Docker privatized warehouse introduction

Introduction to private Warehouse

Dockerhub, do you remember what it is? Docker Hub Docker Hub Docker Hub Registry.hub.docker.com Public repositories such as Docker Hub can sometimes be inconvenient (and sometimes inaccessible) to use. Users can create a local repository for private use and use the official provided tool Docker-Registry to configure private image repositories

Docker-registry is an official provided tool that can be used to build private image repositories. Registry [ˈ ˈ s ɪ t] : n

What are the advantages of a private mirror warehouse?

Advantages of private warehouse: 1, fast speed 2, convenient maintenance 3, security

Build private repository idea: old idea: download source tar/yum install – “install -” modify configuration file – “start service using docker idea: directly download and use the Registry image to start the Docker instance, so that the repository is built successfully.

With Docker, all software is no longer released in the form of office.exe or lrzsz. RPM, but released as docker images. You just need to download the Docker image and run a Docker instance. With Docker, there is no need to worry about installing Linux services!

Experimental environment planning

Xuegod64 xuegod64 xuegod64 xuegod64 xuegod64 xuegod64 xuegod64 xuegod64 xuegod64 xuegod64 xuegod64 xuegod64 Xuegod63 (xuegod63) allows you to use Xuegod64 (xuegod64) to pull/push the image.

Use Registry to build docker private warehouse

Docker service: host name xuegod63 host IP: 192.168.1.63 (this IP can be configured according to their environment, configure static IP) configuration: 4vCPU/4Gi memory

Xuegod64 host IP: 192.168.1.64 (this IP can be configured according to your environment) configuration: 4vCPU/4Gi memory

Initialize the lab environment – Install docker

Configure a static IP address for a virtual machine or physical machine, so that the IP address does not change after the machine restarts. /etc/sysconfig/network-scripts/ifcfg-ens33 (xuegod64);

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
IPADDR=192.1681.64.
NETMASK=255.255255.. 0
GATEWAY=192.1681.1.
DNS1=192.1681.1.DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE= stables -privacy NAME=ens33 DEVICE=ens33 ONBOOT=yes Xuegod64 hostnamectl (xuegod64set- the hostname xuegod64 # on xuegod63 and xuegod64 configuration hosts file, let two hosts hosts file consistent [root @ xuegod63 ~]# cat /etc/hosts
127.0. 01.   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.1681.63. xuegod63
192.1681.64. xuegod64
[root@xuegod64 ~]# cat /etc/hosts
127.0. 01.   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.1681.63. xuegod63
192.1681.64.Xuegod64 # disable firewalld firewall [root@xuegod64 ~]# systemctl stop firewalld ; systemctl disable firewalld# disable iptables firewall [root@xuegod64 ~]# yum install iptables-services -yIptables [root@xuegod64 ~]# service iptables stop && systemctl disable iptablesClearing firewall rules [root@xuegod64 ~]# iptables -F # close selinux [root@xuegod64 ~]# setenForce 0 # Temporarily disabled# Permanently disable [root@xuegod64 ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/configNote: Selinux will take effect permanently after the selinux configuration file is modified and the machine is restarted [root@xuegod64 ~]# getenforceDisabled # Configure time synchronization [root@xuegod64 ~]# ntpdate cn.pool.ntp.orgCrontab -e * */1* * * /usr/sbin/ntpdate cn.pool.ntp.org Restart the crond service to make the configuration take effectCopy the code

Method 1: Install docker-CE online, configure the yum source of Domestic Docker-CE (Ali Cloud)

[root@xuegod64 ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
Copy the code

Configure docker-CE offline yum source: Offline installation is recommended, [root@xuegod64 ~]# tar xf k8s-docker.tar.gz -c /opt/ [root@xuegod64 ~]# tee /etc/yum.repos.d/k8s-docker.repo << ‘EOF’ [k8s-docker] name=k8s-docker baseurl=file:///opt/k8s-docker enable=1 gpgcheck=0 EOF

Installing Basic Software Packages

[root@xuegod64 ~]# yum install -y wget net-tools nfs-utils lrzsz gcc gcc-c++ make cmake libxml2-devel openssl-devel curl
 curl-devel unzip sudo ntp libaio-devel wget vim ncurses-devel autoconf automake zlib-devel  python-devel epel-release 
 openssh-server socat  ipvsadm conntrack ntpdate  telnet
Copy the code

Install docker environment dependencies

[root@xuegod64 ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
Copy the code

Install the docker – ce

[root@xuegod64 ~]# yum install docker-ce docker-ce-cli containerd.io -y
Copy the code

Containerd. IO containerd.io containerd.io containerd.io containerd.io containerd.io containerd.io containerd.io containerd.io containerd.io containerd.io containerd.io containerd.io containerd.io containerd.io containerd.io containerd.io containerd.io containerd.io containerd.io

Start the Docker service

[root@xuegod64 ~]# systemctl start docker && systemctl enable docker
Copy the code

# check Docker version information

[root@xuegod64 ~]# docker version    
[root@xuegod64 ~]# systemctl status dockerLow docker. Service - docker Application Container Engine the Loaded: the Loaded (/ usr/lib/systemd/system/docker. Service; enabled; vendor preset: disabled) Active: active (running) since Tue2021- 04- 20 10:07:23 CST; 9s ago
Copy the code

Enable the packet forwarding function and modify kernel parameters

Kernel parameter modification:

[root@xuegod64 ~]# modprobe br_netfilter
[root@xuegod64 ~]# echo "modprobe br_netfilter" >> /etc/profile
[root@xuegod64 ~]# cat > /etc/sysctl.d/docker.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
[root@xuegod64 ~]# sysctl -p /etc/sysctl.d/docker.conf
Copy the code

# restart docker

[root@xuegod64 ~]# systemctl restart docker
Copy the code

What is br_netfilter? Linux Iptables/NetFilter interworks with Linux Bridge to implement the transparent firewall function.

Transparent firewalls are also called Bridge firewalls. Simply put, add firewall functionality to bridge devices. Transparent firewall has the advantages of strong deployment ability, good concealment, and high security.

Why modprobe br_netfilter? Add the following to /etc/sysctl.conf:

net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1 
Copy the code

Sysctl -p

Solutions:

modprobe br_netfilter
Copy the code

Remember net.bridge-nF-call-ip6tables and net.ipv4.ip_forward?

Net. Ipv4. Ip_forward: The network architecture of standalone Docker is essentially that a docker0 bridge is installed on the host. When accessing the inside of the container from the outside, only the address of the host and the corresponding container mapping address are needed. After IP packet parsing on the host, the packets will be forwarded to the Docker0 bridge by the eth0 network card through the rules of destination port and iptables for the next route. So if ip_forward is not open on the host of the container, then the container on that host cannot be accessed by other hosts

Net.bridge. bridge-nF-call-ip6tables: By default, traffic sent from the container to the default bridge is not forwarded externally. To enable forwarding: net.bridge.bridge-nf-call-ip6tables = 1

Configure Xuegod64 as docker private warehouse server

1. Pull the Registry image. The registry image includes software to set up a local private repository:

Registry [ˈ ˈ s ɪ t] Pull pull; Push pushCopy the code

Xuegod64 (xuegod64)

[root@xuegod64 ~]# docker load -i registry.tar
Copy the code
  1. View the Registry image
[root@xuegod64 ~]# docker images 
REPOSITORY           TAG                 IMAGE ID            CREATED             SIZE
registry      latest              047218491f8c        3 weeks ago         33.17 MB
Copy the code
  1. Use the Registry image to build a private repository

Build a private repository using the Registry image. The private library has been installed in the Registry image. I only need to run a Docker instance using the Registry image.

The Registry service listens to the port number, which is 5000 by default

[root@xuegod64~]# docker run -d --name registry -p 5000:5000 -v /opt/registry:/var/lib/registry registry:latest
e4698f625a56661edd2678269215ba42d4fa41c2da881768a741a72b4a3d0c60
Copy the code

By default, Registry stores images in /var/lib/registry, so that if the container is deleted, the images stored in the container will also be lost. Therefore, we usually specify a directory such as /opt/registry on the local physical machine to be mounted under the container /var/lib/registry. Use the -v argument to specify the local persistent path.

[root@xuegod64~]This directory will be created automatically
[root@xuegod64~]# docker ps
CONTAINER ID   IMAGE             COMMAND                  CREATED          STATUS          PORTS                    NAMES
90cc7afb477e   registry:latest   "/ entrypoint. Sh/etc..."   34 seconds ago   Up 33 seconds   0.0. 0. 0:5000->5000/tcp   registry
[root@xuegod63 ~]# netstat -antup | grep 5000
tcp6       0      0: : :5000                 :::*                    LISTEN      4032/docker-proxy
Copy the code

The private library has been started successfully.

View the list of images in the private repository:

curl http:/ / 192.168.1.64:5000 / v2 / _catalog
{"repositories": []}Copy the code

The docker image is now empty. The docker image is now empty. The docker image is empty.

Configure xuegod63 on Docker using xuegod64 on private repository

Modify the Docker configuration file, specify the Docker image acceleration node as: private warehouse address

[root@xuegod63 ~]# vim /etc/docker/daemon.json
Copy the code

[“insecure-registries”: [“192.168.1.64:35000”]] /etc/docker/daemon.json

{
"registry-mirrors": ["https://rsbud4vc.mirror.aliyuncs.com"."https://registry.docker-
cn.com"."https://docker.mirrors.ustc.edu.cn"."https://dockerhub.azk8s.cn"."http://hub-
mirror.c.163.com"."http://qtid6917.mirror.aliyuncs.com"."https://rncxm540.mirror.aliyuncs.com"
,"https://e9yneuy4.mirror.aliyuncs.com"]."insecure-registries": [ "192.168.1.64:5000"]}Copy the code

Note: –insecure-registry is an unsafe registry. In this case, it refers to using HTTP. To securely transfer images, you need to use HTTPS. Our private repositories are generally used locally, so HTTP protocol can be used directly. Reload the configuration to take effect

[root@xuegod63 ~]# systemctl daemon-reload
Copy the code

Restart the Docker service

[root@xuegod63 ~]# systemctl restart docker 
Copy the code

Real – Upload a local image to a private repository

  1. Pull a test image from the Docker HUB named BusyBox

[xuegod63] [xuegod63] [xuegod63] [Xuegod63]

[root@xuegod63 ~]# docker load -i busybox.tar
[root@xuegod63 ~]# docker images 
REPOSITORY  TAG      IMAGE ID		     CREATED            SIZE
busybox      latest     00f017a8c2a6    	2 weeks ago         1.11 MB
Copy the code

Note: Overview of BusyBox: BusyBox is an integration of more than one hundred of the most commonly used Linux commands and tools. BusyBox includes simple BusyBox tools such as ls, cat, and echo, as well as larger and more complex tools such as grep, find, mount, and Telnet. Some call BusyBox the Swiss Army knife of Linux tools. In short, BusyBox is like a big toolkit, packed with Linux tools and commands, including the Android shell. Have you ever seen a Swiss Army knife?

Website:www.busybox.net Docker tag: original image name: tag private repository address/new image name: tag

[root@xuegod63 ~]# docker tag busybox: latest 192.168.1.64:5000 / busybox: the latest
Copy the code

Note: No mirror label is written. The default is latest

[root@xuegod63 ~]# docker images
REPOSITORY                  TAG                 IMAGE ID            CREATED             SIZE
192.1681.64.:5000/busybox   latest    00f017a8c2a6   4 years ago    1.11MB
Copy the code

3. Will just new play tag 192.168.1.64:35000 / busybox image, push the xuegod64 private warehouse.

[root@xuegod63 ~]# docker push 192.168.1.64:5000 / busybox
Copy the code

Xuegod64 (xuegod64, xuegod64, xuegod64, xuegod64

[root@xuegod64 ~]# yum install tree -y 
[root@xuegod64 ~]# tree /opt/registry/docker/registry/v2/repositories// opt/registry/docker/registry/v2 / repositories / └ ─ ─ busybox # can see upload imagesCopy the code

Visit http://192.168.1.64:5000/v2/_catalog # can view mirror in a private warehouse list, as follow:

{"repositories": ["busybox"]}
Copy the code

Docker rmI docker rmI Label/root @ xuegod63 ~ # docker rmi 192.168.1.64:5000 / busybox/root @ xuegod63 ~ # # remove image docker pull 192.168.1.64:5000 / busybox # download mirror/root @ xuegod63 ~ # # docker images to view the imported IMAGE REPOSITORY TAG IMAGE ID CREATED the SIZE 00 192.168.1.64:5000 / busybox latest f017a8c2a6 2 weekes line 1.11 MB

Using the new import mirror, running a new docker instance: [root @ xuegod63 ~] # docker run 192.168.1.64:5000 / busybox: latest echo “hello” hello run successfully.

2. Run a Docker instance based on the Registry image. Registry listens to port 5000 by default, and needs to map port 5000 on the host

1. Install docker service 2. Modify the docker service image source to change the private warehouse address:

"insecure-registries": [ "192.168.1.64:5000" ] 
Copy the code

3, to import the image of a tag, such as: 192.168.1.64:5000 / busybox: latest 4, upload the label image to private warehouse: docker push 192.168.1.64:5000 / busybox: the latest

1, Modify docker service image source, change the private repository address:

"insecure-registries": [ "192.168.1.64:5000" ]
Copy the code

2 just upload, download mirror: docker pull 192.168.1.64:5000 / busybox: latest 3, view mirror in a private warehouse list: http://192.168.1.64:5000/v2/_catalog

Actual combat: Build Docker private warehouse with Harbor

Docker container application development and operation cannot be separated from reliable image management. Although Docker officially provides a public image warehouse, it is also necessary to deploy Registry in our private environment in terms of security and efficiency. Harbor is an open source enterprise Docker Registry project managed by VMware, including rights management (RBAC), LDAP, log audit, management interface, self-registration, image replication and Chinese support, etc. Official website address:Github.com/goharbor/ha…

Harbor [‘ h ɑ : b goes bay

Xuegod64 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Memory more than 2G

Issue a certificate for Harbor

[root@xuegod64 ~]# mkdir /data/ssl -p
[root@xuegod64 ~]# cd /data/ssl/
Copy the code

Generating a CA certificate:

[root@xuegod64 ssl]# openssl genrsa -out ca.key 3072
Copy the code

Create a 3072-bit private key

[root@xuegod64 ssl]# openssl req -new -x509 -days 3650 -key ca.key -out ca.pem
Copy the code

Create a digital certificate ca.pem. 3650 indicates that the validity period of the certificate is 3 years.

[root@xuegod64 ssl]# openssl req -new -x509 -days 3650 -key ca.key -out ca.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '. ', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN 
State or Province Name (full name) []:BJ
Locality Name (eg, city) [Default City]:BJ
Organization Name (eg, company) [Default Company Ltd]:xuegod
Organizational Unit Name (eg, section) []:CA
Common Name (eg, your name or your server's hostname) []:xuegod64.cn
Email Address []:[email protected]
Copy the code

Create domain name certificate:

[root@xuegod64 ssl]# openssl genrsa -out harbor.key 3072
Copy the code

Create a 3072-bit private key

[root@xuegod64 ssl]# openssl req -new -key harbor.key -out harbor.csr
Copy the code

Create a request for a certificate. If the request is not marked with an arrow, fill in the blank.

[root@xuegod64 ssl]# openssl req -new -key harbor.key -out harbor.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '. ', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:BJ
Locality Name (eg, city) [Default City]:BJ
Organization Name (eg, company) [Default Company Ltd]:xuegod
Organizational Unit Name (eg, section) []:CA       
Common Name (eg, your name or your server's hostname) []:xuegod64.cn Email Address []:[email protected] Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Copy the code

Issue certificate:

[root@xuegod64 ssl]# openssl x509 -req -in harbor.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out harbor.pem -days 3650
Copy the code

If the following information is displayed, the certificate is issued:Check whether the certificate is valid:

openssl x509 -noout -text -in harbor.pem 
Copy the code

It is valid if the following information is displayed:

Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            cd:21:3c:44:64:17:65:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=CH, ST=BJ, L=BJ, O=Default Company Ltd
        Validity
            Not Before: Dec 26 09:29:19 2020 GMT
            Not After : Dec 24 09:29:19 2030 GMT
        Subject: C=CH, ST=BJ, L=BJ, O=Default Company Ltd, CN=harbor
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (3072 bit)
                Modulus:
                    00:b0:60:c3:e6:35:70:11:c8:73:83:38:9a:7E: b8:...Copy the code

Install the harbor

Delete the previous registry container to prevent conflicts with harbor installation

[root@xuegod64 ssl]# docker rm -f registry
Copy the code

Creating an installation directory

[root@xuegod64 ssl]# mkdir /data/install -p
[root@xuegod64 ssl]# cd /data/install/
Copy the code

Harbor /data/ SSL

ca.key  ca.pem  ca.srl  harbor.csr  harbor.key  harbor.pem

[root@xuegod64 install]# cd /data/install/
Copy the code

Harbor-offline-installer-v1.5.0. TGZ 插 件 签 件 : Harbor-offline-installer-v1.5.0. TGZ

[root@xuegod64 install]# tar ZXVF harbor - offline installer - v1.5.0. TGZ
[root@xuegod64 install]# cd harbor
[root@xuegod64 harbor]# ls
Copy the code

The common directory is used to store template configuration. The ha directory is used to do harbor high availability

Modifying a configuration file:

[root@xuegod64 harbor]# vim harbor.cfg
hostname = xuegod64
Copy the code

# change hostname to match the domain name of the certificate issued face to face

ui_url_protocol = https
Copy the code

The protocol is HTTPS

ssl_cert = /data/ssl/harbor.pem
ssl_cert_key = /data/ssl/harbor.key
Copy the code

Note: The harbor default account password is admin/Harbor12345

Docker-compose installation method 1: offline upload docker-compose to the server download binary file to upload to Linux (docker-compose binary file can be directly uploaded)

[root@xuegod63 ~]# rz
Copy the code

[root@xuegod63 ~]# mv docker-compose-Linux-x86_64 /usr/local/bin/docker-compose
Copy the code

Adding Execution Permission

[root@xuegod63 ~]# chmod +x /usr/local/bin/docker-compose
Copy the code

Note: Docker-compose project is an official open source project of Docker, which is responsible for the rapid choreography of docker container clusters. Docker-compose project configuration file default docker-compose. Yml docker-compose project configuration file default docker-compose project configuration file default docker-compose. Docker-compose can manage multiple Docker instances.

Method 2: Online Installation:

[root@xuegod63 ~]# curl -L https:/ / github.com/docker/compose/releases/download/1.26.2/docker-compose- ` ` uname - s - ` uname -m ` > /usr/local/bin/docker-compose
Copy the code

Adding Execution Permission

[root@xuegod63 ~]# chmod +x /usr/local/bin/docker-compose
Copy the code

Docker-harbor.tar. gz (xuegod64, xuegod64, docker load -i

[root@xuegod64 ~]# docker load -i docker-harbor.tar.gz
[root@xuegod64 install]# cd /data/install/harbor
[root@xuegod64 harbor]# ./install.sh --with-notary --with-clair
Copy the code

#clair enables vulnerability scanning for images. Clair is an open source project that provides a tool to monitor container security by statically analyzing vulnerabilities in APPC and Docker containers. Clair is an API-driven analysis engine that checks containers layer by layer for known security flaws. With Clair, you can easily build services that provide continuous monitoring for container vulnerabilities. The above interface will appear during the installation process, indicating that the installation is normal. The docker PS display is as follows, indicating that the container is started normallyModify the hosts file on your computerAdd the following line to the hosts file and save

192.1681.64.  xuegod64
Copy the code

Extension: How to Stop Harbor: You can use Docker-compose to start or stop harbor services. But it must be run in the same directory as docker-comemage.yml.

[root@xuegod64 harbor]# cd /data/install/harbor
[root@xuegod64 harbor]# docker-compose stop Docker-compose stop -f /data/install/docker-compose. YmlCopy the code

How to start harbor:

[root@xuegod64 harbor]# cd /data/install/harbor
[root@xuegod64 harbor]# docker-compose start
docker-compose start	
Copy the code

If docker-compose start fails after harbor is started, the docker-compose vm will need to be restarted

Harbor graphical interface instructions

Type in your browser:https://xuegod64 Accept risks and continue. If the following interface is displayed, the access is normalAccount: admin Password: Harbor12345 Enter the account password and the following appears:All the base images are stored in the Library, which is a public mirror repository

Create a new project -> Create a project name test (open the access level so that the project can be used publicly)

Xuegod63 allows you to use Xuegod64 for harbor mirroring

Modify docker configuration

[root@xuegod63 ~]# vim /etc/docker/daemon.json

{
"registry-mirrors": ["https://rsbud4vc.mirror.aliyuncs.com"."https://registry.docker-cn.com"."https://docker.mirrors.ustc.edu.cn"."https://dockerhub.azk8s.cn"."http://hub-mirror.c.163.com"."http://qtid6917.mirror.aliyuncs.com"."https://rncxm540.mirror.aliyuncs.com"."https://e9yneuy4.mirror.aliyuncs.com"]."insecure-registries": ["192.168.1.64." "]}Copy the code

Modify the configuration to make the configuration take effect:

[root@xuegod63 ~]# systemctl daemon-reload && systemctl restart docker
Copy the code

Check whether docker is successfully started

[root@xuegod63 ~]# systemctl status docker
Copy the code

# If the following information is displayed, the startup is successful:

Active: Active (running) since Fri... agoCopy the code

Note: A new line is added to the configuration as follows:

"insecure-registries": ["192.168.1.64." "].Copy the code

The content added above indicates that our Intranet access to Harbor is HTTP, and 192.168.1.64 is the IP address of the harbor installation machine

Login harbor:

[root@xuegod63]# docker login 192.168.1.64Username: admin Password: Harbor12345Copy the code

If the following information is displayed after you enter the account password, the login is successful:

Login Succeeded
Copy the code

# import tomcat image, tomcat.tar.gz in courseware

[root@xuegod63 ~]# docker load -i tomcat.tar.gz
Copy the code

# tag the Tomcat image

[root@xuegod63 ~]# docker tag tomcat: latest 192.168.1.64 / test/tomcat: v1
Copy the code

The above command will 192.168.1.64 / test/tomcat: v1 onto the test project in the harbor

[root@xuegod63 ~]# docker/test/tomcat: push 192.168.1.64 v1
Copy the code

The above command will 192.168.1.64 / test/tomcat: v1 onto the test project in the harbor

Download the image from harbor repository

Delete the image on xuegod63

[root@xuegod63 ~]# docker rmi/test/tomcat: -f 192.168.1.64 v1
Copy the code

Pull the mirror

[root@xuegod63 ~]# docker/test/tomcat: pull 192.168.1.64 v1
Copy the code

Extension: If you want secure HTTPS access to Harbor, you can use the following method

Login to xuegod63, create the certificate store directory

[root@xuegod63]# mkdir -p /etc/docker/certs.d/xuegod64
Copy the code

Xuegod64 is the host name used by Harbor when it issues its certificate

Log in to harbor server and copy the CA certificate to the docker machine

[root@xuegod64 ~]# cd /data/ssl
[root@xuegod64 ~]# scp ca.pem xuegod63:/etc/docker/certs.d/xuegod64/
Copy the code

Login to xuegod63

[root@xuegod63]# mv /etc/docker/certs.d/xuegod64
[root@xuegod64 ~]# mv ca.pem ca.crt
Copy the code

Modify docker configuration

[root@xuegod63 ~]# vim /etc/docker/daemon.json

{
"registry-mirrors": ["https://rsbud4vc.mirror.aliyuncs.com"."https://registry.docker-cn.com"."https://docker.mirrors.ustc.edu.cn"."https://dockerhub.azk8s.cn"."http://hub-mirror.c.163.com"."http://qtid6917.mirror.aliyuncs.com"."https://rncxm540.mirror.aliyuncs.com"."https://e9yneuy4.mirror.aliyuncs.com"],}Copy the code

# delete “insecure-registries”: [“192.168.1.64”]

# restart docker

[root@xuegod63]# systemctl restart docker
[root@xuegod63]# docker login https://xuegod64Username: admin Password: Harbor12345Copy the code

Use Ali Cloud private warehouse to store their own Docker images

Log in ali Cloud Developer platformdeveloper.aliyun.com/service Log in using your own account, or create one if you don’t have one

Cr.console.aliyun.com/cn-hangzhou… # Click to run the personal versionOn this page click “Namespace” – Create namespace: testXuegod1 Configure a password to access the private repository. The username is the username you use to log in to the site.Creating a mirror repository:Warehouse name: test Click management to view the usage method:Click the management page to view the operation guide:

Start using Ali Cloud private warehouse

Log in to Aliyun Docker Registry:

[root@xuegod63 ~]# docker login --username=lucky6a6a registry.cn-hangzhou.aliyuncs.com
Copy the code

The user name for logging in to Registry is the full name of Aliyun account, and the password is the password set when the service is opened. “Xuegod63”, “Xuegod63”, “Xuegod63”

docker load  -i tomcat.tar.gz
Copy the code

Label the base image

[root@xuegod63 ~]# docker tag tomcat registry.cn-hangzhou.aliyuncs.com/testxuegod1/test:v1
Copy the code

Upload the image to aliyun host

[root@xuegod63 ~]# docker push registry.cn-hangzhou.aliyuncs.com/testxuegod1/test:v1
Copy the code

Check it out on Aliyun: Download an image:

[root@xuegod64 ~]# docker login --username=lucky6a6a registry.cn-hangzhou.aliyuncs.com
Copy the code

The user name for logging in to Registry is the full name of Aliyun account, and the password is the password set when the service is opened. If the following information is displayed, the login succeeds:

[root@xuegod64 ~]# docker pull registry.cn-hangzhou.aliyuncs.com/testxuegod1/test:v1
[root@xuegod64 ~]# docker images
Copy the code

# Configure ali Cloud image accelerator

https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors
Copy the code