CentOS builds Docker private warehouse practice

Preface

As most of the current mirror download sites are in foreign sites, domestic users often encounter the download speed is very slow when the next mirror, and in the process of applying Docker to the production environment, it is also the issue of whether the downloaded Docker image is safe.

Because of the production environment to build a private Docker Registry, is a two-way solution. But at present, most of the domestic enterprises use the distribution version, which is the Redhat system, in which the CentOS environment is the majority. While online information and published books on the introduction of Docker are based on Ubuntu to explain and configure, and centos6.x above version access to private Docker

Registry all require SSL support. Therefore, the biggest difficulty in using CentOS to build this service is to configure and use SSL, and let the nginx with the reverse proxy support SSL transmission and authentication.

Build the Environment:

System: CentOS 7.1
Server ip:192.168.1.12
Server domain name: registry.exmple.com #https的SSL证书生成时不能用IP地址因此这里随意设置一个域名即可, not necessarily a real domain name.
Client ip:192.168.1.11
Proxy Webserver:nignx (reverse proxy)

First, the configuration process

In order to facilitate the overall understanding of service building, here is a brief description of the configuration process:

1. Configure SSL on configuration side: Generate key, root certificate, generate SSL key for Nginx service, finally the private CA completes the issue of Nginx certificate on request;

2, compile, install Nginx, and configure the reverse proxy. Listen for HTTPS 433 and forward the client's request for 433 port to port 5000 of the Registry service;

3, install Docker registry image and run the container, listen to the request from Nginx forward;

4, the client completes the SSL certificate add, and completes the uploading and downloading the image operation, completes the test.

Second, Configuring SSL on the Registry server

1. Install dependent packages

Yum install-y gcc pcre-devel pcre-static OpenSSL openssl-devel httpd-tools1

Note:

• GCC is a compiler;

• Pcre-devel Pcre-static is the dependent package required to compile nginx;

• OpenSSL openssl-devel is used to generate SSL root certificates and keys and to issue NIGNX certificates;

• Httpd-tools is used to generate the account number and password to log in to the HTTPS service.

This article is from the "Cool bit Linux" blog, so be sure to keep this source http://coolbyte.blog.51cto.com/8289854/1707733

CentOS builds Docker private warehouse practice