How to build a private docker repository using CentOS

Foreword because most of the image download websites are abroad, Chinese users often encounter slow download speeds when downloading images; in addition, when Docker is applied to the production environment, it also faces the security issue of the downloaded Docker image. Because some private data is built in the production environment Preface

Because most of the image download websites are abroad, Chinese users often encounter slow downloading speeds when downloading images. In addition, when Docker is applied to the production environment, whether the downloaded Docker image is secure or not.

Building a private Docker Registry in a production environment is a two-in-one solution. However, most domestic enterprises use the Redhat system, most of which are in the Centos environment. Online materials and published books are explained and configured on the basis of ubuntu when introducing Docker, while CentOS6.x or later accesses private Docker

Registry requires SSL support. Therefore, the biggest difficulty in using CentOS to build this service is to configure and use SSL, and enable nginx as the reverse proxy to support SSL transmission and authentication.

 

Build Environment:

System: CentOS 7.1
Server IP address: 192.168.1.12
Server domain name: registry.exmple.com # When an SSL certificate of https is generated, the IP address cannot be used. Therefore, you can set a domain name here, which is not necessarily a real domain name.
Client IP: 192.168.1.11
Proxy webserver: Nginx (reverse proxy)

 

1. configuration process

In order to help you master the overall service establishment, the configuration process is briefly described here:

1. configure SSL on the configuration end: generate the key and root certificate, generate the SSL key for the nginx service, and finally the private CA issues the nginx certificate according to the request;

2. Compile and install nginx and configure it as a reverse proxy. Listen to https 433 and forward requests sent from the client to port 433 of the registry service;

3. install the Docker registry image and run the container to listen to requests forwarded by nginx;

4. add the SSL certificate on the client, upload and download the image, and complete the test.

II,Configure SSL on the Registry server

 

1. install related dependency packages

yum install -y gcc pcre-devel pcre-static openssl openssl-devel httpd-tools1

Note:

• Gcc is the compiler;

• Pcre-devel pcre-static is the dependent package required for nginx compilation;

• Openssl-devel is used to generate the SSL root certificate and key, and issue the nignx certificate;

• Httpd-tools is used to generate the account and password used to log on to the https service.