Docker creates a local warehouse

Docker is a very hot technology nowadays, the introduction about Docker doesn't say much here, This article mainly introduces how to configure the local storage of Docker in centos6.6 environment, for large-scale use of Docker in LAN, the frequent download of image files from the official website, whether from the management or efficiency is unacceptable.

A: Run the Registry service as a container

First run, local no registry image, will automatically download a copy from the official website, slower

# docker Run-idt-p 5000:5000--name registry-v/data/registry:/tmp/registry Registry

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/57/B2/wKiom1SibgCgp4azAAYhhlHqlhE921.jpg "title=" Picture 1.png "alt=" Wkiom1sibgcgp4azaayhhlhqlhe921.jpg "/>

Two: Configure Nginx, need to configure user authentication and HTTPS support

#/usr/local/nginx/sbin/nginx-v

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/57/B2/wKiom1SibqHjb9VXAAQEarZ5ark196.jpg "title=" Picture 2.png "alt=" Wkiom1sibqhjb9vxaaqearz5ark196.jpg "/>

# cat /usr/local/nginx/conf/extra/docker.conf # for versions of nginx  > 1.3.9 that include chunked transfer encoding support# replace  with appropriate values where necessary upstream docker-registry {  server 127.0.0.1:5000;}  server { listen  443; server_name  registry.fjhb.cn;    ssl on; ssl_certificate     /etc/ssl/certs/nginx.crt; ssl_ certificate_key /etc/ssl/private/nginx.key; proxy_set_header host         $http _host;   # required for docker client sake proxy _set_header x-real-ip   $remote _addr; # pass on real client ip  client_max_body_size 0; # disable any limits to avoid http 413 for large image uploads # required to avoid http 411:  see Issue  #1486   (https://github.com/dotcloud/docker/issues/1486)  chunked_transfer_ encoding on;  location / {     # let nginx  know about our auth file     auth_basic                "Restricted";      auth_ Basic_user_file    docker-registry.htpasswd;      proxy_pass  http://docker-registry; } location /_ping {     auth_basic  off;     proxy_pass http://docker-registry; }    location /v1/_ping {     auth_basic off;      Proxy_pass http://docker-registry; }} 

Three: Configure SSL certificate and password file

1: Generate root Key

# cd/etc/pki/ca/# Touch/{serial,index.txt}# echo "xx" > serial# OpenSSL genrsa-out private/cakey.pem 2048

2: Generate root Certificate

# OpenSSL Req-new-x509-key private/cakey.pem-days 3650-out Cacert.pem

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/57/B2/wKiom1SibxuytRkdAAW6hQK0d9I207.jpg "title=" Picture 3.png "alt=" Wkiom1sibxuytrkdaaw6hqk0d9i207.jpg "/>

3: Generate nginx key and NGINX.CSR certificate request file

# cd/etc/ssl/# OpenSSL genrsa-out nginx.key 2048# OpenSSL req-new-key nginx.key-out NGINX.CSR

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/57/B2/wKiom1Sib0OxlfMZAAidSOMp6WU745.jpg "title=" Picture 4.png "alt=" Wkiom1sib0oxlfmzaaidsomp6wu745.jpg "/>

4: private CAs issue certificates on request

# OpenSSL ca-in nginx.csr-days 3650-out nginx.crt

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/57/B2/wKiom1Sib3SC5tyMAAfGjOrcG-I265.jpg "title=" Picture 5.png "alt=" Wkiom1sib3sc5tymaafgjorcg-i265.jpg "/>

# Cp/etc/pki/tls/certs/ca-bundle.crt{,.bak} # Cat/etc/pki/ca/cacert.pem >>/etc/pki/tls/certs/ca-bundle.crt # Because it is a self-signed certificate, the point of this step is to have the system accept the certificate

5: Copy the generated certificate file to the appropriate location

# CP NGINX.CRT certs/# CP Nginx.key private/

6: Create a password file using the HTPASSWD tool

# yum-y Install httpd-tools# htpasswd-c/usr/local/nginx/conf/docker-registry.htpasswd yangnew password:re-type new pas sword:adding password for user Yang # htpasswd/usr/local/nginx/conf/docker-registry.htpasswd linnew password:re-type NE W password:adding password for user Lin

Four: Start nginx

#/usr/local/nginx/sbin/nginx-t#/usr/local/nginx/sbin/nginx # NETSTAT-NTPL |grep nginx

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/57/B2/wKiom1Sib_nizmheAANEYqizGvU149.jpg "title=" Picture 6.png "alt=" Wkiom1sib_nizmheaaneyqizgvu149.jpg "/>

Five: Test

1: Local Testing Push

# docker login-u yang-p 123-e [email protected] registry.fjhb.cn# Docker images# Docker Tag Registry registry.fjhb.cn/r egistry:v2# Docker Push Registry.fjhb.cn/registry:v2

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/57/B0/wKioL1SicODyG-GKAAmXqnP-06Q288.jpg "title=" Picture 7.png "alt=" Wkiol1sicodyg-gkaamxqnp-06q288.jpg "/>

2: Other clients test pull and push

# tail -1 /etc/hosts192.168.1.12     registry.fjhb.cn# scp /etc/pki/ca/cacert.pem [email protected]:/root# cp /etc/ pki/tls/certs/ca-bundle.crt{,.bak}# cat cacert.pem >> /etc/pki/tls/certs/ ca-bundle.crt # curl -u yang:123  https://registry.fjhb.cn/v1/search#  Service docker restart# docker  login -u yang -p 123 -e  [email protected] https://registry.fjhb.cn Login Succeeded # docker   images# docker tag centos6 registry.fjhb.cn/centos6# docker push  REGISTRY.FJHB.CN/CENTOS6 

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/57/B0/wKioL1SicTTT2h-mAATwsEUVQ_M942.jpg "title=" Picture 8.png "alt=" Wkiol1sicttt2h-maatwseuvq_m942.jpg "/>

# Docker Pull Registry.fjhb.cn/registry:v2

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/57/B2/wKiom1SicK6RRSuHAAVQbJvNYFk814.jpg "title=" Picture 9.png "alt=" Wkiom1sick6rrsuhaavqbjvnyfk814.jpg "/>

Exception handling:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/57/B2/wKiom1SicNuD29cDAAX49u4uxYM811.jpg "title=" Picture 10.png "alt=" Wkiom1sicnud29cdaax49u4uxym811.jpg "/>

# SCP/ETC/PKI/CA/CACERT.PEM [email protected]:/root# cat Cacert.pem >>/ETC/SSL/CERTS/CA-BUNDLE.CRT

Reference:

Http://blog.94it.net/post/openssl-ca.html

http://segmentfault.com/blog/seanlook/1190000000801162

This article from "Chop Month" blog, declined reprint!

Docker creates a local warehouse