Created
November 7, 2018 11:14
-
-
Save yv84/71a1eb29fd9e686f888a7988efd74e3c to your computer and use it in GitHub Desktop.
docker_registry.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create or modify /etc/docker/daemon.json on the client machine | |
| # { "insecure-registries":["192.168.100.141:5000"] } | |
| # DOCKER_OPTS="$DOCKER_OPTS --insecure-registry 192.168.100.141:5000" | |
| #sudo service docker restart | |
| # DOCKER REGISTRY | |
| # sudo docker run -d -p 5000:5000 --restart=always --name registry registry:2 | |
| sudo docker pull postgres:10 | |
| sudo docker pull nginx:latest | |
| sudo docker pull tomcat:8-jre8-alpine | |
| sudo docker pull node:carbon | |
| sudo docker build -f dockerfile -t node-docker . | |
| sudo docker tag node-docker:latest 192.168.100.141:5000/node-docker:latest | |
| sudo docker push 192.168.100.141:5000/node-docker:latest | |
| sudo docker pull 192.168.100.141:5000/node-docker:latest | |
| sudo docker tag emercom:latest 192.168.100.141:5000/emercom:latest | |
| sudo docker push 192.168.100.141:5000/emercom:latest | |
| sudo docker pull 192.168.100.141:5000/emercom:latest | |
| kubectl create secret docker-registry --dry-run=true emercom-docker-reg \ | |
| --docker-server=https://192.168.100.141:5000 \ | |
| --docker-username=admin \ | |
| --docker-password=admin \ | |
| [email protected] -o yaml > docker_reg.yaml | |
| openssl genrsa 1024 > host.key | |
| chmod 400 host.key | |
| openssl req -new -x509 -nodes -sha1 -days 1365 -key host.key -out host.cert | |
| #openssl req -new -x509 -nodes -batch -newkey rsa:2048 -days 1365 -keyout host.key -out host.cert | |
| sudo mv host.key certs/docker_registry.key | |
| sudo mv host.cert certs/docker_registry.crt | |
| sudo docker container stop registry | |
| mkdir auth | |
| sudo docker run --entrypoint htpasswd registry:2 -Bbn admin admin > auth/htpasswd | |
| sudo docker run -d \ | |
| -p 5000:5000 \ | |
| --restart=always \ | |
| --name registry \ | |
| -v `pwd`/auth:/auth \ | |
| -e "REGISTRY_AUTH=htpasswd" \ | |
| -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \ | |
| -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \ | |
| -e REGISTRY_HTTP_SECRET=secretregistry \ | |
| -v `pwd`/certs:/certs \ | |
| -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ | |
| -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \ | |
| registry:2 | |
| sudo openssl req \ | |
| -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \ | |
| -x509 -days 365 -out certs/domain.crt | |
| https://serverfault.com/questions/611120/failed-tls-handshake-does-not-contain-any-ip-sans | |
| https://stackoverflow.com/questions/29286307/x509-certificate-signed-by-unknown-authority-both-with-docker-and-with-github | |
| https://docs.docker.com/registry/insecure/#troubleshoot-insecure-registry | |
| cp certs/domain.crt /usr/local/share/ca-certificates/myregistrydomain.com.crt | |
| sudo update-ca-certificates | |
| sudo systemctl daemon-reload | |
| sudo systemctl restart docker | |
| sudo docker login -u admin -p admin https://192.168.100.141:5000 | |
| sudo cp ~/.docker/config.json /var/lib/kubelet/config.json | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment