Docker--Repository--修订版
Docker--Repositor
创建自己的仓库----镜像仓库
拓扑:
说明:
docker.benet.com 这是docker registry服务器的主机名称, ip是192.168.1.107;因为https的SSL证书要用到主机名,所以要设置主机名。
docker registry 服务器作为处理docker镜像的最终上传和下载,用的是官方的镜像registry。 nginx 1.6.x 是一个用nginx作为反向代理服务器
一、私有仓库https支持:
1.安装依赖软件包:
[root@repository ~]# yum -y install pcre devel zlib-devel openssl openssl-devel
在Nginx编译需要PCRE,因为Nginx的Rewrite模块和HTTP核心模块会使用到PCRE正则表达式。需要安装pcre和pcre-devel用yum就能安装。 Zlib库提供了开发人员的压缩算法,在nginx的模块中需要使用gzip压缩。 需要安装zlib和zlib-devel用yum就可以安装 在Nginx中如果需要为服务器提供安全则需要用到OpenSSL库。 需要安装的是openssl和openssl-devel。用yum就可以安装。
hostname
[root@repository ~]# hostnamectl set-hostname docker.benet.com
[root@repository ~]# bash
[root@docker ~]# hostname
docker.benet.com
[root@docker ~]#
2.配置SSL
(1) 编辑/etc/hosts,把docker.benet.com的ip地址添加进来,例如:
主机名、ip地址:
[root@docker ~]# ifconfig eno16777736
eno16777736: flags=4163 mtu 1500
inet 192.168.142.163 netmask 255.255.255.0 broadcast 192.168.142.255
inet6 fe80::20c:29ff:fe3c:1c0 prefixlen 64 scopeid 0x20
ether 00:0c:29:3c:01:c0 txqueuelen 1000 (Ethernet)
RX packets 806309 bytes 1116337317 (1.0 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 211572 bytes 17728543 (16.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@docker ~]#
/etc/hosts文件内容:
[root@docker ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.142.163 docker.benet.com
[root@docker ~]#
(2) 生成根密钥
先把 /etc/pki/CA/cacert.pem /etc/pki/CA/index.txt /etc/pki/CA/index.txt.attr /etc/pki/CA/index.txt.old /etc/pki/CA/serial /etc/pki/CA/serial.old 删除掉!
[root@docker ~]# cd /etc/pki/CA
[root@docker CA]# ls
certs crl newcerts private
[root@docker CA]#
[root@docker CA]# openssl genrsa -out private/cakey.pem 2048
Generating RSA private key, 2048 bit long modulus
..................................+++
...+++
e is 65537 (0x10001)
[root@docker CA]# ls
certs crl newcerts private
[root@docker CA]# cd private/
[root@docker private]# ls
cakey.pem
[root@docker private]#
(3) 生成根证书
执行
[root@docker CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem
输出如下信息
[root@docker private]# cd ..
[root@docker CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:perma
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:docker.benet.com
Email Address []:
[root@docker CA]#
会提示输入一些内容,因为是私有的,所以可以随便输入,最好记住能与后面保持一致,特别是"Common Name”。必须要和hostname显示的一致。 上面的自签证书cacert.pem应该生成在/etc/pki/CA下。
[root@docker CA]# ls
cacert.pem certs crl newcerts private
(4) 为nginx web服务器生成ssl密钥
[root@docker pki]# cd /etc/ssl
[root@docker ssl]# openssl genrsa -out nginx.key 2048
Generating RSA private key, 2048 bit long modulus
.................................+++
..................................................................................................+++
e is 65537 (0x10001)
注:因为CA中心与要申请证书的nginx服务器是同一个所以就在本机上执行为nginx服务器生成ssl密钥了,否则应该是在另一台需要用到证书的服务器上生成。 查看nginx服务器的密钥
[root@docker ssl]# ls
certs nginx.key
(5) 为nginx生成证书签署请求
执行 openssl req -new -key nginx.key -out nginx.csr 输出如下信息
[root@docker ssl]# openssl req -new -key nginx.key -out nginx.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:perma
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:docker.benet.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@docker ssl]#
同样会提示输入一些内容,Commone Name一定要是你要授予证书的服务器域名或主机名,challenge password不填。
(6) 私有CA根据请求来签发证书
[root@docker ssl]# touch /etc/pki/CA/index.txt
[root@docker ssl]# touch /etc/pki/CA/serial
[root@docker ssl]# echo 00 > /etc/pki/CA/serial
执行 openssl ca -in nginx.csr -out nginx.crt 输出内容:
[root@docker ssl]# openssl ca -in nginx.csr -out nginx.crt
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 0 (0x0)
Validity
Not Before: Jul 27 14:02:34 2016 GMT
Not After : Jul 27 14:02:34 2017 GMT
Subject:
countryName = CN
stateOrProvinceName = beijing
organizationName = perma
commonName = docker.benet.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
1F:0B:12:9F:A7:E9:C2:23:ED:61:A8:94:28:82:2D:34:13:AE:F4:06
X509v3 Authority Key Identifier:
keyid:DE:3B:A6:10:A0:B7:C9:C7:3A:C4:83:2F:11:1C:89:2D:15:5C:CC:BC
Certificate is to be certified until Jul 27 14:02:34 2017 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
同样会提示输入一些内容,选择y就可以了! 查看nginx的证书
[root@docker ssl]# ls
certs nginx.crt nginx.csr nginx.key
3.安装,配置,运行nginx
(1) 添加组和用户
[root@docker ssl]# groupadd www -g 58
[root@docker ssl]# useradd -u 58 -g www www
(2) 下载nginx源文件:
[root@docker ssl]# wget http://nginx.org/download/nginx-1.11.2.tar.gz
--2016-07-27 22:05:11-- http://nginx.org/download/nginx-1.11.2.tar.gz
Resolving nginx.org (nginx.org)... 206.251.255.63, 95.211.80.227, 2001:1af8:4060:a004:21::e3
Connecting to nginx.org (nginx.org)|206.251.255.63|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 924979 (903K) [application/octet-stream]
Saving to: ‘nginx-1.11.2.tar.gz’
100%[==============================================================>] 924,979 39.6KB/s in 37s
2016-07-27 22:05:51 (24.4 KB/s) - ‘nginx-1.11.2.tar.gz’ saved [924979/924979]
[root@docker ssl]# ls
certs nginx-1.11.2.tar.gz nginx.crt nginx.csr nginx.key
[root@docker ssl]#
(3) 编译,安装nginx:
[root@docker ssl]# tar zxf nginx-1.11.2.tar.gz -C ~
[root@docker ssl]# cd
[root@docker ~]# ls
anaconda-ks.cfg Desktop Downloads nginx-1.11.2 sshd_dockerfile Videos
centos6-test.tar Dockerfile hello-world.tar Pictures Templates
centos-6-x86_64.tar.gz Documents Music Public util-linux-2.24.tar.gz
[root@docker ~]# cd nginx-1.11.2/
[root@docker nginx-1.11.2]# ls
auto CHANGES CHANGES.ru conf configure contrib html LICENSE man README src
[root@docker nginx-1.11.2]# ./configure --user=www --group=www --prefix=/opt/nginx \
> --with-pcre \
> --with-http_stub_status_module \
> --with-http_ssl_module \
> --with-http_addition_module \
> --with-http_realip_module \
> --with-http_flv_module
上述选项的解释:
- --user=USER 设定程序运行的用户环境(www) --group=GROUP 设定程序运行的组环境(www)
- --prefix=PATH 设定安装目录
- --with-pcre 启用pcre库,Nginx的Rewrite模块和HTTP核心模块会使用到PCRE正则表达式
- --with-http_stub_status_module 是为了启用 nginx 的 NginxStatus 功能,用来监控 Nginx 的当前状态
- --with-http_ssl_module 开启SSL模块,支持使用HTTPS协议的网页
- --with-http_realip_module 开启Real IP的支持,该模块用于从客户请求的头数据中读取Real Ip地址
- --with-http_addition_module 开启Addtion模块,该模块允许你追加或前置数据到相应的主体部分
- --with-http_flv_module模块ngx_http_flv_module 为Flash Video(FLV)文件 提供服务端伪流媒体支持
[root@docker nginx-1.11.2]# make && make install
(4) 编辑/opt/nginx/conf/nginx.conf文件
[root@docker ~]# cat /opt/nginx/conf/nginx.conf | grep -v "#" | grep -v "^$"
user www;
worker_processes 4;
events {
worker_connections 4096;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream registry {
server 192.168.142.163:5000;
}
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /etc/ssl/nginx.crt;
ssl_certificate_key /etc/ssl/nginx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://registry;
client_max_body_size 3000m;
proxy_set_header Host $host;
proxy_set_header X-Forwad-For $remote_addr;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
(5) 验证配置
/opt/nginx/sbin/nginx -t
[root@docker ssl]# /opt/nginx/sbin/nginx -t
nginx: the configuration file /opt/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /opt/nginx/conf/nginx.conf test is successful
(6) 启动nginx:
执行/opt/nginx/sbin/nginx
[root@docker ~]# /opt/nginx/sbin/nginx
(7) 验证nginx是否启动:
[root@docker ~]# ps -ef | grep -i "nginx"
root 79230 1 0 22:44 ? 00:00:00 nginx: master process /opt/nginx/sbin/nginx
www 79231 79230 0 22:44 ? 00:00:00 nginx: worker process
www 79232 79230 0 22:44 ? 00:00:00 nginx: worker process
www 79233 79230 0 22:44 ? 00:00:00 nginx: worker process
www 79234 79230 0 22:44 ? 00:00:00 nginx: worker process
root 79257 75870 0 22:45 pts/2 00:00:00 grep --color=auto -i nginx
[root@docker ~]# netstat -anpt | grep nginx
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 79230/nginx: master
二、配置,运行Docker
1停止docker
[root@docker ~]# systemctl stop docker
2编辑/etc/sysconfig/docker文件,加上如下一行
[root@docker ~]# vim /etc/sysconfig/docker
[root@docker ~]# cat /etc/sysconfig/docker
DOCKER_OPTS="--insecure-registry docker.benet.com --tlsverify --tlscacert /etc/pki/CA/cacert.pem"
3把根证书复制到/etc/docker/certs.d/docker.benet.com/目录下
[root@docker ~]# mkdir -p /etc/docker/certs.d/docker.benet.com
[root@docker ~]# cp /etc/pki/CA/cacert.pem /etc/docker/certs.d/docker.benet.com/ca-certificates.crt
4启动docker
[root@docker ~]# systemctl start docker
三、运行私有仓库容器
1.通过获取官方 registry 镜像来运行
[root@docker ~]# docker search registry
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
registry Containerized docker registry 961 [OK]
konradkleine/docker-registry-frontend Browse and modify your Docker registry in ... 103 [OK]
atcol/docker-registry-ui A web UI for easy private/local Docker Reg... 82 [OK]
distribution/registry WARNING: NOT the registry official image!!... 38 [OK]
samalba/docker-registry 36 [OK]
hyper/docker-registry-web Web UI, authentication service and event r... 34 [OK]
marvambass/nginx-registry-proxy Docker Registry Reverse Proxy with Basic A... 28 [OK]
h3nrik/registry-ldap-auth LDAP and Active Directory authentication p... 12 [OK]
jhipster/jhipster-registry JHipster Registry, based on Netflix Eureka... 7 [OK]
allingeek/registry A specialization of registry:2 configured ... 4 [OK]
pallet/registry-swift Add swift storage support to the official ... 4 [OK]
metadata/registry Metadata Registry is a tool which helps yo... 1 [OK]
silintl/registry Docker Registry 2.0, data stored in S3. 1 [OK]
silintl/registry-proxy A reverse proxy for the Docker Registry 2.0 1 [OK]
devsli/cifs-registry Docker Registry on CIFS (Samba) 1 [OK]
bhuisgen/alpine-registry alpine-registry 1 [OK]
kampka/registry A docker registry image based on kampka/ar... 0 [OK]
qnib/registry Alpine image of QNIBTerminal w/ docker-reg... 0 [OK]
h0tbird/registry Containerized Docker registry service 0 [OK]
openshift/simple-authenticated-registry A simple authenticated Docker registry tha... 0 [OK]
webhippie/registry Docker images for registry 0 [OK]
katch/schema-registry Confluent IO Katch Schema Registry 0 [OK]
nouchka/registry Docker registry with auto-generation of ht... 0 [OK]
centos/registry Docker registry v2 / AKA Distribution 0 [OK]
crowleyio/registry-grsec Containerized docker registry for grsecuri... 0 [OK]
[root@docker ~]#
[root@docker ~]# docker pull registry
Using default tag: latest
latest: Pulling from library/registry
8387d9ff0016: Pull complete
3b52deaaf0ed: Pull complete
4bd501fad6de: Pull complete
a3ed95caeb02: Pull complete
1d4dc7bffbb8: Pull complete
7c4baf947271: Pull complete
e14b922ad4f5: Pull complete
f1d1dbdd4f97: Pull complete
f2bbca3948d0: Pull complete
4e3899dc28fa: Pull complete
Digest: sha256:f374c0d9b59e6fdf9f8922d59e946b05fbeabaed70b0639d7b6b524f3299e87b
Status: Downloaded newer image for registry:latest
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos ssh 295662378a51 35 hours ago 664.7 MB
25cbc0a76930 35 hours ago 664.7 MB
test commit bccf75ecf2f4 4 days ago 671.5 MB
centos6 import 1c57411c9e2c 4 days ago 613.9 MB
python latest 9152ad50a7f9 7 days ago 694.2 MB
centos centos6 cf2c3ece5e41 3 weeks ago 194.6 MB
hello-world latest c54a2cc56cbb 3 weeks ago 1.848 kB
registry latest bca04f698ba8 6 months ago 422.8 MB
使用官方的 registry 镜像来启动本地的私有仓库。 用户可以通过指定参数来配置私有仓库位置。
2.例如将目录/opt/data/registry作为私有仓库的位置
[root@docker ~]# mkdir -pv /opt/data/registry
mkdir: created directory ‘/opt/data’
mkdir: created directory ‘/opt/data/registry’
3.运行私有仓库容器
[root@docker ~]# docker run -d -p 5000:5000 -v /opt/data/registry:/tmp/registry registry
7e1f53f23341e81d1ffc3243d987eb1eedf060d51c834e7b25c8b3819ade3f57
[root@docker ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7e1f53f23341 registry "docker-registry" 5 seconds ago Up 3 seconds 0.0.0.0:5000->5000/tcp nauseous_visvesvaraya
可以通过 -v 参数来将镜像文件存放在本地的指定路径。 例如上面的例子将上传的镜像放到 /opt/data/registry 目录。
-p(小写的)用于将容器的5000端口映射宿主机的5000端口。
四、验证registry:
用浏览器输入: https://docker.benet.com
或者:curl -i -k https://docker.benet.com
[root@docker ~]# curl -i -k https://docker.benet.com
HTTP/1.1 200 OK
Server: nginx/1.11.2
Date: Thu, 28 Jul 2016 07:04:59 GMT
Content-Type: application/json
Content-Length: 28
Connection: keep-alive
Expires: -1
Pragma: no-cache
Cache-Control: no-cache
"\"docker-registry server\""[root@docker ~]#
curl是通过url语法在命令行下上传或下载文件的工具软件,它支持http,https,ftp,ftps,telnet等多种协议,常被用来抓取网页和监控Web服务器状态
服务端的配置就到此完成! 注意:注意防火墙
五、Docker客户端配置
1.编辑/etc/hosts,把docker.benet.com的ip地址添加进来,例如:
[root@client-2 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.142.163 docker.benet.com
2.把docker registry服务器端的根证书追加到ca-certificates.crt文件里
先从docker registry服务器端把文件/etc/pki/CA/cacert.pem拷贝到本机,然后执行命令: cat ./cacert.pem >> /etc/pki/tls/certs/ca-certificates.crt
[root@docker ~]# scp /etc/pki/CA/cacert.pem [email protected]:/root
The authenticity of host '192.168.142.160 (192.168.142.160)' can't be established.
ECDSA key fingerprint is b6:5b:14:f0:9a:81:49:08:10:e8:8b:44:24:e1:8d:a0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.142.160' (ECDSA) to the list of known hosts.
[email protected]'s password:
cacert.pem 100% 1289 1.3KB/s 00:00
[root@client-2 ~]# ls | grep cacert
cacert.pem
[root@client-2 ~]# cat cacert.pem >> /etc/pki/tls/certs/ca-certificates.crt
3.验证docker.benet.com下的registry:
用浏览器输入: https://docker.benet.com
或者:curl -i -k https://docker.benet.com
[root@client-2 ~]# curl -i -k https://docker.benet.com
HTTP/1.1 200 OK
Server: nginx/1.11.2
Date: Thu, 28 Jul 2016 07:58:21 GMT
Content-Type: application/json
Content-Length: 28
Connection: keep-alive
Expires: -1
Pragma: no-cache
Cache-Control: no-cache
"\"docker-registry server\""[root@client-2 ~]#
4.使用私有registry步骤:
- 登录: docker login -u testuser -p pwd123 -e "[email protected]" https://docker.benet.com
[root@client-2 ~]# docker login https://docker.benet.com
Username: testuser
Password:
Email: [email protected]
WARNING: login credentials saved in /root/.docker/config.json
Account created. Please see the documentation of the registry https://docker.benet.com/v1/ for instructions how to activate it.
- 从Docker HUB 上拉取一个镜像测试,为基础镜像打个标签: docker tag centos:centos6 docker.benet.com/centos:centos6
[root@client ~]# ls
anaconda-ks.cfg cacert.pem centos6.tar
[root@client ~]# docker load -i centos6.tar
[root@client ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/centos centos6 cf2c3ece5e41 3 weeks ago 194.6 MB
[root@client ~]# docker tag docker.io/centos:centos6 docker.benet.com/centos:centos6
[root@client ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.benet.com/centos centos6 cf2c3ece5e41 3 weeks ago 194.6 MB
docker.io/centos centos6 cf2c3ece5e41 3 weeks ago 194.6 MB
- 发布: 上传镜像到本地私有仓库
docker push docker.benet.com/centos:centos6
[root@client ~]# docker push docker.benet.com/centos:centos6
The push refers to a repository [docker.benet.com/centos]
2714f4a6cdee: Image successfully pushed
Pushing tag for rev [cf2c3ece5e41] on {https://docker.benet.com/v1/repositories/centos/tags/centos6}
[root@client ~]#
查看私有仓库是否有对应的镜像
# curl 192.168.0.167:5000/v1/search
[root@client ~]# curl 192.168.142.163:5000/v1/search
{"num_results": 1, "query": "", "results": [{"description": "", "name": "library/centos"}]}[root@client ~]#
查看镜像的存储目录和文件(在镜像服务器) tree /opt/data/registry/repositories
[root@docker ~]# curl 192.168.142.163:5000/v1/search
{"num_results": 1, "query": "", "results": [{"description": "", "name": "library/centos"}]}[root@docker ~]#
[root@docker ~]# mount /dev/cdrom /media
mount: /dev/sr0 is write-protected, mounting read-only
[root@docker ~]# cd /media/Packages/
[root@docker Packages]# rpm -ivh tree-1.6.0-10.el7.x86_64.rpm
Preparing... ################################# [100%]
Updating / installing...
1:tree-1.6.0-10.el7 ################################# [100%]
[root@docker Packages]# cd
[root@docker ~]# tree /opt/data/registry/repositories/
/opt/data/registry/repositories/
└── library
└── centos
├── _index_images
├── tag_centos6
└── tagcentos6_json
2 directories, 3 files
[root@docker ~]#
从私有仓库pull下来image,查看image
[root@client ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.benet.com/centos centos6 cf2c3ece5e41 3 weeks ago 194.6 MB
docker.io/centos centos6 cf2c3ece5e41 3 weeks ago 194.6 MB
[root@client ~]# docker rmi cf2c3ece5e41
Failed to remove image (cf2c3ece5e41): Error response from daemon: conflict: unable to delete cf2c3ece5e41 (must be forced) - image is referenced in one or more repositories
[root@client ~]# docker rmi -f cf2c3ece5e41
Untagged: docker.benet.com/centos:centos6
Untagged: docker.io/centos:centos6
Deleted: sha256:cf2c3ece5e418fd063bfad5e7e8d083182195152f90aac3a5ca4dbfbf6a1fc2a
Deleted: sha256:2714f4a6cdee9d4c987fef019608a4f61f1cda7ccf423aeb8d7d89f745c58b18
[root@client ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@client ~]# docker pull docker.benet.com/centos:centos6
Trying to pull repository docker.benet.com/centos ...
Pulling repository docker.benet.com/centos
cf2c3ece5e41: Pulling image (centos6) from docker.benet.com/centos, endpoint: https://docker.benet.com/v
cf2c3ece5e41: Pull complete
Status: Downloaded newer image for docker.benet.com/centos:centos6
docker.benet.com/centos: this image was pulled from a legacy registry. Important: This registry version will not be supported in future versions of docker.
[root@client ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.benet.com/centos centos6 7e4e26acce17 3 weeks ago 194.6 MB
[root@client ~]#
查看私有仓库是否有对应的镜像
[root@client ~]# curl -k https://docker.benet.com/v1/search
{"num_results": 1, "query": "", "results": [{"description": "", "name": "library/centos"}]}
或浏览器访问仓库
因为client是最小化安装,没有浏览器,所有用另一个有桌面的再测试一下
服务器将cacert.pem复制到client-2(192.168.142.160)当中
[root@docker ~]# scp /etc/pki/CA/cacert.pem [email protected]:/root
The authenticity of host '192.168.142.160 (192.168.142.160)' can't be established.
ECDSA key fingerprint is b6:5b:14:f0:9a:81:49:08:10:e8:8b:44:24:e1:8d:a0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.142.160' (ECDSA) to the list of known hosts.
[email protected]'s password:
cacert.pem 100% 1289 1.3KB/s 00:00
验证docker.benet.com下的registry
[root@client-2 ~]# curl -i -k https://docker.benet.com
HTTP/1.1 200 OK
Server: nginx/1.11.2
Date: Thu, 28 Jul 2016 07:58:21 GMT
Content-Type: application/json
Content-Length: 28
Connection: keep-alive
Expires: -1
Pragma: no-cache
Cache-Control: no-cache
"\"docker-registry server\""[root@client-2 ~]#
[root@client-2 ~]# docker login https://docker.benet.com
Username: testuser
Password:
Email: [email protected]
WARNING: login credentials saved in /root/.docker/config.json
Account created. Please see the documentation of the registry https://docker.benet.com/v1/ for instructions how to activate it.
[root@client-2 ~]# curl -k https://docker.benet.com/v1/search
{"num_results": 1, "query": "", "results": [{"description": "", "name": "library/centos"}]}[root@client-2 ~]#