访问私有镜像服务器 (包含最新的 Docker Trusted Registry)


如果你想连接私有镜像服务器,请看下面的简单步骤。

比如你有一台私有镜像服务器 test.example.com:443

1) 先得到该服务器的 公钥(public key)

$ openssl s_client -showcerts -connect test.example.com:443


将其输出结果中的公钥复制出来
$ openssl s_client -showcerts -connect test.example.com:443
CONNECTED(00000003)
depth=0 C = US, O = Docker, OU = Docker, L = San Francisco, CN = test.example.com
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, O = Docker, OU = Docker, L = San Francisco, CN = test.example.com

verify return:1

Certificate chain
0 s:/C=US/O=Docker/OU=Docker/L=San Francisco/CN=test.example.com
i:/C=US/O=Docker/OU=Docker/L=San Francisco/CN=test.example.com
-----BEGIN CERTIFICATE-----
MIIFsjCCA5qgAwIBAgIRALRtKdj9DyxVtWXgQYDUIOAwDQYJKoZIhvcNAQELBQAw
YjELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkRvY2tlcjEPMA0GA1UECxMGRG9ja2Vy
MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRkwFwYDVQQDExB0ZXN0LmV4YW1wbGUu
Y29tMB4XDTE2MDIyODIwMzYzNVoXDTE3MDIyNzIwMzYzNVowYjELMAkGA1UEBhMC
VVMxDzANBgNVBAoTBkRvY2tlcjEPMA0GA1UECxMGRG9ja2VyMRYwFAYDVQQHEw1T
YW4gRnJhbmNpc2NvMRkwFwYDVQQDExB0ZXN0LmV4YW1wbGUuY29tMIICIjANBgkq
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqVOIkSOQGdTN+/xv01lZo2ICs+VVGU+Q
auPF/bKI/5WUQCIjb9QF+voprzRD5Etwym11QIqnIk6XnQwe25mJwMu1ZkGN3ZF/
gcCXlh44Yam2VB2VU0A0wAFO395ZJbj20ma2R8b9+XQkk3SnnpSKWzkCJphvn6PV
8nk3GN3l+U6lSBZhNQkybvya9no0IOcEVXkDNf4aoRJukRxcl/8kJqgJchyk1Qs4
UY3KFSSuxDqMGOcX3zbIhIZfW7yVlVtt4H/BnzzxAkdJvgiKOMXg8ekvf3hz3WTM
waMv9BzF1X2KMFaMupz0pVGOCLpRiLJCENYAbVHJq7i3JGprQWtH9nMGa5OdPJy1
ZI2m87jDmf6kGXiylcjPlFbcy77/fTgNr5ZoBSVdiDOhA4NznuQTBevIpCJaIOcw
dNsiKOWLI0aTZfQlCYDU6km43W5P6Wpet39whm5ENNBLAUffpEm2ykMxOFZa6Irm
pTtvNFZcgN6r9wftJ4jBAFdMIiEFbJtJWf8JlLPx7ehMMpbXit0xppspv5072jE8
5+NQY1kAzuwJxDkshDC0FVgh4p8e6IuObWIkyWBPg4nQxFhyBu0cbBO31rKWfbbd
Id3fWmNl+7VcI81w1I1tbc4yrT24Yst1XYRRQJYxkDuhwhh6FY8+0XoSX7Vee9F+
VWRMMwTes48CAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQFMAMB
Af8wHQYDVR0OBBYEFGy9bakVCvc9FBSee6gsZ4NZlM4bMB8GA1UdIwQYMBaAFGy9
bakVCvc9FBSee6gsZ4NZlM4bMA0GCSqGSIb3DQEBCwUAA4ICAQBOFHSBIgkvOybo
2lnm9WvL1mL0WLitHmY1krrFEnlva+h1U2YUbpFunZbEx61fC6rhy8jpiEFF4mdI
zCXd1b0fQb5+LtDO2rvqZXhANqCtXeoRf3gNPBDORca7w3BoSm3KaAOCE3zKYHqj
TE7lwZCwNlNslVMuVBfsZ5mk1K6NBzQMai+AzxSQVOYIW8hA7YaS2qumTe7Hulce
1NVUVRA0wtMBSXRWelrTXi8LJtRtU5W3nkq9TefaWK+dI3EYENflOSO4Cw+IBJX8
bA9hWgvKzFZKu5p4rfpqCHygi3Bbr+VLiKaGKbdlj9p3ro4hMCbYEIZQFullGubS
N8Rk+a9WTEPmZ/J7rgi7y1v+nwnrhMsRU4sg7H4JXaEE0pA4MBQbJexstXvSk2YP
9eWjHinmhNjfFSudt7hRXoH2kwlcd8pwA6PbaLTHTUCzESy1oFnSRVVYA2pJC5jt
vFXQU2vz4b25zIrDYuRr37GSKJXCzc6HcsGlu6+EumkA7kvUGZRX7oZmod9v6GU1
klTb370cFMy7Dn2Fq4iubM85P3bOMai8hT48nVa2WTJPik1b6WvJhzl1ZZOVc9Jt
1uO61+oSMZWm2unIyyZ3ZQZE0q1da++JXqGW7VKJDZbVw4GQyCtDji/cgrfFnopB
tnVd5ASYgCpXEgB+aGP5Cu00isU47A==

-----END CERTIFICATE-----

Server certificate
subject=/C=US/O=Docker/OU=Docker/L=San Francisco/CN=test.example.com
issuer=/C=US/O=Docker/OU=Docker/L=San Francisco/CN=test.example.com


2) 复制公钥到文件 /etc/docker/certs.d/test.example.com:443/ca.crt

3) 验证该CA证书

cd /etc/docker/certs.d/test.example.com:443
curl -u user:password --cacert ca.crt https://test.example.com:443



4) 即可成功登录镜像服务器

docker login -u user -p password -e mailbox test.example.com:443


5) 做个测试
docker build -t hello-world . 
docker tag <Image_id>  test.example.com:443/ACCOUNT/hello-world:0.1
docker push test.example.com:443/ACCOUNT/hello-world:0.1

1 个评论

你好,请问服务器端应该先创建证书吧,你这里未讲到,请问怎么配置。另外,配置tls后,客户端是否一定需要使用账户和密码才能登陆?
新手请指教!

要回复文章请先登录注册