zoukankan      html  css  js  c++  java

  • registry证书生成和发布

    1.registry服务端证书生成:

    [root@docker2 ~]# mkdir registry_certs
root@docker2 ~]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout registry_certs/domain.key -x509 -days 365 -out registry_certs/domain.crt
Generating a 4096 bit RSA private key
..........................................................................................................................++
..............++
writing new private key to 'registry_certs/domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:docker2 注:镜像寄存服务器主机名(也可使用IP地址)
Email Address []:
[root@docker2 ~]# ls registry_certs/
domain.crt  domain.key

    使用IP地址作为Common Name:

    IP地址设置Subject Alternative Name,编辑openssl.cnf,在[v3_ca]下面添加:subjectAltName = IP:IP地址,common name为ip地址不便的地方是当镜像寄存服务器ip地址变化时得修改镜像标签。

    [root@docker2 ~]# vim /etc/pki/tls/openssl.cnf
在[ v3_ca ] 添加下行:
subjectAltName = IP:192.168.88.130

    2.将证书颁发给访问服务器

    [root@pysaber ~]# mkdir -p /etc/docker/certs.d/192.168.88.130:5000
[root@pysaber ~]# scp root@192.168.88.130:/root/registry_certs/domain.crt /etc/docker/certs.d/192.168.88.130:5000/ca.crt

    3.访问服务器将生成的私有证书追加到系统的证书管理文件,docker服务重新启动

    [root@pysaber ~]# cat /etc/docker/certs.d/192.168.88.130:5000/ca.crt >> /etc/pki/tls/certs/ca-bundle.crt

    4.启动镜像寄存服务器

    [root@docker2 ~]# docker run -d -p 5000:5000 -v $(pwd)/registry_certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key --restart=always --name registry registry:2.2
44b26b2d474793559e9d71a499be23fdddfdd3d7f44d3db896809e102e412678

    5.镜像上传

    [root@pysaber ~]# docker push docker2:5000/redis:latest
The push refers to a repository [docker2:5000/redis]
0ea23dbb18ab: Pushed 
036b23f466ca: Pushed 
23cfd5584151: Pushed 
0a5fa8924bd6: Pushed 
4f442ee57ce8: Pushed 
6744ca1b1190: Pushed 
latest: digest: sha256:5266020ee7b599a5f7dd09152fc1c5840b71e2febe0c6795186854cc36dc6e30 size: 11033
  • 相关阅读:
    windows下 安装 rabbitMQ 及操作常用命令
    C#中关于DataGridView行和列的背景色-前景色设置
    使用Linq判断DataTable数据是否重复
    C#用mouse_event模拟鼠标点击的问题
    ApartmentState.STA
    使用WebBrowser,内存一直增加的解决办法
    HOT SUMMER 每天都是不一样,积极的去感受生活 C#关闭IE相应的窗口 .
    您访问的URL地址不被允许。
    CMSIS-DAP for STLink V2.1 and STLink v2.1 mini adapter
    DG449 High Voltage Single SPDT Analog Switch in SOT23-8
  • 原文地址:https://www.cnblogs.com/hana-alice/p/10558865.html
Copyright © 2011-2022 走看看