docker run -d \
-p 5000:5000
-v /data/registry:/var/lib/registry
--restart=always
--name registry
registry:2
虽然有办法使局域网机器使用ip地址访问,但还是建议用域名,可以搭建私有的dns服务器或在hosts中添加
#{NEXUS_DOMAIN} = nexus为服务器域名
#{NEXUS_IP} = 192.168.59.1 为服务器IP
$ cd $install-dir/etc/ssl/
$ keytool -genkeypair -keystore keystore.jks -storepass nexus3 -keypass nexus3 -alias jetty -keyalg RSA -keysize 2048 -validity 5000 -dname "CN=*.{NEXUS_DOMAIN}, OU=Example, O=Sonatype, L=Unspecified, ST=Unspecified, C=US" -ext "SAN=DNS:{NEXUS_DOMAIN},IP:{NEXUS_IP}" -ext "BC=ca:true"
注:其它的证书也可以使用此命令生成
此时登录会报错
docker login kvmdocker:5000
Error response from daemon: Get https://kvmdocker:5000/v2/: x509: certificate has expired or is not yet valid
这是要在客户端信任刚刚生成的证书
#对于Centos系统来说certificate的存放路径是 /etc/pki/ca-trust/source/anchors
#生成cert文件
[root@kvmmain ~]# keytool -printcert -sslserver kvmdocker:8443 -rfc > kvmdocker.crt
[root@kvmmain ~]# yum install ca-certificates
[root@kvmmain ~]# update-ca-trust force-enable
#或者可以
[root@kvmmain ~]# mv kvmdocker.crt /etc/pki/ca-trust/source/anchors/kvmdocker.crt
[root@kvmmain ~]# update-ca-trust
#对于Ubuntu系统来说certificate的存放路径是 /usr/local/share/ca-certificates
#生成cert文件
[root@localhost ~]# keytool -printcert -sslserver 192.168.59.1:8443 -rfc >nexus.crt
[root@localhost ~]# mv nexus.crt /usr/local/share/ca-certificates/nexus.crt
[root@localhost ~]# update-ca-certificates
[root@localhost ~]# service docker restart
#最后重启docker
[root@kvmmain ~]# service docker restart
#此时再登录
[root@kvmmain ~]# docker login kvmdocker:5000
Username: gongdear
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
#可以看到已经登录成功 可以开心的使用私库了:)
[root@kvmmain ~]# docker tag 5e4ff9573f35 kvmdocker:5000/gateway/1.0
[root@kvmmain ~]# docker push kvmdocker:5000/gateway/1.0
328ec943d20e: Pushed
35c20f26d188: Pushed
c3fe59dd9556: Pushing [==================================================>] 356.7MB
6ed1a81ba5b6: Pushed
a3483ce177ce: Pushed
ce6c8756685b: Pushed
30339f20ced0: Pushed
0eb22bfb707d: Pushed
a2ae92ffcd29: Pushing [==================================================>] 128.9MB
上传和下载速度相当的快
如果用nginx做反向代理 上传镜像时会报docker unknown blob错误 这是注释掉nginx配置文件中的proxy_set_header Host $host;就可以了
附:使证书支持ip访问的方法
需要修改配置文件openssl.cnf
在Centos7系统中,文件所在位置是/etc/pki/tls/openssl.cnf。在其中的[ v3_ca]部分,添加subjectAltName选项:
[ v3_ca ]
subjectAltName = IP:192.168.1.118
保持后再登录即可