一、安装Docker
详细安装可以查看 Linux安装Docker
二、为Docker仓库设置账号密码
1. 安装htpasswd 工具
- Ubuntu/Debian
sudo apt install apache2-utils -y
- CentOS/RHEL
sudo yum install httpd-tools -y
# 创建账号
mkdir -p /home/docker/auth
# 创建密码
htpasswd -Bbn username password >/home/docker/auth/htpasswd
# 添加其他账号
htpasswd -Bb /home/docker/auth/htpasswd another_user another_password
# 设置权限
chmod 600 /home/docker/auth/htpasswd
- 账号密码文件:/home/docker/auth/htpasswd
- user:账号
- password:密码
四、registry容器
docker run -d \
-p 5000:5000 \
--restart=always \
--name registry \
-v /home/docker/registry:/var/lib/registry/docker/registry \
-v /home/docker/auth:/auth \
-e REGISTRY_AUTH=htpasswd \
-e REGISTRY_AUTH_HTPASSWD_REALM="Basic Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH="/auth/htpasswd" \
registry
- -d:指定 Registry 容器在后台运行;
- -p 5000:5000:指定 Registry 容器监听的宿主机中的端口号以及在容器中使用的端口号
- --restart=always:设置开机运行
- --name registry:指定容器的名称
- -v /home/docker/registry:/var/lib/registry:主机目录挂载到容器中,这是容器存储目录
- -v /home/docker/auth:/auth:主机目录挂载到容器中,这是密码验证
- -e:账号密码验证配置
五、安装Nginx配置 SSL
- CentOS 安装 nginx
yum install -y nginx
- Ubuntu 安装 nginx
apt install -y nginx
配置 vim /etc/nginx/conf.d/dockerhub.conf
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name 自己的域名;
#ssl on;
ssl_certificate /etc/nginx/conf.d/key/自己的域名.pem;
ssl_certificate_key /etc/nginx/conf.d/key/自己的域名.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #指定SSL服务器端支持的协议版本
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on; #在使用SSLv3和TLS协议时指定服务器的加密算法要优先于客户端的加密算法
error_page 497 301 =307 https://$host:$server_port$request_uri;
location / {
proxy_pass http://localhost:5000;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
client_max_body_size 2000M;
}
}
六、测试
找另一台docker测试机
root@zngw:~# docker login 域名
Username: 用户名
Password: 密码
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credential-stores
Login Succeeded
