卸載舊版本
sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
安裝 Docker Engine-Community
使用 Docker 倉庫進行安裝
設置倉庫
sudo yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
設置穩定的倉庫
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
安裝 Docker Engine-Community
sudo yum install docker-ce docker-ce-cli containerd.io
啓動 Docker
sudo systemctl start docker
啓動 hello-world 驗證 docker 是否安裝成功
sudo docker run hello-world
參考鏈接:
CentOS Debian 安裝
安裝 docker-compose
- 查看 pip 是否有按照
pip -V
- 沒有安裝 pip, 安裝 pip
yum -y install epel-release
yum -y install python-pip
- 升級 pip
pip install --upgrade pip
- 安裝 docker-compose
pip install docker-compose
設置阿里雲倉庫地址
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://m3kj4rry.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
設置私有倉庫
- 拉取 registry 鏡像
docker pull registry
- 創建數據卷目錄
mkdir /usr/local/csp_registry
- 啓動 registry
docker run -d -p 5000:5000 --name=csp_registry --restart=always --privileged=true -v /usr/local/docker_registry:/var/lib/registry registry
解釋:
-p 5000:5000 端口
--name=csp_registry 運行的容器名稱
--restart=always 自動重啓
--privileged=true centos7中的安全模塊selinux把權限禁止了,加上這行是給容器增加執行權限
-v /usr/local/docker_registry:/var/lib/registry 把主機的/usr/local/docker_registry 目錄掛載到registry容器的/var/lib/registry目錄下,假如有刪除容器操作,我們的鏡像也不會被刪除
- 給 docker 註冊 https 協議,支持 https 訪問
{
"insecure-registries":["主機的IP地址或者域名:5000"],
"registry-mirrors": ["https://registry.docker-cn.com"]
}
- 新建 tag
docker tag hello-world ip:port/hello-world
- 推送至本地倉庫
docker push ip:port/hello-world
- 刪除 tag 鏡像
docker rmi ip:port/hello-world
docker rmi hello-world
- 拉取本地鏡像
docker pull ip:port/hello-world
設置倉庫證書
- 創建自簽證書
cd /usr/local
mkdir ssl
cd ssl
openssl genrsa -out ca.key 2048
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
- 訪問控制
cd /usr/local
mkdir auth
docker run \
--entrypoint htpasswd \
registry -Bbn testuser testpassword > auth/htpasswd
注:testuser testpassword 代表 登錄的 用戶和密碼
啓動容器
docker run -d \
--restart=always \
--name registry \
-v /usr/local/auth:/auth \
-v /usr/local/ssl:/certs \
-e REGISTRY_HTTP_ADDR=0.0.0.0:5000 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/server.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/server.key \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-p 5000:5000 \
registry
- 登錄 docker
docker login ip:port
以 docker-compose 方式啓動容器
# docker-compose.yml
version: '3.1'
services:
registry:
image: registry
ports:
- 5000:5000
environment:
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/server.crt
REGISTRY_HTTP_TLS_KEY: /certs/server.key
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
volumes:
- /usr/local/docker_registry:/var/lib/registry
- /usr/local/ssl:/certs
- /usr/local/auth:/auth
參考鏈接