Docker是时下相当火热的技术,关于docker的介绍此处就不多说,本文主要介绍下如何在centos6.6环境下配置docker的本地仓库,对于想在局域网内大规模运用docker来说,频繁的从官网仓库下载镜像文件,无论从管理还是在效率上都无法接受。
#dockerrun-idt-p5000:5000–nameregistry-v/data/registry:/tmp/registryregistry
二:配置Nginx,, 需要配置用户验证和https支持
#/usr/local/nginx/sbin/nginx-V
#cat/usr/local/nginx/conf/extra/docker.conf#ForversionsofNginx>1.3.9thatincludechunkedtransferencodingsupport#Replacewithappropriatevalueswherenecessaryupstreamdocker-registry{server127.0.0.1:5000;}server{listen443;server_nameregistry.fjhb.cn;sslon;ssl_certificate/etc/ssl/certs/nginx.crt;ssl_certificate_key/etc/ssl/private/nginx.key;proxy_set_headerHost$http_host;#requiredforDockerclientsakeproxy_set_headerX-Real-IP$remote_addr;#passonrealclientIPclient_max_body_size0;#disableanylimitstoavoidHTTP413forlargeimageuploads#requiredtoavoidHTTP411:seeIssue#1486(https://github.com/dotcloud/docker/issues/1486)chunked_transfer_encodingon;location/{#letNginxknowaboutourauthfileauth_basic”Restricted”;auth_basic_user_filedocker-registry.htpasswd;proxy_pass;}location/_ping{auth_basicoff;proxy_pass;}location/v1/_ping{auth_basicoff;proxy_pass;}}#cd/etc/pki/CA/#touch./{serial,index.txt}#echo”00″>serial#opensslgenrsa-outprivate/cakey.pem2048
#cd/etc/ssl/#opensslgenrsa-outnginx.key2048#opensslreq-new-keynginx.key-outnginx.csr
#opensslca-innginx.csr-days3650-outnginx.crt
#cp/etc/pki/tls/certs/ca-bundle.crt{,.bak}#cat/etc/pki/CA/cacert.pem>>/etc/pki/tls/certs/ca-bundle.crt#因为是自签的证书,此步骤的意义在于让系统接受该证书
5:复制生成的证书文件到相应位置
#cpnginx.crtcerts/#cpnginx.keyprivate/
#yum-yinstallhttpd-tools#htpasswd-c/usr/local/nginx/conf/docker-registry.htpasswdyangNewpassword:Re-typenewpassword:Addingpasswordforuseryang#htpasswd/usr/local/nginx/conf/docker-registry.htpasswdlinNewpassword:Re-typenewpassword:Addingpasswordforuserlin
四:启动nginx
#/usr/local/nginx/sbin/nginx-t#/usr/local/nginx/sbin/nginx#netstat-ntpl|grepnginx
#dockerlogin-uyang-p123-eylw@fjhb.cnregistry.fjhb.cn#dockerimages#dockertagregistryregistry.fjhb.cn/registry:v2#dockerpushregistry.fjhb.cn/registry:v2
不如意的时候不要尽往悲伤里钻,想想有笑声的日子吧
