docker私仓

1.创建证书

ip地址设置成当前地址

mkdir /root/certs
cd /root/certs
openssl req -newkey rsa:4096 -nodes -sha256 -keyout /root/certs/ca.key  -x509 -days 365 -out /root/certs/ca.crt
openssl genrsa -out server.key 2048 
openssl req -new -key server.key -subj "/CN=10.211.55.69" -out server.csr 
echo subjectAltName = IP:10.30.0.163 > extfile.cnf 
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -extfile extfile.cnf -out server.crt -days 5000
openssl x509 -in ./server.crt -noout -text

复制证书

mkdir /etc/docker/certs.d/10.211.55.69:5000
cp /root/certs/domain.crt  /etc/docker/certs.d/10.211.55.69\:5000/ca.crt

cat /root/certs/domain.crt >> /etc/pki/tls/certs/ca-bundle.crt 

启动docker

docker run -d --net=host --privileged=true -v /root/docker/registry:/var/lib/registry -v /root/certs/:/root/certs  -e REGISTRY_HTTP_TLS_CERTIFICATE=/root/cer
ts/domain.crt -e REGISTRY_HTTP_TLS_KEY=/root/certs/domain.key registry

　其他服务器用这个私有仓库，直接复制docker的仓库服务器下的/etc/docker/cert.d/下的10.211.55.69:5000/ca.cert目录和文件，到自己的/etc/docker/cert.d/目录下即可。