How to build a private docker repository using CentOS

Source: Internet
Author: User
Tags docker registry
Foreword because most of the image download websites are abroad, Chinese users often encounter slow download speeds when downloading images; in addition, when Docker is applied to the production environment, it also faces the security issue of the downloaded Docker image. Because some private data is built in the production environment Preface

Because most of the image download websites are abroad, Chinese users often encounter slow downloading speeds when downloading images. In addition, when Docker is applied to the production environment, whether the downloaded Docker image is secure or not.

Building a private Docker Registry in a production environment is a two-in-one solution. However, most domestic enterprises use the Redhat system, most of which are in the Centos environment. Online materials and published books are explained and configured on the basis of ubuntu when introducing Docker, while CentOS6.x or later accesses private Docker

Registry requires SSL support. Therefore, the biggest difficulty in using CentOS to build this service is to configure and use SSL, and enable nginx as the reverse proxy to support SSL transmission and authentication.

 

Build Environment:

System: CentOS 7.1
Server IP address: 192.168.1.12
Server domain name: registry.exmple.com # When an SSL certificate of https is generated, the IP address cannot be used. Therefore, you can set a domain name here, which is not necessarily a real domain name.
Client IP: 192.168.1.11
Proxy webserver: Nginx (reverse proxy)

 

1. configuration process

In order to help you master the overall service establishment, the configuration process is briefly described here:

1. configure SSL on the configuration end: generate the key and root certificate, generate the SSL key for the nginx service, and finally the private CA issues the nginx certificate according to the request;

2. Compile and install nginx and configure it as a reverse proxy. Listen to https 433 and forward requests sent from the client to port 433 of the registry service;

3. install the Docker registry image and run the container to listen to requests forwarded by nginx;

4. add the SSL certificate on the client, upload and download the image, and complete the test.

II,Configure SSL on the Registry server

 

1. install related dependency packages

yum install -y gcc pcre-devel pcre-static openssl openssl-devel httpd-tools1

Note:

  • Gcc is the compiler;

  • Pcre-devel pcre-static is the dependent package required for nginx compilation;

  • Openssl-devel is used to generate the SSL root certificate and key, and issue the nignx certificate;

  • Httpd-tools is used to generate the account and password used to log on to the https service.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.