ÔõÑùÔÚLinuxЧÀÍÆ÷ÉϽ¨ÉèÇå¾²¿É¿¿µÄDocker¾µÏñ¿ÍÕ»£¿
ÔõÑùÔÚlinuxЧÀÍÆ÷ÉϽ¨ÉèÇå¾²¿É¿¿µÄdocker¾µÏñ¿ÍÕ»£¿
Ëæ×ÅÈÝÆ÷ÊÖÒյĿìËÙÉú³¤£¬DockerÒѾ³ÉΪÁ˹¹½¨ºÍÖÎÀíÈÝÆ÷»¯Ó¦Óõij£Óù¤¾ß¡£È»¶ø£¬ÔÚÏÖʵӦÓÃÖУ¬ÔõÑù½¨ÉèÒ»¸öÇå¾²¿É¿¿µÄDocker¾µÏñ¿ÍջȴÊÇÒ»¸öÖ÷ÒªµÄÎÊÌâ¡£±¾ÎĽ«ÏÈÈÝÔõÑùÔÚLinuxЧÀÍÆ÷ÉϽ¨ÉèÒ»¸öÇå¾²¿É¿¿µÄDocker¾µÏñ¿ÍÕ»£¬²¢Ìṩ´úÂëʾÀýÒÔ¹©²Î¿¼¡£
×°ÖÃDocker
Ê×ÏÈ£¬ÐèÒªÔÚLinuxЧÀÍÆ÷ÉÏ×°ÖÃDocker¡£¿ÉÒÔͨ¹ýÒÔÏÂÏÂÁî×°Öãº
$ sudo apt-get update $ sudo apt-get install docker-ce
µÇ¼ºó¸´ÖÆ
×°ÖÃÍê³Éºó£¬ÔËÐÐÒÔÏÂÏÂÁîÑé֤װÖÃÊÇ·ñÀֳɣº
$ docker version
µÇ¼ºó¸´ÖÆ
ÉèÖÃDocker¾µÏñ¿ÍÕ»
½ÓÏÂÀ´£¬ÐèÒªÉèÖÃDocker¾µÏñ¿ÍÕ»¡£¿ÉÒÔÑ¡ÔñʹÓÃDocker¹Ù·½µÄRegistry¾µÏñ»òÕßµÚÈý·½µÄ¿ªÔ´¾µÏñ£¬ÈçHarbor¡¢NexusµÈ¡£
ÒÔʹÓÃDocker¹Ù·½µÄRegistry¾µÏñΪÀý£¬¿ÉÒÔͨ¹ýÒÔÏÂÏÂÁîÆô¶¯Ò»¸öRegistryÈÝÆ÷£º
$ docker run -d -p 5000:5000 --name registry registry:latest
µÇ¼ºó¸´ÖÆ
Æô¶¯Íê³Éºó£¬¿ÉÒÔͨ¹ýÒÔÏÂÏÂÁîÑéÖ¤RegistryÊÇ·ñÕý³£ÊÂÇ飺
$ curl http://localhost:5000/v2/_catalog
µÇ¼ºó¸´ÖÆ
ÈôÊÇ·µ»Ø¿ÕÊý×é[]£¬ËµÃ÷RegistryÒѾÀÖ³ÉÔËÐС£
ÉèÖþµÏñ¿ÍÕ»µÄÈÏÖ¤ºÍÊÚȨ
ΪÁË°ü¹Ü¾µÏñ¿ÍÕ»µÄÇå¾²£¬ÐèÒªÌí¼ÓÈÏÖ¤ºÍÊÚȨ¹¦Ð§¡£¿ÉÒÔʹÓÃNginx×÷Ϊ·´ÏòÊðÀíЧÀÍÆ÷£¬²¢Ê¹ÓÃBasic AuthÈÏÖ¤·½·¨¡£
Ê×ÏÈ£¬×°ÖÃNginx£º
$ sudo apt-get install nginx
µÇ¼ºó¸´ÖÆ
È»ºó£¬½¨ÉèÒ»¸öÓÃÓÚ´æ·ÅÈÏÖ¤ÐÅÏ¢µÄÃÜÂëÎļþ£º
$ sudo sh -c "echo -n 'admin:' >> /etc/nginx/.htpasswd" $ sudo sh -c "openssl passwd -apr1 >> /etc/nginx/.htpasswd"
µÇ¼ºó¸´ÖÆ
½¨ÉèÍê³Éºó£¬ÐèÒª±à¼NginxÉèÖÃÎļþ/etc/nginx/sites-available/default£¬Ìí¼ÓÈçÏÂÄÚÈÝ£º
server { listen 80; server_name <your-domain-name>; location / { proxy_pass http://localhost:5000; auth_basic "Restricted"; auth_basic_user_file /etc/nginx/.htpasswd; } }
µÇ¼ºó¸´ÖÆ
Ìæ»» ΪÄãµÄÓòÃû¡£
ÉúÑÄÉèÖÃÎļþ²¢ÖØÆôNginx£º
$ sudo systemctl restart nginx
µÇ¼ºó¸´ÖÆ µÇ¼ºó¸´ÖÆ
ÉèÖÃHTTPSÖ§³Ö
ΪÁË°ü¹ÜͨѶµÄÇå¾²ÐÔ£¬¿ÉÒÔʹÓÃHTTPSÐÒé¾ÙÐÐͨѶ¡£ÐèÒªÏÈΪ¾µÏñ¿ÍÕ»ÌìÉú×ÔÊðÃûÖ¤Êé¡£
Ê×ÏÈ£¬×°ÖÃOpenSSL£º
$ sudo apt-get install openssl
µÇ¼ºó¸´ÖÆ
È»ºó£¬ÌìÉú˽ԿºÍ×ÔÊðÃûÖ¤Ê飺
$ sudo openssl req -newkey rsa:2048 -nodes -keyout registry.key -x509 -days 365 -out registry.crt
µÇ¼ºó¸´ÖÆ
ÌìÉúµÄregistry.keyΪ˽ԿÎļþ£¬registry.crtΪ×ÔÊðÃûÖ¤ÊéÎļþ¡£
½ÓÏÂÀ´£¬±à¼NginxÉèÖÃÎļþ/etc/nginx/sites-available/default£¬Ìí¼ÓÈçÏÂÄÚÈÝ£º
server { listen 443 ssl; server_name <your-domain-name>; ssl_certificate /path/to/registry.crt; ssl_certificate_key /path/to/registry.key; location / { proxy_pass http://localhost:5000; auth_basic "Restricted"; auth_basic_user_file /etc/nginx/.htpasswd; } }
µÇ¼ºó¸´ÖÆ
Ìæ»» ΪÄãµÄÓòÃû¡£
ÉúÑÄÉèÖÃÎļþ²¢ÖØÆôNginx£º
$ sudo systemctl restart nginx
µÇ¼ºó¸´ÖÆ µÇ¼ºó¸´ÖÆ
ʹÓÃDocker¿Í»§¶ËÓë¾µÏñ¿ÍÕ»½»»¥
×îºó£¬Ê¹ÓÃDocker¿Í»§¶ËÓë¾µÏñ¿ÍÕ»½»»¥¡£Ê×ÏÈ£¬ÐèҪΪDockerÉèÖÃÐÅÍеĿÍÕ»£º
$ sudo vi /etc/docker/daemon.json
µÇ¼ºó¸´ÖÆ
ÔÚÉèÖÃÎļþÖÐÌí¼ÓÈçÏÂÄÚÈÝ£º
{ "insecure-registries": ["<your-domain-name>:5000"] }
µÇ¼ºó¸´ÖÆ
ÉúÑÄÉèÖÃÎļþ²¢ÖØÆôDockerЧÀÍ£º
$ sudo systemctl restart docker
µÇ¼ºó¸´ÖÆ
ÏÖÔÚ¿ÉÒÔʹÓÃDocker¿Í»§¶ËÓë¾µÏñ¿ÍÕ»½»»¥ÁË£¬ÀýÈ磬ÍÆËͺÍÀÈ¡¾µÏñ£º
$ docker tag image <your-domain-name>:5000/image $ docker push <your-domain-name>:5000/image $ docker pull <your-domain-name>:5000/image
µÇ¼ºó¸´ÖÆ
ÒÔÉϾÍÊÇÔÚLinuxЧÀÍÆ÷ÉϽ¨ÉèÇå¾²¿É¿¿µÄDocker¾µÏñ¿ÍÕ»µÄËùÓа취ºÍ´úÂëʾÀý¡£Í¨¹ý×ñÕÕÕâЩ°ì·¨£¬Äú¿ÉÒÔ½¨ÉèÒ»¸öÇå¾²¿É¿¿µÄDocker¾µÏñ¿ÍÕ»£¬È·±£ÈÝÆ÷»¯Ó¦ÓõĿɿ¿ÐÔºÍÇå¾²ÐÔ¡£
ÒÔÉϾÍÊÇÔõÑùÔÚLinuxЧÀÍÆ÷ÉϽ¨ÉèÇå¾²¿É¿¿µÄDocker¾µÏñ¿ÍÕ»£¿µÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡