想搭建一个私有的Docker仓库,查看了各种资料,大多是使用Nginx做代理。但是因为对于Nginx不熟悉,各种关于权限认证的问题,折腾了两天也没有搞定。后来无意在网上看到一篇使用已有镜像的方法,最终搞定了。原文參考:http://cloud.51cto.com/art/201412/458680_all.htm
測试环境
192.168.40.71 CoreOS 仓库server
192.168.40.83 CoreOS 客户机
仓库server配置
运行以下的命令,启动registry镜像,以及Nginx代理镜像docker run -d --name registry -v /root/my_registry:/tmp/registry -p 5000:5000 registry
docker run -d --hostname dokk.co --name nginx --link registry:registry -p 443:443 larrycai/nginx-auth-proxy- 将以下的内容加入到/etc/hosts文件里
192.168.40.71 dokk.co - 下载ca.pem文件到客户机(https://github.com/Eric-aihua/nginx-auth-proxy/blob/master/ca.pem)
- 将ca.pem加入到信任列表
$ sudo cat ca.pem >> /etc/ssl/certs/ca-certificates.crt $ sudo /etc/init.d/docker restart在改动
/etc/ssl/certs/ca-certificates.crt文件时。会由于该文件是仅仅读的而不能改动,后来通过查询资料。发如今CoreOS中该文件是链接到
https://coreos.com/blog/new-filesystem-btrfs-cloud-config//usr/share/ca-certificates/ca-certificates.crt文件,而/usr整个路径被挂载到仅仅读分区上。具体情况可查询()。能够通过以下方法解决上面问题localhost ~ # cp /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt.baklocalhost ~ # mv /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt.lnlocalhost ~ # cp /etc/ssl/certs/ca-certificates.crt.bak /etc/ssl/certs/ca-certificates.crtlocalhost ~ # cat ca.pem >> /etc/ssl/certs/ca-certificates.crt
验证
基本认证測试:
localhost ~ # curl -i -k https://larrycai:passwdpasswdpasswd@dokk.co
HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Tue, 09 Jun 2015 14:27:33 GMT
Content-Type: application/json
Content-Length: 28
Connection: keep-alive
Expires: -1
Pragma: no-cache
Cache-Control: no-cache
""docker-registry server""l
镜像上传測试:
登录localhost ~ # docker login -u larrycai -p passwd -e "test@gmail.com" dokk.co
WARNING: login credentials saved in /root/.dockercfg.
Login Succeeded
上传
下载
介绍文档參考:http://cloud.51cto.com/art/201412/458680_all.htmdockerhub參考:https://registry.hub.docker.com/u/larrycai/nginx-auth-proxy/
git參考:https://github.com/Eric-aihua/nginx-auth-proxy