centos7搭建docker私有仓库

1.环境：

[root@docker02 anchors]# cat /etc/redhat-release 
CentOS Linux release 7.3.1611 (Core) 

[root@docker02 anchors]# docker info
Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 3
Server Version: 17.03.1-ce
.....

10.60.10.39     docker01.lo   -->仓库
10.60.10.40     docker02.lo   -->客户端
10.60.10.41     docker03.lo   -->客户端

2.仓库配置https认证

  a.配置hosts文件

[root@docker01 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.60.10.39 docker01.lo
10.60.10.40 docker02.lo
10.60.10.41 docker03.lo

  b.生成证书

[root@docker01 ~]# cd /etc/docker/
[root@docker01 docker]# mkdir certs
#切到docker配置文件目录，新建certs目录。

[root@docker01 docker]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/docker01.lo.key -x509 -days 365 -out certs/docker01.lo.crt
Generating a 4096 bit RSA private key
..........................................................................................................................................................................................................................................................................++
..............++
writing new private key to 'certs/docker01.lo.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN  
State or Province Name (full name) []:ZJ
Locality Name (eg, city) [Default City]:HZ
Organization Name (eg, company) [Default Company Ltd]:ZX
Organizational Unit Name (eg, section) []:ZX
Common Name (eg, your name or your server's hostname) []:docker01.lo
Email Address []:TEST@163.com

注意，以上红色字体的三处关键字要一致，这里我用得是仓库主机的主机名。

[root@docker01 docker]# ll certs/
total 8
-rw-r--r--. 1 root root 2049 Jun 19 14:41 docker01.lo.crt
-rw-r--r--. 1 root root 3272 Jun 19 14:41 docker01.lo.key

3.运行registry容器

docker run -d -P -it -p 5000:5000 --restart=always  --name registry_https01 -v `pwd`/certs:/etc/docker/certs/ -e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/docker/certs/docker01.lo.crt  -e REGISTRY_HTTP_TLS_KEY=/etc/docker/certs/docker01.lo.key registry

[root@docker01 docker]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
4b10b23f3dd0        registry            "/entrypoint.sh /e..."   52 seconds ago      Up 52 seconds       0.0.0.0:5000->5000/tcp   registry_https01

[root@docker01 docker]# netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      852/sshd            
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1559/master         
tcp6       0      0 :::22                   :::*                    LISTEN      852/sshd            
tcp6       0      0 ::1:25                  :::*                    LISTEN      1559/master         
tcp6       0      0 :::9022                 :::*                    LISTEN      2154/dockerd        
tcp6       0      0 :::5000                 :::*                    LISTEN      5545/docker-proxy   
tcp6       0      0 :::2377                 :::*                    LISTEN      2154/dockerd        
tcp6       0      0 :::7946                 :::*                    LISTEN      2154/dockerd  

4.配置客户端（ 需要配置hosts文件如步骤2-a）

  a.远程拷贝docker01.lo.crt到客户端/etc/pki/ca-trust/source/anchors目录下

[root@docker01 docker]# scp certs/docker01.lo.crt 10.60.10.40:/etc/pki/ca-trust/source/anchors
root@10.60.10.40's password: 
docker01.lo.crt                                                                                                                                            100% 2049     2.0KB/s   00:00    
[root@docker01 docker]# scp certs/docker01.lo.crt 10.60.10.41:/etc/pki/ca-trust/source/anchors
root@10.60.10.41's password: 
docker01.lo.crt                                                                                                                                            100% 2049     2.0KB/s   00:00 

  b.更新证书

[root@docker02 ~]# cd /etc/pki/ca-trust/source/anchors
[root@docker02 anchors]# update-ca-trust

[root@docker03 ~]# cd /etc/pki/ca-trust/source/anchors
[root@docker03 anchors]# update-ca-trust

c.上传image

[root@docker02 anchors]# docker images
REPOSITORY              TAG                 IMAGE ID            CREATED             SIZE
nginx                   latest              958a7ae9e569        2 weeks ago         109 MB
swarm                   latest              36b1e23becab        5 months ago        15.9 MB
centos                  6.8                 0cd976dc0a98        9 months ago        195 MB

[root@docker02 anchors]# docker tag centos:6.8 docker01.lo:5000/centos:6.8
[root@docker02 anchors]# docker push docker01.lo:5000/centos
The push refers to a repository [docker01.lo:5000/centos]
  b1b065555b8a: Pushed 
6.8: digest: sha256:c338f851dc6520fc3f7ece01e4fbe207eaa78b775a0738f2bfdd6f36144e6b8a size: 529

[root@docker02 anchors]# curl https://docker01.lo:5000/v2/_catalog
{"repositories":["centos"]}

-----------------------------------------------------------------------------

[root@docker03 anchors]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
ubuntu              latest              7b9b13f7b9c0        2 weeks ago         118 MB
nginx               latest              958a7ae9e569        2 weeks ago         109 MB
swarm               latest              36b1e23becab        5 months ago        15.9 MB
centos              6.8                 0cd976dc0a98        9 months ago        195 MB

[root@docker03 anchors]# docker tag ubuntu docker01.lo:5000/ubuntu
[root@docker03 anchors]# docker push docker01.lo:5000/ubuntu
The push refers to a repository [docker01.lo:5000/ubuntu]
d8b353eb3025: Pushed 
f2e85bc0b7b1: Pushed 
fc9e1e5e38f7: Pushed 
fe9a3f9c4559: Pushed 
6a8bf8c8edbd: Pushed 
latest: digest: sha256:ea1d854d38be82f54d39efe2c67000bed1b03348bcc2f3dc094f260855dff368 size: 1357

[root@docker03 anchors]# curl https://docker01.lo:5000/v2/_catalog
{"repositories":["centos","ubuntu"]}

 d.下载image

[root@docker02 anchors]# docker images
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
nginx                     latest              958a7ae9e569        2 weeks ago         109 MB
swarm                     latest              36b1e23becab        5 months ago        15.9 MB
centos                    6.8                 0cd976dc0a98        9 months ago        195 MB
docker01.lo:5000/centos   6.8                 0cd976dc0a98        9 months ago        195 MB

[root@docker02 anchors]# docker pull docker01.lo:5000/ubuntu
Using default tag: latest
latest: Pulling from ubuntu
bd97b43c27e3: Pull complete 
6960dc1aba18: Pull complete 
2b61829b0db5: Pull complete 
1f88dc826b14: Pull complete 
73b3859b1e43: Pull complete 
Digest: sha256:ea1d854d38be82f54d39efe2c67000bed1b03348bcc2f3dc094f260855dff368
Status: Downloaded newer image for docker01.lo:5000/ubuntu:latest

[root@docker02 anchors]# docker images
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
docker01.lo:5000/ubuntu   latest              7b9b13f7b9c0        2 weeks ago         118 MB
nginx                     latest              958a7ae9e569        2 weeks ago         109 MB
swarm                     latest              36b1e23becab        5 months ago        15.9 MB
centos                    6.8                 0cd976dc0a98        9 months ago        195 MB
docker01.lo:5000/centos   6.8                 0cd976dc0a98        9 months ago        195 MB

-------------------------------------------------

[root@docker03 anchors]# docker images
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
docker01.lo:5000/ubuntu   latest              7b9b13f7b9c0        2 weeks ago         118 MB
ubuntu                    latest              7b9b13f7b9c0        2 weeks ago         118 MB
nginx                     latest              958a7ae9e569        2 weeks ago         109 MB
swarm                     latest              36b1e23becab        5 months ago        15.9 MB
centos                    6.8                 0cd976dc0a98        9 months ago        195 MB

[root@docker03 anchors]# docker pull docker01.lo:5000/centos:6.8
6.8: Pulling from centos
Digest: sha256:c338f851dc6520fc3f7ece01e4fbe207eaa78b775a0738f2bfdd6f36144e6b8a
Status: Downloaded newer image for docker01.lo:5000/centos:6.8

[root@docker03 anchors]# docker images
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
docker01.lo:5000/ubuntu   latest              7b9b13f7b9c0        2 weeks ago         118 MB
ubuntu                    latest              7b9b13f7b9c0        2 weeks ago         118 MB
nginx                     latest              958a7ae9e569        2 weeks ago         109 MB
swarm                     latest              36b1e23becab        5 months ago        15.9 MB
centos                    6.8                 0cd976dc0a98        9 months ago        195 MB
docker01.lo:5000/centos   6.8                 0cd976dc0a98        9 months ago        195 MB

5.问题解决：

[root@docker03 anchors]# docker push docker01.lo:5000/centos
The push refers to a repository [docker01.lo:5000/centos]
Get https://docker01.lo:5000/v1/_ping: x509: certificate signed by unknown authority

如碰到上述问题：

[root@docker03 anchors]# cat docker01.l.crt >> /etc/pki/tls/certs/ca-bundle.crt
[root@docker03 anchors]# update-ca-trust
[root@docker03 anchors]# systemctl restart docker