申请证书,不能用openssl之类签名的,否则还是需要在docker daemon里面配置 --insecure-registry
yum install docker -y
echo OPTIONS=\"--registry-mirror=https://s9c0jp37.mirror.aliyuncs.com -H unix:///var/run/docker.sock -H=tcp://0.0.0.0:2375\" >> /etc/sysconfig/docker
systemctl start docker
systemctl enable docker创建认证密码
mkdir /opt/auth/
docker run --entrypoint htpasswd docker.io/registry:latest -Bbn admin 123456 > /opt/auth/htpasswd将证书文件夹复制到 /opt 目录下
Error response from daemon: Get https://haiqing.wang/v1/users/: x509: certificate signed by unknown authority采用如下方式启动
docker run -itd --restart=always \
-v /opt/auth:/auth \
-v /opt:/var/lib/registry \
-v /opt/certs/:/certs \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" \
-e "REGISTRY_STORAGE_DELETE_ENABLED=true" \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/www.wanghaiqing.com/Nginx/1_www.wanghaiqing.com_bundle.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/www.wanghaiqing.com/Nginx/2_www.wanghaiqing.com.key \
-p 5000:5000 \
docker.io/registry:latest
docker run -itd --restart=always \
-v /opt/auth:/auth \
-v /opt:/var/lib/registry \
-v /opt/certs/:/certs \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" \
-e "REGISTRY_STORAGE_DELETE_ENABLED=true" \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/www.haiqing.wang/Nginx/1_www.haiqing.wang_bundle.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/www.haiqing.wang/Nginx/2_www.haiqing.wang.key \
-p 5000:5000 \
docker.io/registry:latest[root@one ~]# docker login -u admin -p 123456 www.haiqing.wang:5000
Login Succeeded
[root@one ~]# docker login -u admin -p 123456 www.wanghaiqing.com:5000
Login Succeeded查看站点证书,如果采用Apache的证书,这个命令的前几行,会有下面截图报错。
openssl s_client -showcerts -verify 32 -connect www.haiqing.wang:5000使用 curl 来测试 TLS 是否工作正常
curl -i -k -v https://www.haiqing.wang:5000
Nnginx
文章最后更新时间: 2018-06-26 22:38:14