一.docker仓库:

Docker 仓库是用来包含镜像的位置,Docker提供一个注册服务器(Register)来保存多个仓库,每个仓库又可以包含多个具备不同tag的镜像。
Docker运行中使用的默认仓库是 Docker Hub 公共仓库。

二.docker hub:

1.登陆docker-hub,新建公共仓库

在这里插入图片描述

在这里插入图片描述

2.登陆后上传镜像

[root@server1 ~]# docker login
[root@server1 ~]# docker tag mario:latest sgoooua/mario:latest
[root@server1 ~]# docker push sgoooua/mario:latest

3.从仓库拉取镜像

[root@server1 ~]# docker pull sgoooua/mario:latest

4.删除镜像

[root@server1 ~]# docker rmi sgoooua/mario:latest

三.搭建私有仓库:

1.下载registry镜像,并运行容器:

[root@server1 ~]# docker pull registry
Using default tag: latest
latest: Pulling from library/registry
cbdbe7a5bc2a: Pull complete 
47112e65547d: Pull complete 
46bcb632e506: Pull complete 
c1cc712bcecd: Pull complete 
3db6272dcbfa: Pull complete 
Digest: sha256:8be26f81ffea54106bae012c6f349df70f4d5e7e2ec01b143c46e2c03b9e551d
Status: Downloaded newer image for registry:latest
docker.io/library/registry:latest
[root@server1 ~]# docker run -d -p 443:443 --restart=always --name registry -v /opt/registry:/var/lib/registry -v /root/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key registry
50d49a18ac734dcd49c3c63daac7577a8161646f5f2329f40e3c7a655fdbfd88

2.上传镜像到本地仓库:

docker tag nginx:latest localhost:443/nginx:latest
docker push localhost:443/nginx:latest

3.为docker仓库添加证书加密功能

(1)生成证书
[root@server1 ~]# mkdir certs
[root@server1 ~]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/westos.org.key -x509 -days 365 -out certs/westos.org.crt
Generating a 4096 bit RSA private key
....................................++
...............++
writing new private key to 'certs/westos.org.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:westos.org
Email Address []:root@westos.org
[root@server1 ~]# ls certs
westos.org.crt  westos.org.key

4.重建容器

[root@server1 ~]# docker run -d   --restart=always   --name registry   -v /root/certs:/certs   -e REGISTRY_HTTP_ADDR=0.0.0.0:443   -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt   -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key   -p 443:443   registry
142b93bce5765c0765f8819abb7b4c5f19ef808324b8619f059cc5deb1d5cae6
[root@server1 ~]# docker port registry
443/tcp -> 0.0.0.0:443
[root@server1 ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                            NAMES
50d49a18ac73        registry            "/entrypoint.sh /etc…"   4 seconds ago       Up 4 seconds        0.0.0.0:443->443/tcp, 5000/tcp   registry

5.拷贝证书到docker主机

[root@server1 ~]# cd /etc/docker
[root@server1 docker]# mkdir -p certs.d/westos.org
[root@server1 docker]# cd certs.d/
[root@server1 certs.d]# cd westos.org/
[root@server1 westos.org]# cp /root/certs/westos.org.crt .
[root@server1 westos.org]# mv westos.org.crt ca.crt
[root@server1 docker]# scp -r certs.d/ root@172.25.13.2:/etc/docker/
root@172.25.13.2's password: 
ca.crt                                    100% 2098     2.4MB/s   00:00

6 .测试上传镜像

[root@server1 ~]# docker tag nginx:1.16.1 westos.org/nginx
[root@server1 ~]# docker push westos.org/nginx
The push refers to repository [westos.org/nginx]
c23548ea0b99: Pushed 
82068c842707: Pushed 
c2adabaecedb: Pushed 
latest: digest: sha256:2963fc49cc50883ba9af25f977a9997ff9af06b45c12d968b7985dc1e9254e4b size: 948

###可以从私有仓库拉取
[root@server1 ~]# docker pull westos.org/nginx
Using default tag: latest
latest: Pulling from nginx
Digest: sha256:2963fc49cc50883ba9af25f977a9997ff9af06b45c12d968b7985dc1e9254e4b
Status: Image is up to date for westos.org/nginx:latest
westos.org/nginx:latest

7.添加用户认证功能

(1)生成用户密码文件
[root@server1 ~]# mkdir auth

###无法为admin用户添加密码
[root@server1 ~]# docker run --rm --entrypoint htpasswd registry Bbn admin westos > auth/htpasswd
docker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "exec: \"htpasswd\": executable file not found in $PATH": unknown.
ERRO[0000] error waiting for container: context canceled 

###下载该软件包
[root@server1 ~]# yum install httpd-tools
[root@server1 ~]# cd auth
[root@server1 auth]# ls
htpasswd

###添加用户密码
[root@server1 auth]# htpasswd -B htpasswd admin
New password: 
Re-type new password: 
Adding password for user admin
[root@server1 auth]# cat htpasswd
admin:$2y$05$ctPip/ZU/ck0g72sQD31w.cNjkg3pS8w5ZioL7owGUCTZCbsGBnZW
[root@server1 auth]# htpasswd -B htpasswd lj
New password: 
Re-type new password: 
Adding password for user lj

###查看密码文件
[root@server1 auth]# cat htpasswd
admin:$2y$05$ctPip/ZU/ck0g72sQD31w.cNjkg3pS8w5ZioL7owGUCTZCbsGBnZW
lj:$2y$05$w1w4RFGNMr0jR2TvEOSrseTwB4nmR9ydqYY50j6Pch2sBOmkfkmP

8.重建容器

[root@server1 auth]# docker run -d -p 443:443 --restart=always --name registry -v /opt/registry:/var/lib/registry -v /root/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key -v /root/auth:/auth -e REGISTRY_AUTH=htpasswd -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
f62d6ead8a8952d33f0b100afab363b24e483a8e89109cef3112a25fc4ac5b17

9.docker主机认证

[root@server2 ~]# docker login westos.org
Username: admin 
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

四.harbor仓库

1.解压软件包,建立数据目录

[root@server1 ~]# tar zxf harbor-offline-installer-v1.10.1.tgz
[root@server1 ~]# mkdir /data
[root@server1 ~]# mv certs/ /data/

2.修改配置文件

[root@server1 ~]# cd harbor/
[root@server1 harbor]# vim harbor.yml

在这里插入图片描述
在这里插入图片描述

3.运行脚本,安装harbor

[root@server1 ~]# mv docker-compose-Linux-x86_64-1.24.1 /usr/local/bin/docker-compose
[root@server1 ~]# chmod +x /usr/local/bin/docker-compose 
[root@server1 ~]# cd harbor/
[root@server1 harbor]# ./install.sh

在这里插入图片描述

[root@server2 ~]# docker login westos.org
Username: admin 
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@server2 ~]# cd /etc/docker/
[root@server2 docker]# ls
certs.d  daemon.json  key.json
[root@server2 docker]# vim daemon.json 
[root@server2 docker]# cat daemon.json 
{
  "registry-mirrors": ["https://westos.org"]
}
[root@server2 docker]# systemctl daemon-reload 
[root@server2 docker]# systemctl restart docker

4.登陆harbor,创建仓库,添加项目维护成员

(1)登陆

在这里插入图片描述
在这里插入图片描述

(2)新建仓库

在这里插入图片描述

(3)添加用户

在这里插入图片描述在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

5.测试上传镜像

[root@server1 ~]# docker tag nginx:latest westos.org/library/nginx:latest
[root@server1 ~]# docker push westos.org/library/nginx:latest 
The push refers to repository [westos.org/library/nginx]
cdd1d8ebeb06: Pushed 
fe08d9d9f185: Pushed 
280ddd108a0a: Pushed 
f14cffae5c1a: Pushed 
d0fe97fa8b8c: Pushed 
latest: digest: sha256:4949aa7259aa6f827450207db5ad94cabaa9248277c6d736d5e1975d200c7e43 size: 1362

在这里插入图片描述

[root@server2 ~]# docker load -i game2048.tar 
011b303988d2: Loading layer   5.05MB/5.05MB
36e9226e74f8: Loading layer  51.46MB/51.46MB
192e9fad2abc: Loading layer  3.584kB/3.584kB
6d7504772167: Loading layer  4.608kB/4.608kB
88fca8ae768a: Loading layer  629.8kB/629.8kB
Loaded image: game2048:latest
[root@server2 ~]# docker tag game2048:latest westos.org/westos/game2048:latest
[root@server2 ~]# docker push westos.org/westos/game2048:latest
The push refers to repository [westos.org/westos/game2048]
88fca8ae768a: Pushed 
6d7504772167: Pushed 
192e9fad2abc: Pushed 
36e9226e74f8: Pushed 
011b303988d2: Pushed 
latest: digest: sha256:8a34fb9cb168c420604b6e5d32ca6d412cb0d533a826b313b190535c03fe9390 size: 1364
[root@server2 ~]# docker pull westos.org/westos/game2048
Using default tag: latest
latest: Pulling from westos/game2048
Digest: sha256:8a34fb9cb168c420604b6e5d32ca6d412cb0d533a826b313b190535c03fe9390
Status: Image is up to date for westos.org/westos/game2048:latest
westos.org/westos/game2048:latest

在这里插入图片描述

# docker # linux # 运维
GitHub 加速计划 / ha / harbor
23.24 K
4.68 K
下载
Harbor 是一个开源的容器镜像仓库,用于存储和管理 Docker 镜像和其他容器镜像。 * 容器镜像仓库、存储和管理 Docker 镜像和其他容器镜像 * 有什么特点:支持多种镜像格式、易于使用、安全性和访问控制
最近提交(Master分支:2 个月前 )
9e55afbb pull image from registry.goharbor.io instead of dockerhub Update testcase to support Docker Image Can Be Pulled With Credential Change gitlab project name when user changed. Update permissions count and permission count total Change webhook_endpoint_ui Signed-off-by: stonezdj <stone.zhang@broadcom.com> Co-authored-by: Wang Yan <wangyan@vmware.com> 15 天前
3dbfd422 Signed-off-by: wang yan <wangyan@vmware.com> 15 天前
Logo
GitCode 开源社区

旨在为数千万中国开发者提供一个无缝且高效的云端环境,以支持学习、使用和贡献开源项目。

更多推荐

[转载]在Windows环境下安装GNU Radio

转自:在Windows环境下安装GNURadio_恐弱智_新浪博客GNU Radio是用Python开发的,大部分开源的工程能够在Linux环境下运行良好,而Windows下却运行的很勉强,而且安装配置都很复杂。GNU Radio算是个例外了,不光提供了Windows的二进制安装,还有比较详细的说明。我是Python小白,所以折腾了好久才弄好,特意记录下来,免得以后再装还折腾。GNU Radio的

avatar GitCode 开源社区

centOS 8 使用dnf安装Docker

DNF是什么?CentOS 8使用YUM软件包管理器版本v4.0.4。现在,该版本使用DNF(已删除YUM)。DNF是软件包管理器。它会在Linux发行版上安装,执行更新并删除软件包。使用DNF安装Docker跳过具有损坏依赖性的程序包一个有效的解决方案是使您的CentOS 8系统使用以下--nobest命令安装最符合条件的版本:sudo dnf install docker...

avatar GitCode 开源社区

定时同步数据库表(mysql+linux+crontab)

sync.sh里面的参数需要改变,ip/username/password/database/tablesync.sh#!/bin/sh# Please change the IP and password of the data source db.# Then change the table name.filename=/home/nington/db/$(date +%Y-%m

avatar GitCode 开源社区