docker仓库数据传输加密

1.进行加密数据运算对配置文件底下的内容进行删除

[root@localhost ~]# vim /etc/docker/daemon.json 

重新启动docker程序

[root@localhost ~]# systemctl restart docker

2.建立加密目录，生成认证key和证书

[root@localhost ~]# mkdir certs

[root@localhost ~]# openssl req -newkey rsa:4096 -nodes -sha256 \
> -keyout certs/timinglee.org.key \
> -addext "subjectAltName = DNS:reg.timinglee.org" \    #指定备用名称
> -x509 -days 365 -out certs/timinglee.org.crt

目录底下成功生成证书和Key

注意：域名解析创建存在对应的地址reg.timinglee.org

[root@localhost ~]# vim /etc/hosts

172.25.254.200 docker-node1.timinglee.org reg.timinglee.org

3.启动registry仓库

[root@localhost ~]# docker run -d -p 443:443 --restart=always \            #使用加密端口443
> -v /root/certs:/certs \                         # -v将本机的目录(/root/certs)挂载到镜像目录(/certs)中
> -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \                                         #指定http监控的端口
> -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/timinglee.org.crt \  #指定容器底下证书
> -e REGISTRY_HTTP_TLS_KEY=/certs/timinglee.org.key registry:latest #指定运行的镜像

检测仓库是否启动成功

4.尝试进行镜像推送 会失败

[root@localhost ~]# docker tag nginx:v3 reg.timinglee.org/nginx:v3
[root@localhost ~]# docker push reg.timinglee.org/nginx:v3

The push refers to repository [reg.timinglee.org/nignx]
Get "https://reg.timinglee.org/v2/": dial tcp: lookup reg.timinglee.org on 114.114.114.114:53: no such host

原因是docker客户端没有key和证书

5.为客户端建立证书

[root@localhost ~]# mkdir -p /etc/docker/certs.d/reg.timinglee.org -p
[root@localhost ~]# cp /root/certs/timinglee.org.crt /etc/docker/certs.d/reg.timinglee.org/ca.crt 

查看底下是否存在证书

[root@localhost ~]# systemctl restart docker

6.测试，再次推送nginx:v3

[root@localhost ~]# docker push reg.timinglee.org/nginx:v3