使用自签名证书

  1. mkdir -p /data/registry/certs
  3. openssl req \
  4. -newkey rsa:4096 -nodes -sha256 -keyout /data/registry/certs/domain.key \
  5. -x509 -days 36500 -out /data/registry/certs/domain.crt
  7. # 在字段 Common Name 中指定一个域名

image.png

启动镜像仓库

  1. docker run -d \
  2.   --restart=always \
  3.   --name registry \
  4.   -v /data/registry/certs:/certs \
  5.   -v /data/registry/data:/var/lib/registry \
  6.   -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
  7.   -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
  8.   -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
  9.   -p 443:443 \
  10.   registry:2

配置镜像仓库地址

配置证书

  1. mkdir -p /etc/docker/certs.d/registry.acdiost.com/
  3. cp /data/registry/certs/registry.acdiost.com.crt /etc/docker/certs.d/registry.acdiost.com/

配置 docker 并重启

  1. cat <<EOF | tee /etc/docker/daemon.json
  2. {
  3.   "insecure-registries": ["harbor.address", "gcr.io", "docker.io", "k8s.gcr.io"],
  4.   "registry-mirrors": ["https://registry.acdiost.com", "https://registry.docker-cn.com"],
  5.   "exec-opts": ["native.cgroupdriver=systemd"],
  6.   "log-driver": "json-file",
  7.   "log-opts": {
  8.     "max-size": "100m"
  9.   },
  10.   "storage-driver": "overlay2"
  11. }
  12. EOF