registry登录认证
server(ubuntu 20.04) | centos7.7(client) |
---|---|
10.0.0.55 | 10.0.0.45 |
myrepo.com |
docker 版本(server) | 镜像版本(server) |
---|---|
19.03.13 | registry:2.6.2 |
1.环境部署
#新建目录
root@ylm-ubuntu:~# mkdir -p /opt/docker/certs
root@ylm-ubuntu:~# cd /opt/docker/
root@ylm-ubuntu:/opt/docker# ls
certs
#添加域名解析
root@ylm-ubuntu:/opt/docker# cat /etc/hosts
10.0.0.55 myrepo.comroot@ylm-ubuntu:/opt/docker# ping -w1 -c1 myrepo.com
PING myrepo.com (10.0.0.55) 56(84) bytes of data.
64 bytes from myrepo.com (10.0.0.55): icmp_seq=1 ttl=64 time=0.017 ms--- myrepo.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.017/0.017/0.017/0.000 ms
2.生成自签发证书
root@ylm-ubuntu:/opt/docker# openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/myrepo.key -x509 -days 365 -out certs/myrepo.crt
Generating a RSA private key
....................................++++
................................................................................ ..............................++++writing new private key to 'certs/myrepo.key'
-----You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,If you enter '.', the field will be left blank.
-----Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:BJ
Locality Name (eg, city) []:BJ
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:myrepo.com #和域名保持一致
Email Address []:
3.生成鉴权密码文件
root@ylm-ubuntu:/opt/docker# mkdir auth
root@ylm-ubuntu:/opt/docker# ls
auth certs#注意的一点是 使用2.6.2的镜像 否则会报错
root@ylm-ubuntu:/opt/docker# docker run --entrypoint htpasswd registry:2.6.2 -Bbn admin password > auth/htpasswd#个人感觉不知道怎么用 反正用下面的密文 我没有登录上去
root@ylm-ubuntu:/opt/docker# cat auth/htpasswd
admin:$2y$05$bOES6kCFIOpNbbQw9wb9o.uTB3qR01yJhr6gqnY72ycengYTKzpu.ps: 使用 :2 或latest的镜像 会报以下错误
docker: Error response from daemon: OCI runtime create failed: container_linux.g o:349: starting container process caused "exec: \"htpasswd\": executable file no t found in $PATH": unknown.
4.启动registry
$ docker run -d \
> --restart=always \
> --name registry \
> -v /opt/docker/certs:/certs \
> -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/myrepo.crt \
> -e REGISTRY_HTTP_TLS_KEY=/certs/myrepo.key \
> -v /opt/data/registry:/var/lib/registry \
> -v /opt/docker/auth:/auth -e "REGISTRY_AUTH=htpasswd" \
> -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
> -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
> -p 5000:5000 \
> registry:2.6.2#查看容器
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
67285dfdc56c registry:2.6.2 "/entrypoint.sh /etc…" 3 seconds ago Up 2 seconds 0.0.0.0:5000->5000/tcp registry#查看端口
root@ylm-ubuntu:/opt/docker# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name1526/sshd: ylm@pts/
tcp6 0 0 :::5000 :::* LISTEN
5.测试上传镜像
$ docker pull busybox
$ docker tag busybox:latest myrepo.com:5000/busybox#push报错 因为本地没有ca证书
$ docker push myrepo.com:5000/busybox
The push refers to repository [myrepo.com:5000/busybox]
Get https://myrepo.com:5000/v2/: x509: certificate signed by unknown authority#解决办法 拷贝ca证书到/etc/docker/certs.d/myrepo.com:5000目录下(目录可以新建) 并改名ca.crt
root@ylm-ubuntu:/opt/docker/auth# mkdir -p /etc/docker/certs.d/myrepo.com:5000
root@ylm-ubuntu:/etc/docker/certs.d/myrepo.com:5000# cp /opt/docker/certs/myrepo.crt ./
root@ylm-ubuntu:/etc/docker/certs.d/myrepo.com:5000# ls
myrepo.crt
root@ylm-ubuntu:/etc/docker/certs.d/myrepo.com:5000# mv myrepo.crt ca.crt
root@ylm-ubuntu:/etc/docker/certs.d/myrepo.com:5000# service docker restart#再次上传镜像还是报错 出现 no basic auth credentials 因为我们设置的登录认证 所以必须先登录
root@ylm-ubuntu:/etc/docker/certs.d/myrepo.com:5000# docker push myrepo.com:5000/busybox
The push refers to repository [myrepo.com:5000/busybox]
be8b8b42328a: Preparing
no basic auth credentials#登录出现错误 因为现在 我是用的时/opt/docker/auth/htpasswd下的密文密码
root@ylm-ubuntu:/etc/docker/certs.d/myrepo.com:5000# docker login myrepo.com:5000
Username: admin
Password:
Error response from daemon: login attempt to https://myrepo.com:5000/v2/ failed with status: 401 Unauthorized#改用明文密码登录
root@ylm-ubuntu:/etc/docker/certs.d/myrepo.com:5000# docker login myrepo.com:5000
Username: admin
Password: password #步骤3创建的
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
#登录成功
Login Succeededps:这也是我一致疑惑的地方 有大神明白的可以留言 感谢#再次push成功
root@ylm-ubuntu:/etc/docker/certs.d/myrepo.com:5000# docker push myrepo.com:5000/busybox
The push refers to repository [myrepo.com:5000/busybox]
be8b8b42328a: Pushed
latest: digest: sha256:2ca5e69e244d2da7368f7088ea3ad0653c3ce7aaccd0b8823d11b0d5de956002 size: 527
6.远端节点下载镜像
#设置域名解析
[root@c7-45 myrepo.com:5000]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.55 myrepo.com#在远端节点上新建同样的目录
[root@c7-45 myrepo.com:5000]# pwd
/etc/docker/certs.d/myrepo.com:5000
[root@c7-45 myrepo.com:5000]# ls
ca.crt #使用scp命令将证书拷贝ps:
#server主机上执行scp命令(server是ubuntu20.04 无法用root直接登录 所以这样拷贝输入centos的密码 比较方便)
scp /etc/docker certs.d/myrepo.com:5000/ca.crt root@10.0.0.45:/etc/docker/certs.d/myrepo.com:5000#登录镜像服务器
[root@c7-45 myrepo.com:5000]# docker login myrepo.com:5000
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded#下载镜像
[root@c7-45 myrepo.com:5000]# docker pull myrepo.com:5000/busybox
Using default tag: latest
latest: Pulling from busybox
Digest: sha256:2ca5e69e244d2da7368f7088ea3ad0653c3ce7aaccd0b8823d11b0d5de956002
Status: Downloaded newer image for myrepo.com:5000/busybox:latest
myrepo.com:5000/busybox:latest#查看镜像
[root@c7-45 myrepo.com:5000]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
myrepo.com:5000/busybox latest 6858809bf669 2 weeks ago 1.23MB
registry登录认证相关推荐
- 【Docker】Registry搭建私有仓库、证书认证、用户登录认证
一.Docker Registry工作原理 02_Docker Registry角色 Docker Registry有三个角色,分别是index.registry和registry client. i ...
- 自定义request_Spring Security 自定义登录认证(二)
一.前言 本篇文章将讲述Spring Security自定义登录认证校验用户名.密码,自定义密码加密方式,以及在前后端分离的情况下认证失败或成功处理返回json格式数据 温馨小提示:Spring Se ...
- Linux 搭建NodeBB社区,搭建CAS登录认证平台,实现Nodebb接入企业CAS认证(一)
一,搭建Nodebb社区 1,安装编译环境nodejs,npm安装后版本号如下(同时得安装redis, git常用开发软件): 2,下载nodebb代码 git clone git://github. ...
- SpringCloud整合Sa-Token登录认证+Gateway网关拦截
Sa-Token介绍:Sa-Token 是一个轻量级 Java 权限认证框架,主要解决:登录认证.权限认证.单点登录.OAuth2.0.分布式Session会话.微服务网关鉴权 等一系列权限相关问题 ...
- 傻瓜式使用SpringSecurity完成前后端分离+JWT+登录认证+权限控制
流程分析 流程说明: 客户端发起一个请求,进入 Security 过滤器链.当到 LogoutFilter 的时候判断是否是登出路径,如果是登出路径则到 logoutHandler ,如果登出成功则到 ...
- docker-registry登录认证
server(ubuntu 20.04) centos7.7(client) 10.0.0.55 10.0.0.45 myrepo.com docker 版本(server) 镜像版本(server) ...
- 厉害,我带的实习生仅用四步就整合好SpringSecurity+JWT实现登录认证
小二是新来的实习生,作为技术 leader,我还是很负责任的,有什么锅都想甩给他,啊,不,一不小心怎么把心里话全说出来了呢?重来! 小二是新来的实习生,作为技术 leader,我还是很负责任的,有什么 ...
- docker registry v2认证备忘
docker registry v2认证过程 https://docs.docker.com/registry/spec/images/v2-registry-auth.png1.尝试从docker ...
- Spring Security实现JDBC用户登录认证
在搭建博客后端服务框架时,我采用邮件注册+Spring Security登录认证方式,结合mysql数据库,给大家展示下具体是怎么整合的. 本篇是基于上一篇:spring boot实现邮箱验证码注册 ...
- 基于jwt的用户登录认证
最近在app的开发过程中,做了一个基于token的用户登录认证,使用vue+node+mongoDB进行的开发,前来总结一下. token认证流程: 1:用户输入用户名和密码,进行登录操作,发送登录信 ...
最新文章
- CVPR 2020: 移动端机器学习的研究实现
- python中怎么绘制柱状簇_用Python绘制簇的质心
- gRPC学习记录(六)--客户端连接池
- 记录一次withRouter的实际应用场景
- bind_param 类怎么写_情感类自媒体怎么写?你不知道的情感类文章4大禁忌!
- 【java学习之路】(java框架)003.Mybatis的介绍和基本使用
- lsof 功能使用详解
- 深度学习_算法工程师 6 万字总结算法面试中的深度学习基础问题
- 最新中国上市公司市值500强(2021年)
- CentOS6.5服务器端口捆绑
- 千锋教育python老师_千锋老师分享Python经典面试题
- python怎么求圆柱表面积半径和高由键盘输入_编写程序,从键盘输入圆的半径,求圆的周长和面积并输出。_学小易找答案...
- oracle 列转行
- background图片叠加_java实现图片的叠加效果
- 【天光学术】汉语言文学论文:浅谈农村初中文言文教学现状及有效策略
- AI 教你画油画:任意画风都可驾驭
- Android 获得 usb 权限的两种方式
- Qemu kvm_qemu详细教程
- 20189200余超 2018-2019-2 移动平台应用开发实践第十周作业
- oracle ORA-28000: the account is locked 28000. 00000