Docker: Building a private warehouse

Continue, this article describes the simplest steps to build a private warehouse.

In summary:

1. Install the registry image and start the container.
2. CA certificate (another way is to use HTTP directly, you can omit this step)
3. Make a mirror and publish it.

The easiest way to install Registry is to directly pull a ready-made Registry image.

<code>docker pull registry</code>

Then start it.

<code>docker run <span>-p</span><span>5000</span>:<span>5000</span><span>-v</span> /home/registry:/tmp/registry registry</code>

Expose port 5000 to external services, and at the same time, load the host's /home/registry directory as the warehouse directory.

Now you can push your own image to this warehouse. You need to tag an image first, and then PUSH. The command is as follows:

<code>docker tag java:<span>7</span>-jre hub<span>.wo</span><span>.cn</span>/yancheng/java
docker <span>push</span> hub<span>.wo</span><span>.cn</span>/yancheng/java</code>

At this time, a security error will inevitably be reported:

From the error description It seems that there are two solutions, one is to use HTTP, and the other is to install the CA certificate.

Method 1, configure it as HTTP, which will be slightly faster and simpler. Just modify the /etc/default/docker file and add a sentence:

<code>DOCKER_OPTS=<span>"<span>$DOCKER_OPTS</span> --insecure-registry=hub.open.wo.cn"</span></code>

Then restart Docker, sudo service docker restart, and you can push normally.

Method 2, configuring the security certificate, is a bit troublesome, especially since our docker registry is behind nginx.

First, you need to generate your own certificate (operate on the server), the command is as follows:

<code>openssl genrsa -des3 -<span>out</span> hub<span>.key</span><span>2048</span>
openssl rsa -<span>in</span> hub<span>.key</span> -<span>out</span> hub_nopwd<span>.key</span>
openssl req -new -key hub_nopwd<span>.key</span> -<span>out</span> hub<span>.csr</span>
openssl x509 -req -days <span>3650</span> -<span>in</span> hub<span>.csr</span> -signkey hub_nopwd<span>.key</span> -<span>out</span> hub<span>.crt</span></code>

Then, we configure Nginx to add support for HTTPS.

<code>server {
   listen       <span>443</span>;
   server_name  hub<span>.</span>wo<span>.</span><span>cn</span>;
   ssl  <span>on</span>;
   ssl_certificate      /usr/<span>local</span>/nginx/conf/hub<span>.</span>crt;
   ssl_certificate_key  /usr/<span>local</span>/nginx/conf/hub_nopwd<span>.</span>key;

   location <span>/</span> {
        proxy_pass http:<span>//10.250.251.20:5000;</span>
        proxy_redirect off;
        proxy_set_header Host <span>$host</span>;
        proxy_set_header x<span>-forwarded</span><span>-for</span><span>$remote_addr</span>;
   }
}</code>

Pay attention to the location of hub.crt and hub_nopwd.key. Restart nginx.

Now, you need to get this hub.crt locally and put it in the corresponding directory according to the prompts in the previous screenshot. That is: /etc/docker/certs.d/hub.open.wo.cn.

Restart docker again, and then push will be normal.

').addClass('pre-numbering').hide(); $(this).addClass('has-numbering').parent().append($numbering); for (i = 1; i ').text(i)); }; $numbering.fadeIn(1700); }); });

The above has introduced Docker: the construction of a private warehouse, including aspects of it. I hope it will be helpful to friends who are interested in PHP tutorials.