docker---仓库（docker hub，搭建docker私有仓库，harbor仓库）

tech2025-07-29 5

一.docker仓库：

Docker 仓库是用来包含镜像的位置，Docker提供一个注册服务器（Register）来保存多个仓库，每个仓库又可以包含多个具备不同tag的镜像。 Docker运行中使用的默认仓库是 Docker Hub 公共仓库。

二.docker hub:

1.登陆docker-hub，新建公共仓库

2.登陆后上传镜像

[root@server1 ~]# docker login [root@server1 ~]# docker tag mario:latest sgoooua/mario:latest [root@server1 ~]# docker push sgoooua/mario:latest

3.从仓库拉取镜像

[root@server1 ~]# docker pull sgoooua/mario:latest

4.删除镜像

[root@server1 ~]# docker rmi sgoooua/mario:latest

三.搭建私有仓库：

1.下载registry镜像,并运行容器：

[root@server1 ~]# docker pull registry Using default tag: latest latest: Pulling from library/registry cbdbe7a5bc2a: Pull complete 47112e65547d: Pull complete 46bcb632e506: Pull complete c1cc712bcecd: Pull complete 3db6272dcbfa: Pull complete Digest: sha256:8be26f81ffea54106bae012c6f349df70f4d5e7e2ec01b143c46e2c03b9e551d Status: Downloaded newer image for registry:latest docker.io/library/registry:latest [root@server1 ~]# docker run -d -p 443:443 --restart=always --name registry -v /opt/registry:/var/lib/registry -v /root/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key registry 50d49a18ac734dcd49c3c63daac7577a8161646f5f2329f40e3c7a655fdbfd88

2.上传镜像到本地仓库：

docker tag nginx:latest localhost:443/nginx:latest docker push localhost:443/nginx:latest

3.为docker仓库添加证书加密功能

（1）生成证书

[root@server1 ~]# mkdir certs [root@server1 ~]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/westos.org.key -x509 -days 365 -out certs/westos.org.crt Generating a 4096 bit RSA private key ....................................++ ...............++ writing new private key to 'certs/westos.org.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:cn State or Province Name (full name) []:shaanxi Locality Name (eg, city) [Default City]:xi'an Organization Name (eg, company) [Default Company Ltd]:westos Organizational Unit Name (eg, section) []:linux Common Name (eg, your name or your server's hostname) []:westos.org Email Address []:root@westos.org [root@server1 ~]# ls certs westos.org.crt westos.org.key

4.重建容器

[root@server1 ~]# docker run -d --restart=always --name registry -v /root/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key -p 443:443 registry 142b93bce5765c0765f8819abb7b4c5f19ef808324b8619f059cc5deb1d5cae6 [root@server1 ~]# docker port registry 443/tcp -> 0.0.0.0:443 [root@server1 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 50d49a18ac73 registry "/entrypoint.sh /etc…" 4 seconds ago Up 4 seconds 0.0.0.0:443->443/tcp, 5000/tcp registry

5.拷贝证书到docker主机

[root@server1 ~]# cd /etc/docker [root@server1 docker]# mkdir -p certs.d/westos.org [root@server1 docker]# cd certs.d/ [root@server1 certs.d]# cd westos.org/ [root@server1 westos.org]# cp /root/certs/westos.org.crt . [root@server1 westos.org]# mv westos.org.crt ca.crt [root@server1 docker]# scp -r certs.d/ root@172.25.13.2:/etc/docker/ root@172.25.13.2's password: ca.crt 100% 2098 2.4MB/s 00:00

6 .测试上传镜像

[root@server1 ~]# docker tag nginx:1.16.1 westos.org/nginx [root@server1 ~]# docker push westos.org/nginx The push refers to repository [westos.org/nginx] c23548ea0b99: Pushed 82068c842707: Pushed c2adabaecedb: Pushed latest: digest: sha256:2963fc49cc50883ba9af25f977a9997ff9af06b45c12d968b7985dc1e9254e4b size: 948 ###可以从私有仓库拉取 [root@server1 ~]# docker pull westos.org/nginx Using default tag: latest latest: Pulling from nginx Digest: sha256:2963fc49cc50883ba9af25f977a9997ff9af06b45c12d968b7985dc1e9254e4b Status: Image is up to date for westos.org/nginx:latest westos.org/nginx:latest

7.添加用户认证功能

（1）生成用户密码文件

[root@server1 ~]# mkdir auth ###无法为admin用户添加密码 [root@server1 ~]# docker run --rm --entrypoint htpasswd registry Bbn admin westos > auth/htpasswd docker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "exec: \"htpasswd\": executable file not found in $PATH": unknown. ERRO[0000] error waiting for container: context canceled ###下载该软件包 [root@server1 ~]# yum install httpd-tools [root@server1 ~]# cd auth [root@server1 auth]# ls htpasswd ###添加用户密码 [root@server1 auth]# htpasswd -B htpasswd admin New password: Re-type new password: Adding password for user admin [root@server1 auth]# cat htpasswd admin:$2y$05$ctPip/ZU/ck0g72sQD31w.cNjkg3pS8w5ZioL7owGUCTZCbsGBnZW [root@server1 auth]# htpasswd -B htpasswd lj New password: Re-type new password: Adding password for user lj ###查看密码文件 [root@server1 auth]# cat htpasswd admin:$2y$05$ctPip/ZU/ck0g72sQD31w.cNjkg3pS8w5ZioL7owGUCTZCbsGBnZW lj:$2y$05$w1w4RFGNMr0jR2TvEOSrseTwB4nmR9ydqYY50j6Pch2sBOmkfkmP

8.重建容器

[root@server1 auth]# docker run -d -p 443:443 --restart=always --name registry -v /opt/registry:/var/lib/registry -v /root/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key -v /root/auth:/auth -e REGISTRY_AUTH=htpasswd -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry f62d6ead8a8952d33f0b100afab363b24e483a8e89109cef3112a25fc4ac5b17

9.docker主机认证

四.harbor仓库

1.解压软件包,建立数据目录

[root@server1 ~]# tar zxf harbor-offline-installer-v1.10.1.tgz [root@server1 ~]# mkdir /data [root@server1 ~]# mv certs/ /data/

2.修改配置文件

[root@server1 ~]# cd harbor/ [root@server1 harbor]# vim harbor.yml

3.运行脚本，安装harbor

[root@server1 ~]# mv docker-compose-Linux-x86_64-1.24.1 /usr/local/bin/docker-compose [root@server1 ~]# chmod +x /usr/local/bin/docker-compose [root@server1 ~]# cd harbor/ [root@server1 harbor]# ./install.sh

[root@server2 ~]# docker login westos.org Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [root@server2 ~]# cd /etc/docker/ [root@server2 docker]# ls certs.d daemon.json key.json [root@server2 docker]# vim daemon.json [root@server2 docker]# cat daemon.json { "registry-mirrors": ["https://westos.org"] } [root@server2 docker]# systemctl daemon-reload [root@server2 docker]# systemctl restart docker

4.登陆harbor，创建仓库，添加项目维护成员

（1）登陆

（2）新建仓库

（3）添加用户

5.测试上传镜像

[root@server1 ~]# docker tag nginx:latest westos.org/library/nginx:latest [root@server1 ~]# docker push westos.org/library/nginx:latest The push refers to repository [westos.org/library/nginx] cdd1d8ebeb06: Pushed fe08d9d9f185: Pushed 280ddd108a0a: Pushed f14cffae5c1a: Pushed d0fe97fa8b8c: Pushed latest: digest: sha256:4949aa7259aa6f827450207db5ad94cabaa9248277c6d736d5e1975d200c7e43 size: 1362

[root@server2 ~]# docker load -i game2048.tar 011b303988d2: Loading layer 5.05MB/5.05MB 36e9226e74f8: Loading layer 51.46MB/51.46MB 192e9fad2abc: Loading layer 3.584kB/3.584kB 6d7504772167: Loading layer 4.608kB/4.608kB 88fca8ae768a: Loading layer 629.8kB/629.8kB Loaded image: game2048:latest [root@server2 ~]# docker tag game2048:latest westos.org/westos/game2048:latest [root@server2 ~]# docker push westos.org/westos/game2048:latest The push refers to repository [westos.org/westos/game2048] 88fca8ae768a: Pushed 6d7504772167: Pushed 192e9fad2abc: Pushed 36e9226e74f8: Pushed 011b303988d2: Pushed latest: digest: sha256:8a34fb9cb168c420604b6e5d32ca6d412cb0d533a826b313b190535c03fe9390 size: 1364 [root@server2 ~]# docker pull westos.org/westos/game2048 Using default tag: latest latest: Pulling from westos/game2048 Digest: sha256:8a34fb9cb168c420604b6e5d32ca6d412cb0d533a826b313b190535c03fe9390 Status: Image is up to date for westos.org/westos/game2048:latest westos.org/westos/game2048:latest

最新回复(0)