概要
Macのboot2docker上でregistry2.0をさくっと動かす。
https://docs.docker.com/registry/deploying/ を参考に作業
ApacheやNginxを立ててBasic認証はここではしない。
Basic認証をする場合は下記を参考にする
簡単に認証用意できるみたいなので書いた
reg.loというHostで準備していく
$ mkdir registry
$ cd registry
$ sudo vi /etc/hosts
192.168.59.103 reg.lo
$ boot2docker start
$ eval "$(boot2docker shellinit)"
鍵作成、CN=reg.loを設定する
$ mkdir -p certs && openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
-x509 -days 365 -out certs/domain.crt
Generating a 4096 bit RSA private key
.....................................++
..................................................................................................++
writing new private key to 'certs/domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:reg.lo
Email Address []:
鍵を指定してregistry起動(Serverへの設定)
$ mkdir data
$ docker run -d -p 5000:5000 \
-v `pwd`/certs:/certs \
-v `pwd`/data:/var/lib/registry \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
--restart=always --name registry \
registry:2.0
接続Test
$ curl -IL https://reg.lo:5000/v2/ --cacert certs/domain.crt
HTTP/1.1 200 OK
Content-Length: 2
Content-Type: application/json; charset=utf-8
Docker-Distribution-Api-Version: registry/2.0
Date: Sat, 08 Aug 2015 21:50:11 GMT
鍵をboot2dockerに設置(クライアントのdockerへの設定)
$ boot2docker ssh
$ sudo vi /etc/hosts
192.168.59.103 reg.lo
// boot2dockerはUsersがMountされているのでそこから取得
$ sudo cp /Users/xxx/registry/certs/domain.crt /etc/ssl/certs/reg.lo.pem
$ sudo chmod 0600 /etc/ssl/certs/reg.lo.pem
$ exit
$ boot2docker ssh sudo /etc/init.d/docker restart
接続Test
$ docker pull hello-world
$ docker tag hello-world reg.lo:5000/hello-world
$ docker push reg.lo:5000/hello-world