docker镜像上传认证（证书和钥匙）

docker镜像上传认证（证书和钥匙）

创建证书和钥匙

cd /tmp/docker
mkdir certs/
openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out 
Generating a 4096 bit RSA private key
.................................++
...............................................................................................................................................................++
writing new private key to 'certs/domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:westos
Email Address []:root@westos
cd certs/
ls    # 查看证书和钥匙是否创建成功
pwd
/tmp/docker  # 必须在此目录下执行此命令，命令中的pwd指的是当前路径
docker run -d 
> --restart=always 
> -v `pwd`/certs:/certs 
> -e REGISTRY_HTTP_ADDR=0.0.0.0:443 
> -e REGISTRY_HTTP_TLS_CERTIFICATE=/ 
> -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key 
> -p 443:443 
> registry:2

cd /tmp/docker
mkdir auth/
docker run --entrypoint htpasswd registry:2 -Bbn wdd redhat > auth/htpasswd
docker run --entrypoint htpasswd registry:2 -Bbn admin admin >> auth/htpasswd
[root@foundation11 docker]# cat auth/htpasswd   # 用户密码存在此文件中
admin:$2y$05$G0wOuHHM8593WSgB5p1Uiew1iy2i.2EutyOqBau2STfpUTfyiZsHS
wdd:$2y$05$7IPnsxwrunjgvPv1RGPsBuJMPFP7FaUK.DSlai4pccCCg0hV3tli.
cd /etc/docker/
mkdir westos
docker tag westos:443/nginx westos/rhel7
cd westos/
cp /tmp/docker/ ./ca.crt
docker run -d --restart=always --name registry -v 
`pwd`/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e 
REGISTRY_HTTP_TLS_CERTIFICATE=/ -e 
REGISTRY_HTTP_TLS_KEY=/certs/domain.key -v `pwd`/auth:/auth -e 
"REGISTRY_AUTH=htpasswd" -e 
"REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e 
REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -p 443:443 registry:2

[root@foundation11 ~]# docker push westos/nginx
The push refers to a repository [westos/nginx]
08d25fa0442e: Preparing 
a8c4aeeaa045: Preparing 
cdb3f9544e4c: Preparing 
no basic auth credentials   # 失败，需要认证
docker login -u wdd -p redhat westos

[root@foundation11 ~]# cd .docker/
[root@foundation11 .docker]# ls
config.json
[root@foundation11 .docker]# cat config.json  # 存放认证信息的文件
{"auths": {"westos": {"auth": "d2RkOnJlZGhhdA=="}}
[root@foundation11 .docker]# docker push westos/nginx  # 成功
The push refers to a repository [westos/nginx]
08d25fa0442e: Pushed 
a8c4aeeaa045: Pushed 
cdb3f9544e4c: Pushed 
latest: digest: sha256:2de9d5fc6585b3f330ff5f2c323d2a4006a49a476729bbc0910b695771526e3f size: 948