Docker私有Registry在CentOS6.X下安装指南(3)

“
nginx: the configuration file /opt/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /opt/nginx/conf/nginx.conf test is successful
”
(7) 启动nginx:
/opt/nginx/sbin/nginx

(8) 验证nginx是否启动:
ps -ef | grep -i 'nginx'

如下输出就表明nginx一切正常!
root    27133    1  0 18:58 ?        00:00:00 nginx: master process /opt/nginx/sbin/nginx
www      27134 27133  0 18:58 ?        00:00:00 nginx: worker process
www      27135 27133  0 18:58 ?        00:00:00 nginx: worker process
www      27136 27133  0 18:58 ?        00:00:00 nginx: worker process
www      27137 27133  0 18:58 ?        00:00:00 nginx: worker process
www      27138 27133  0 18:58 ?        00:00:00 nginx: worker process
www      27139 27133  0 18:58 ?        00:00:00 nginx: worker process
www      27140 27133  0 18:58 ?        00:00:00 nginx: worker process
www      27141 27133  0 18:58 ?        00:00:00 nginx: worker process
www      27142 27133  0 18:58 ?        00:00:00 nginx: worker process
www      27143 27133  0 18:58 ?        00:00:00 nginx: worker process
www      27144 27133  0 18:58 ?        00:00:00 nginx: worker process
www      27145 27133  0 18:58 ?        00:00:00 nginx: worker process
www      27146 27133  0 18:58 ?        00:00:00 nginx: worker process
www      27147 27133  0 18:58 ?        00:00:00 nginx: worker process
www      27148 27133  0 18:58 ?        00:00:00 nginx: worker process
www      27149 27133  0 18:58 ?        00:00:00 nginx: worker process
www      27150 27133  0 18:58 ?        00:00:00 nginx: worker process
www      27151 27133  0 18:58 ?        00:00:00 nginx: worker process
www      27152 27133  0 18:58 ?        00:00:00 nginx: worker process
www      27153 27133  0 18:58 ?        00:00:00 nginx: worker process
www      27154 27133  0 18:58 ?        00:00:00 nginx: worker process
www      27155 27133  0 18:58 ?        00:00:00 nginx: worker process
www      27156 27133  0 18:58 ?        00:00:00 nginx: worker process
www      27157 27133  0 18:58 ?        00:00:00 nginx: worker process
root    27160 42863  0 18:58 pts/0    00:00:00 grep -i nginx

 
配置,运行Docker
 
(1) 停止docker
service docker stop

(2)编辑/etc/sysconfig/docker文件,加上如下一行
DOCKER_OPTS="--insecure-registry docker.yy.com --tlsverify --tlscacert /etc/pki/CA/cacert.pem"

(3) 把根证书复制到/etc/docker/certs.d/docker.yy.com/目录下
mkdir -p /etc/docker/certs.d/docker.yy.com/
cp /etc/pki/CA/cacert.pem /etc/docker/certs.d/docker.yy.com/ca-certificates.crt

(4) 启动docker
service docker start

 
下载,配置,运行registryimage
 
(1) 获取Image
docker pull registry

(2) 运行Image
mkdir -p /opt/registry
docker run -d -e STORAGE_PATH=/registry -v /opt/registry:/registry -p 127.0.0.1:5000:5000 --name registry registry

“
命令稍加解释一下:
-p 127.0.0.1:5000:5000 registry 作为上游服务器，这个 5000 端口可以不用映射出来，因为所有的外部访问都是通过前端的nginx来提供，nginx 可以在私有网络访问 registry 。
”
(3) 验证registry:

“
用浏览器输入: https://docker.yy.com
或者:curl -i -k https://abc:123@docker.yy.com
”
服务端的配置就到此完成!

[X] Docker客户端配置
 
(1) 编辑/etc/hosts,把docker.yy.com的ip地址添加进来,例如:
192.168.2.114 docker.yy.com

(2) 把docker registry服务器端的根证书追加到ca-certificates.crt文件里

先从docker registry服务器端把文件/etc/pki/CA/cacert.pem拷贝到本机,然后执行命令:
cat ./cacert.pem >> /etc/pki/tls/certs/ca-certificates.crt

(3) 验证docker.yy.com下的registry: