一.docker仓库:

Docker 仓库是用来包含镜像的位置,Docker提供一个注册服务器(Register)来保存多个仓库,每个仓库又可以包含多个具备不同tag的镜像。
Docker运行中使用的默认仓库是 Docker Hub 公共仓库。

二.docker hub:

1.登陆docker-hub,新建公共仓库

在这里插入图片描述

在这里插入图片描述

2.登陆后上传镜像

[root@server1 ~]# docker login
[root@server1 ~]# docker tag mario:latest sgoooua/mario:latest
[root@server1 ~]# docker push sgoooua/mario:latest

3.从仓库拉取镜像

[root@server1 ~]# docker pull sgoooua/mario:latest

4.删除镜像

[root@server1 ~]# docker rmi sgoooua/mario:latest

三.搭建私有仓库:

1.下载registry镜像,并运行容器:

[root@server1 ~]# docker pull registry
Using default tag: latest
latest: Pulling from library/registry
cbdbe7a5bc2a: Pull complete 
47112e65547d: Pull complete 
46bcb632e506: Pull complete 
c1cc712bcecd: Pull complete 
3db6272dcbfa: Pull complete 
Digest: sha256:8be26f81ffea54106bae012c6f349df70f4d5e7e2ec01b143c46e2c03b9e551d
Status: Downloaded newer image for registry:latest
docker.io/library/registry:latest
[root@server1 ~]# docker run -d -p 443:443 --restart=always --name registry -v /opt/registry:/var/lib/registry -v /root/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key registry
50d49a18ac734dcd49c3c63daac7577a8161646f5f2329f40e3c7a655fdbfd88

2.上传镜像到本地仓库:

docker tag nginx:latest localhost:443/nginx:latest
docker push localhost:443/nginx:latest

3.为docker仓库添加证书加密功能

(1)生成证书
[root@server1 ~]# mkdir certs
[root@server1 ~]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/westos.org.key -x509 -days 365 -out certs/westos.org.crt
Generating a 4096 bit RSA private key
....................................++
...............++
writing new private key to 'certs/westos.org.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:westos.org
Email Address []:root@westos.org
[root@server1 ~]# ls certs
westos.org.crt  westos.org.key

4.重建容器

[root@server1 ~]# docker run -d   --restart=always   --name registry   -v /root/certs:/certs   -e REGISTRY_HTTP_ADDR=0.0.0.0:443   -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt   -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key   -p 443:443   registry
142b93bce5765c0765f8819abb7b4c5f19ef808324b8619f059cc5deb1d5cae6
[root@server1 ~]# docker port registry
443/tcp -> 0.0.0.0:443
[root@server1 ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                            NAMES
50d49a18ac73        registry            "/entrypoint.sh /etc…"   4 seconds ago       Up 4 seconds        0.0.0.0:443->443/tcp, 5000/tcp   registry

5.拷贝证书到docker主机

[root@server1 ~]# cd /etc/docker
[root@server1 docker]# mkdir -p certs.d/westos.org
[root@server1 docker]# cd certs.d/
[root@server1 certs.d]# cd westos.org/
[root@server1 westos.org]# cp /root/certs/westos.org.crt .
[root@server1 westos.org]# mv westos.org.crt ca.crt
[root@server1 docker]# scp -r certs.d/ root@172.25.13.2:/etc/docker/
root@172.25.13.2's password: 
ca.crt                                    100% 2098     2.4MB/s   00:00

6 .测试上传镜像

[root@server1 ~]# docker tag nginx:1.16.1 westos.org/nginx
[root@server1 ~]# docker push westos.org/nginx
The push refers to repository [westos.org/nginx]
c23548ea0b99: Pushed 
82068c842707: Pushed 
c2adabaecedb: Pushed 
latest: digest: sha256:2963fc49cc50883ba9af25f977a9997ff9af06b45c12d968b7985dc1e9254e4b size: 948

###可以从私有仓库拉取
[root@server1 ~]# docker pull westos.org/nginx
Using default tag: latest
latest: Pulling from nginx
Digest: sha256:2963fc49cc50883ba9af25f977a9997ff9af06b45c12d968b7985dc1e9254e4b
Status: Image is up to date for westos.org/nginx:latest
westos.org/nginx:latest

7.添加用户认证功能

(1)生成用户密码文件
[root@server1 ~]# mkdir auth

###无法为admin用户添加密码
[root@server1 ~]# docker run --rm --entrypoint htpasswd registry Bbn admin westos > auth/htpasswd
docker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "exec: \"htpasswd\": executable file not found in $PATH": unknown.
ERRO[0000] error waiting for container: context canceled 

###下载该软件包
[root@server1 ~]# yum install httpd-tools
[root@server1 ~]# cd auth
[root@server1 auth]# ls
htpasswd

###添加用户密码
[root@server1 auth]# htpasswd -B htpasswd admin
New password: 
Re-type new password: 
Adding password for user admin
[root@server1 auth]# cat htpasswd
admin:$2y$05$ctPip/ZU/ck0g72sQD31w.cNjkg3pS8w5ZioL7owGUCTZCbsGBnZW
[root@server1 auth]# htpasswd -B htpasswd lj
New password: 
Re-type new password: 
Adding password for user lj

###查看密码文件
[root@server1 auth]# cat htpasswd
admin:$2y$05$ctPip/ZU/ck0g72sQD31w.cNjkg3pS8w5ZioL7owGUCTZCbsGBnZW
lj:$2y$05$w1w4RFGNMr0jR2TvEOSrseTwB4nmR9ydqYY50j6Pch2sBOmkfkmP

8.重建容器

[root@server1 auth]# docker run -d -p 443:443 --restart=always --name registry -v /opt/registry:/var/lib/registry -v /root/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key -v /root/auth:/auth -e REGISTRY_AUTH=htpasswd -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
f62d6ead8a8952d33f0b100afab363b24e483a8e89109cef3112a25fc4ac5b17

9.docker主机认证

[root@server2 ~]# docker login westos.org
Username: admin 
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

四.harbor仓库

1.解压软件包,建立数据目录

[root@server1 ~]# tar zxf harbor-offline-installer-v1.10.1.tgz
[root@server1 ~]# mkdir /data
[root@server1 ~]# mv certs/ /data/

2.修改配置文件

[root@server1 ~]# cd harbor/
[root@server1 harbor]# vim harbor.yml

在这里插入图片描述
在这里插入图片描述

3.运行脚本,安装harbor

[root@server1 ~]# mv docker-compose-Linux-x86_64-1.24.1 /usr/local/bin/docker-compose
[root@server1 ~]# chmod +x /usr/local/bin/docker-compose 
[root@server1 ~]# cd harbor/
[root@server1 harbor]# ./install.sh

在这里插入图片描述

[root@server2 ~]# docker login westos.org
Username: admin 
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@server2 ~]# cd /etc/docker/
[root@server2 docker]# ls
certs.d  daemon.json  key.json
[root@server2 docker]# vim daemon.json 
[root@server2 docker]# cat daemon.json 
{
  "registry-mirrors": ["https://westos.org"]
}
[root@server2 docker]# systemctl daemon-reload 
[root@server2 docker]# systemctl restart docker

4.登陆harbor,创建仓库,添加项目维护成员

(1)登陆

在这里插入图片描述
在这里插入图片描述

(2)新建仓库

在这里插入图片描述

(3)添加用户

在这里插入图片描述在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

5.测试上传镜像

[root@server1 ~]# docker tag nginx:latest westos.org/library/nginx:latest
[root@server1 ~]# docker push westos.org/library/nginx:latest 
The push refers to repository [westos.org/library/nginx]
cdd1d8ebeb06: Pushed 
fe08d9d9f185: Pushed 
280ddd108a0a: Pushed 
f14cffae5c1a: Pushed 
d0fe97fa8b8c: Pushed 
latest: digest: sha256:4949aa7259aa6f827450207db5ad94cabaa9248277c6d736d5e1975d200c7e43 size: 1362

在这里插入图片描述

[root@server2 ~]# docker load -i game2048.tar 
011b303988d2: Loading layer   5.05MB/5.05MB
36e9226e74f8: Loading layer  51.46MB/51.46MB
192e9fad2abc: Loading layer  3.584kB/3.584kB
6d7504772167: Loading layer  4.608kB/4.608kB
88fca8ae768a: Loading layer  629.8kB/629.8kB
Loaded image: game2048:latest
[root@server2 ~]# docker tag game2048:latest westos.org/westos/game2048:latest
[root@server2 ~]# docker push westos.org/westos/game2048:latest
The push refers to repository [westos.org/westos/game2048]
88fca8ae768a: Pushed 
6d7504772167: Pushed 
192e9fad2abc: Pushed 
36e9226e74f8: Pushed 
011b303988d2: Pushed 
latest: digest: sha256:8a34fb9cb168c420604b6e5d32ca6d412cb0d533a826b313b190535c03fe9390 size: 1364
[root@server2 ~]# docker pull westos.org/westos/game2048
Using default tag: latest
latest: Pulling from westos/game2048
Digest: sha256:8a34fb9cb168c420604b6e5d32ca6d412cb0d533a826b313b190535c03fe9390
Status: Image is up to date for westos.org/westos/game2048:latest
westos.org/westos/game2048:latest

在这里插入图片描述

# docker # linux # 运维
Logo
GitCode 开源社区

旨在为数千万中国开发者提供一个无缝且高效的云端环境,以支持学习、使用和贡献开源项目。

更多推荐

沁言学术能取代Grammarly在学术写作润色与扩写中的角色吗?

沁言学术是AI驱动的学术平台,专注科研写作辅助(如文献整合和智能扩写);Grammarly是通用写作工具,侧重语法和风格优化。主要问题:沁言学术能否代替Grammarly?潜在取代性:沁言学术在学术专精上接近(如AI生成学术文本),但Grammarly的实时性和多语种更广;实测中,沁言可覆盖80%润色需求,但需Grammarly补齐通用纠错。实际性能:聚焦AI文本生成(沁言强)、自动润色(二者相当

avatar GitCode 开源社区

沁言学术 vs NoteExpress:学术AI与传统工具的科研全流程支持对比

沁言学术是AI驱动平台,融合NLP和机器学习,实现智能辅助;NoteExpress是本土传统工具,专注文献管理软件,支持Windows生态。相同点:二者均覆盖检索、管理、引用等核心,支持PDF导入和基本笔记。不同点:沁言学术AI自动化(如智能检索建议),NoteExpress手动优化(如本土数据库集成)。全流程支持:从检索到协作,沁言学术闭环更智能,NoteExpress更稳固;实测中,沁言效率升

avatar GitCode 开源社区
cover

G-Star公益行获评CCF优秀技术公益案例,用开源技术传递善意

avatar GitCode 开源社区