1.进行加密数据运算对配置文件底下的内容进行删除
root@localhost \~\]# vim /etc/docker/daemon.json
重新启动docker程序
root@localhost \~\]# systemctl restart docker
2.建立加密目录,生成认证key和证书
root@localhost \~\]# mkdir certs \[root@localhost \~\]# openssl req -newkey rsa:4096 -nodes -sha256 \\ \> -keyout certs/timinglee.org.key \\ \> -addext "subjectAltName = DNS:reg.timinglee.org" \\ #指定备用名称 \> -x509 -days 365 -out certs/timinglee.org.crt
目录底下成功生成证书和Key
注意:域名解析创建存在对应的地址reg.timinglee.org
root@localhost \~\]# vim /etc/hosts 172.25.254.200 docker-node1.timinglee.org reg.timinglee.org
3.启动registry仓库
root@localhost \~\]# docker run -d -p 443:443 --restart=always \\ #使用加密端口443 \> -v /root/certs:/certs \\ # -v将本机的目录(/root/certs)挂载到镜像目录(/certs)中 \> -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \\ #指定http监控的端口 \> -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/timinglee.org.crt \\ #指定容器底下证书 \> -e REGISTRY_HTTP_TLS_KEY=/certs/timinglee.org.key registry:latest #指定运行的镜像
检测仓库是否启动成功
4.尝试进行镜像推送 会失败
root@localhost \~\]# docker tag nginx:v3 reg.timinglee.org/nginx:v3 \[root@localhost \~\]# docker push reg.timinglee.org/nginx:v3 The push refers to repository \[reg.timinglee.org/nignx
Get "https://reg.timinglee.org/v2/": dial tcp: lookup reg.timinglee.org on 114.114.114.114:53: no such host
原因是docker客户端没有key和证书
5.为客户端建立证书
root@localhost \~\]# mkdir -p /etc/docker/certs.d/reg.timinglee.org -p \[root@localhost \~\]# cp /root/certs/timinglee.org.crt /etc/docker/certs.d/reg.timinglee.org/ca.crt
查看底下是否存在证书
root@localhost \~\]# systemctl restart docker
6.测试,再次推送nginx:v3
root@localhost \~\]# docker push reg.timinglee.org/nginx:v3
