| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 |
- cookie today
- centos mount
- mysql galera cluster
- mariadb galera cluster
- docker 설치
- mysql database 검사
- mysql 사용자 생성
- mysql yum 설치
- mysql 검사
- mysql recovery
- 서버 재시작시 mount
- 쿠키 하루
- mysqlcheck
- linux mount 방법
- mysql 모든 데이터 삭제
- 쿠키 오늘
- mysql 자동복구
- galera cluster 재시작
- mysql DB권한
- mysql auto repair
- mysql yum install
- cookie 하루 저장
- mysql table 손상
- elasticsearch mapping생성
- mysql all table truncate
- 쿠키 하루 저장
- mariadb 모든 데이터 삭제
- mariadb all table truncate
- mysql 손상
- mysql database truncate
- Today
- Total
IT
docker private Registry 생성(개인 저장소) 본문
DOCKER private Registry 생성
[certs 폴더에 개인키 생성]
# mkdir certs && cd certs && openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
.............................................................+++
...................................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key: <<비밀번호 입력>>
[인증 요청서 생성]
# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:kr
State or Province Name (full name) []:seoul
Locality Name (eg, city) [Default City]:city
Organization Name (eg, company) [Default Company Ltd]:<<회사명>>
Organizational Unit Name (eg, section) []:<<부서명>>
Common Name (eg, your name or your server's hostname) []:yucea
Email Address []:<<email>>
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:<<password>>
An optional company name []:<<company name>>
[개인키에서 패스워드 제거]
# cp server.key server.key.origin && openssl rsa -in server.key.origin -out server.key && rm server.key.origin
Enter pass phrase for server.key.origin:
writing RSA key
rm: remove 일반 파일 `server.key.origin'? y
[인증서 생성]
# openssl x509 -req -days 730 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=kr/ST=seoul/L=city/O=XX/OU=XXXX/CN=yucea/emailAddress=<<email>>
Getting Private key
[인증서 목록]
# ll
합계 12
-rw-r--r-- 1 root root 1257 1월 29 17:14 server.crt
-rw-r--r-- 1 root root 1086 1월 29 17:11 server.csr
-rw-r--r-- 1 root root 1675 1월 29 17:14 server.key
[Docker Private Registry 실행]
# docker run -d -p 5000:5000 --restart=always --name cms-registry \
-v <<인증서경로>>:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/server.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/server.key \
registry:latest
# docker run -d -p 5000:5000 --restart=always --name cms-registry \
-v /home/npsadmin/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/server.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/server.key \
registry:latest
[docker registry 확인]
# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
735eaf5481ea registry:latest "/entrypoint.sh /e..." 11 days ago Up 5 days 0.0.0.0:5000->5000/tcp cms-registry
*쿠버네티스에서 docker 배포 할거라면
[모든 worker서버에 insecure-registries 설정 추가]
# vi /etc/docker/daemon.json (파일 없었고 새로 생성함)
{
"insecure-registries" : ["192.168.0.141:5000"]
}
192.168.0.141 -> master server Ip 주소
-도커 재시작
# systemctl restart docker
'docker' 카테고리의 다른 글
| docker 설치 (0) | 2020.08.11 |
|---|---|
| docker container 컨테이너 시간 변경 방법 (0) | 2019.02.15 |
| docker와 서버간의 파일 복사 (0) | 2019.02.15 |