \ #指定备用名称
> -x509 -days 365 -out certs/timinglee.org.crt
目录底下成功生成证书和Key
注意:域名解析创建存在对应的地址reg.timinglee.org
[root@localhost ~]# vim /etc/hosts
172.25.254.200 docker-node1.timinglee.org reg.timinglee.org
3.启动registry仓库
[root@localhost ~]# docker run -d -p 443:443 --restart=always \ #使用加密端口443
> -v /root/certs:/certs \ # -v将本机的目录(/root/certs)挂载到镜像目录(/certs)中
> -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \ #指定http监控的端口
> -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/timinglee.org.crt \ #指定容器底下证书
> -e REGISTRY_HTTP_TLS_KEY=/certs/timinglee.org.key registry:latest #指定运行的镜像
检测仓库是否启动成功
4.尝试进行镜像推送 会失败
[root@localhost ~]# docker tag nginx:v3 reg.timinglee.org/nginx:v3
[root@localhost ~]# docker push reg.timinglee.org/nginx:v3The push refers to repository [reg.timinglee.org/nignx]
Get "https://reg.timinglee.org/v2/": dial tcp: lookup reg.timinglee.org on 114.114.114.114:53: no such host
原因是docker客户端没有key和证书
5.为客户端建立证书
[root@localhost ~]# mkdir -p /etc/docker/certs.d/reg.timinglee.org -p
[root@localhost ~]# cp /root/certs/timinglee.org.crt /etc/docker/certs.d/reg.timinglee.org/ca.crt
查看底下是否存在证书
[root@localhost ~]# systemctl restart docker
6.测试,再次推送nginx:v3
[root@localhost ~]# docker push reg.timinglee.org/nginx:v3
