Docker官方提供的Docker Repostory在國內(nèi)連接不穩(wěn)定，可以自行搭建私服。

私服可直接使用Docker提供的registry2，需先搭建Docker運行環(huán)境。

鏡像所在服務(wù)器及測試服務(wù)器系統(tǒng)均為CentOS 7.3 Docker版本 17.09.0-ce

本地使用Docker 18.03.0-ce-mac60

1.服務(wù)器下載registry image

docker  pull  registry

2 服務(wù)器配置證書

進(jìn)入/etc/docker目錄，生成證書

mkdir -p certs && openssl req \ -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \ -x509 -days 365 -out certs/domain.crt

根據(jù)提示輸入基本信息，注意：CommonName需配置成域名 本例使用docker.registry.server

創(chuàng)建目錄

mkdir -p /etc/docker/certs.d/docker.registry.server:5000

拷貝證書到該目錄

cp certs/domain.crt /etc/docker/certs.d/docker.registry.server:5000/ca.crt

3.服務(wù)器配置hosts文件

配置host文件 vim /etc/hosts

10.26.98.81 docker.registry.server

4 服務(wù)器配置密碼

mkdir auth && docker run --entrypoint htpasswd registry -Bbn [用戶名] [密碼] > auth/htpasswd

5 服務(wù)器使用證書和密碼啟動

進(jìn)入/etc/docker目錄

創(chuàng)建資源目錄mkdir registryDir

啟動docker （pwd為當(dāng)前路徑 ）

docker run -d -p 5000:5000 --restart=always --name registry \

-v `pwd`/auth:/auth \

-e "REGISTRY_AUTH=htpasswd" \

-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \

-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \

-v `pwd`/registryDir:/var/lib/registry \

-v `pwd`/certs:/certs \

-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \

-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \

registry

6.查看container

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

8ba12615dde8 registry "/entrypoint.sh /e..." 8 seconds ago Up 8 seconds 0.0.0.0:5000->5000/tcp registry

7.服務(wù)器本機(jī)push image測試

docker tag tutum/ntpd localhost:5000/tutum/ntpd

docker push localhost:5000/tutum/ntpd

8.客戶端登錄registry

8.1 配置hosts文件

59.110.14.120 docker.registry.server

8.2 配置公鑰，將服務(wù)端crt拷貝到客戶機(jī)以下目錄

/etc/docker/certs.d/docker.registry.server:5000/ca.crt

8.3 登錄

docker login docker.registry.server:5000

輸入用戶名及密碼，提示 Login Succeeded

8.4 上傳

docker tag hello-world docker.registry.server:5000/hello-world

docker push docker.registry.server:5000/hello-world

9.查看私服中的資源

https://59.110.14.120:5000/v2/_catalog

使用用戶名密碼登錄，結(jié)果如下

{

repositories: [

"hello-world"

]

}

登錄常見錯誤

1.run registry時沒使用證書

The push refers to a repository [59.110.14.120:5000/hello-world]

Get https://59.110.14.120:5000/v2/: http: server gave HTTP response to HTTPS client

2.客戶端沒配置密鑰

Error response from daemon: Get https://docker.registry.server:5000/v2/: x509: certificate signed by unknown authority

參照正文9.2配置證書即可

注意：mac docker ce安裝后沒有/etc/docker文件夾，需要手動配置證書

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain domain.crt

配置完成后restart docker

http://container-solutions.com/adding-self-signed-registry-certs-docker-mac/

3.安裝docker客戶端的mac報錯，與代理設(shè)置有關(guān)，

Error response from daemon: Get https://docker.registry.server:5000/v2/: proxyconnect tcp: dial tcp 192.168.65.1:58701: getsockopt: connection refused

參考

https://blog.csdn.net/xiaojiang0829/article/details/50605534

http://hanqunfeng.iteye.com/blog/2331644

https://docs.docker.com/registry/deploying/

https://docs.docker.com/registry/spec/api/