測試在區域網路機器上測試的,IP為192.168.22.65,以下内容均可替換成自己的機器IP。
測試docker-ce版本:18.09.3-rc1
-
安裝docker環境,并拉取倉庫鏡像registry
①
yum install docker-ce
docker pull registry:latest
-
利用openssl庫生成認證證書
①
mkdir -p ~/certs
②編輯/etc/pki/tls/openssl.cnf檔案,在[v3_ca]下方添加:
subjectAltName = IP:192.168.22.65
③
openssl req -newkey rsa:4096 -nodes -sha256 -keyout ~/certs/192.168.22.65.key -x509 -days 365 -out ~/certs/192.168.22.65.crt
④在生成證書過程中填寫Common name時,應輸入ip位址或域名
⑤若第②步和第④步沒有按照要求操作,則pull或push時可能會報錯如:x509: cannot validate certificate for because it doesn’t contain any IP SANs
-
将crt證書複制到docker
①
mkdir /etc/docker/certs.d/192.168.22.65:5000
cp ~/certs/192.168.22.65.crt /etc/docker/certs.d/192.168.22.65:5000/ca.crt
-
将crt證書複制到本機系統證書管理檔案中
①
cat ~/certs/192.168.22.65.crt >> /etc/pki/tls/certs/ca-bundle.crt
-
重新開機docker
①
systemctl daemon-reload && systemctl restart docker
-
添加http basic authentication
①
docker run --entrypoint htpasswd registry:latest -Bbn username password > /opt/registry-var/auth/htpasswd
-
運作registry
①
docker run -d -p 5000:5000 --restart=always --name registry -v /opt/registry-var/auth/:/auth/ -v /opt/registry-var/:/var/lib/registry/ -v ~/certs:/certs -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" -e "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/192.168.22.65.crt" -e "REGISTRY_HTTP_TLS_KEY=/certs/192.168.22.65.key" registry:latest
-
檢視已運作的registry容器
①
docker container ls
-
登入registry
①
docker login 192.168.22.65:5000
- pull或push鏡像
- 用idea連接配接時填寫https://192.168.22.65:5000,并填寫使用者名和密碼。
![docker實戰--部署一個spring boot微服務[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)