本次采用 VirtualBox 虚拟局域网环境，两台虚拟机均配置两块网卡，网卡1桥接模式，网卡2host-only模式

192.168.56.* 为host-only模式网卡IP 私有仓库主机IP 192.168.56.222 客户机IP 192.168.56.101

ssl证书从腾讯云免费申请

从腾讯云申请证书之后下载，得到文件 docker.khs1994.com.zip

#scp docker.khs1994.com.zip root@192.168.56.222:/root

上边这一命令是从本机将证书上传到私有仓库主机 root家目录下

#yum install zip unzip -y #unzip docker.khs1994.com.zip

解压之后得到文件 1_docker.khs1994.com_cert.crt 2_docker.khs1994.com.key

#mkdir certs #mv 1* 2* certs docker run -d -p 5000:5000 --restart=always --name registry \ -v /root/docker:/var/lib/registry \ -v /root/certs:/certs \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/1_docker.khs1994.com_cert.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/2_docker.khs1994.com.key \ registry

配置nginx

安装nginx 见我的另一篇文章

创建一个登陆用户

(如果没有htpasswd命令 请安装httpd-tools这个包)

#yum install httpd-tools #htpasswd -c /etc/nginx/docker-registry.htpasswd admin

New password: Re-type new password: Adding password for user admin(此处是设置用户名和密码，我用户密码均设为admin，密码输入两次)

配置nginx主配置文件

# cd /etc/nginx/ # vi nginx.conf ... http { include mime.types; default_type application/octet-stream; include conf.d/*.conf #引入子域名配置文件* #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; ...

配置子域名

# mkdir conf.d ; cd conf.d ;vi docker.conf upstream docker-registry { server 127.0.0.1:5000; } server { listen 443; server_name docker.khs1994.com; #enabled ssl ssl on; ssl_certificate /root/certs/1_docker.khs1994.com_cert.crt; ssl_certificate_key /root/certs/2_docker.khs1994.com.key; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; client_max_body_size 0; chunked_transfer_encoding on; location / { #root html; #index index.html index.htm index.php; auth_basic "Restricted"; auth_basic_user_file docker-registry.htpasswd; proxy_pass https://docker-registry; location /v2/ { auth_basic "Restricted"; auth_basic_user_file docker-registry.htpasswd; proxy_pass https://docker-registry; }

客户机操作

修改host文件

将仓库主机IP192.168.56.222 指向docker.khs1994.com

# vi /etc/hosts 192.168.56.222 docker.khs1994.com #最后一行增加内容

测试私有仓库功能

# docker login https://docker.khs1994.com #接下来输入用户名密码均为admin # docker pull centos # docker tag centos docker.khs1994.com/centos:16.10.08 # docker push docker.khs1994.com/centos:16.10.08

参考链接

http://www.jb51.net/os/other/369064.html