Docker creates a local warehouse

Source: Internet
Author: User
Tags docker run

Docker is a very hot technology nowadays, the introduction about Docker doesn't say much here, This article mainly introduces how to configure the local storage of Docker in centos6.6 environment, for large-scale use of Docker in LAN, the frequent download of image files from the official website, whether from the management or efficiency is unacceptable.

A: Run the Registry service as a container

First run, local no registry image, will automatically download a copy from the official website, slower

# docker Run-idt-p 5000:5000--name registry-v/data/registry:/tmp/registry Registry

650) this.width=650; "src=" Http:// "title=" Picture 1.png "alt=" Wkiom1sibgcgp4azaayhhlhqlhe921.jpg "/>

Two: Configure Nginx, need to configure user authentication and HTTPS support


650) this.width=650; "src=" Http:// "title=" Picture 2.png "alt=" Wkiom1sibqhjb9vxaaqearz5ark196.jpg "/>

# cat /usr/local/nginx/conf/extra/docker.conf # for versions of nginx  > 1.3.9 that include chunked transfer encoding support# replace  with appropriate values where necessary upstream docker-registry {  server;}  server { listen  443; server_name;    ssl on; ssl_certificate     /etc/ssl/certs/nginx.crt; ssl_ certificate_key /etc/ssl/private/nginx.key; proxy_set_header host         $http _host;   # required for docker client sake proxy _set_header x-real-ip   $remote _addr; # pass on real client ip  client_max_body_size 0; # disable any limits to avoid http 413 for large image uploads # required to avoid http 411:  see Issue  #1486   (  chunked_transfer_ encoding on;  location / {     # let nginx  know about our auth file     auth_basic                "Restricted";      auth_ Basic_user_file    docker-registry.htpasswd;      proxy_pass  http://docker-registry; } location /_ping {     auth_basic  off;     proxy_pass http://docker-registry; }    location /v1/_ping {     auth_basic off;      Proxy_pass http://docker-registry; }} 

Three: Configure SSL certificate and password file

1: Generate root Key

# cd/etc/pki/ca/# Touch/{serial,index.txt}# echo "xx" > serial# OpenSSL genrsa-out private/cakey.pem 2048

2: Generate root Certificate

# OpenSSL Req-new-x509-key private/cakey.pem-days 3650-out Cacert.pem

650) this.width=650; "src=" Http:// "title=" Picture 3.png "alt=" Wkiom1sibxuytrkdaaw6hqk0d9i207.jpg "/>

3: Generate nginx key and NGINX.CSR certificate request file

# cd/etc/ssl/# OpenSSL genrsa-out nginx.key 2048# OpenSSL req-new-key nginx.key-out NGINX.CSR

650) this.width=650; "src=" Http:// "title=" Picture 4.png "alt=" Wkiom1sib0oxlfmzaaidsomp6wu745.jpg "/>

4: private CAs issue certificates on request

# OpenSSL ca-in nginx.csr-days 3650-out nginx.crt

650) this.width=650; "src=" Http:// "title=" Picture 5.png "alt=" Wkiom1sib3sc5tymaafgjorcg-i265.jpg "/>

# Cp/etc/pki/tls/certs/ca-bundle.crt{,.bak} # Cat/etc/pki/ca/cacert.pem >>/etc/pki/tls/certs/ca-bundle.crt # Because it is a self-signed certificate, the point of this step is to have the system accept the certificate

5: Copy the generated certificate file to the appropriate location

# CP NGINX.CRT certs/# CP Nginx.key private/

6: Create a password file using the HTPASSWD tool

# yum-y Install httpd-tools# htpasswd-c/usr/local/nginx/conf/docker-registry.htpasswd yangnew password:re-type new pas sword:adding password for user Yang # htpasswd/usr/local/nginx/conf/docker-registry.htpasswd linnew password:re-type NE W password:adding password for user Lin

Four: Start nginx

#/usr/local/nginx/sbin/nginx-t#/usr/local/nginx/sbin/nginx # NETSTAT-NTPL |grep nginx

650) this.width=650; "src=" Http:// "title=" Picture 6.png "alt=" Wkiom1sib_nizmheaaneyqizgvu149.jpg "/>

Five: Test

1: Local Testing Push

# docker login-u yang-p 123-e [email protected] Docker images# Docker Tag Registry egistry:v2# Docker Push

650) this.width=650; "src=" Http:// "title=" Picture 7.png "alt=" Wkiol1sicodyg-gkaamxqnp-06q288.jpg "/>

2: Other clients test pull and push

# tail -1 /etc/hosts192.168.1.12 scp /etc/pki/ca/cacert.pem [email protected]:/root# cp /etc/ pki/tls/certs/ca-bundle.crt{,.bak}# cat cacert.pem >> /etc/pki/tls/certs/ ca-bundle.crt # curl -u yang:123  Service docker restart# docker  login -u yang -p 123 -e  [email protected] Login Succeeded # docker   images# docker tag centos6 docker push  REGISTRY.FJHB.CN/CENTOS6 

650) this.width=650; "src=" Http:// "title=" Picture 8.png "alt=" Wkiol1sicttt2h-maatwseuvq_m942.jpg "/>

# Docker Pull

650) this.width=650; "src=" Http:// "title=" Picture 9.png "alt=" Wkiom1sick6rrsuhaavqbjvnyfk814.jpg "/>

Exception handling:

650) this.width=650; "src=" Http:// "title=" Picture 10.png "alt=" Wkiom1sicnud29cdaax49u4uxym811.jpg "/>

# SCP/ETC/PKI/CA/CACERT.PEM [email protected]:/root# cat Cacert.pem >>/ETC/SSL/CERTS/CA-BUNDLE.CRT



This article from "Chop Month" blog, declined reprint!

Docker creates a local warehouse

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.