데이터 저장할 디렉터리 생성
mkdir -p /data
mkdir -p /data/certs
mkdir -p /data/registry
mkdir -p /data/config
config file 생성
nano /data/config/config.yml
version: 0.1
log:
fields:
service: registry
storage:
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /data/registry
delete:
enabled: true
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
Create Certs SSL
move certs directory
cd /data/certs
Create Key
openssl genrsa -des3 -out server.key 2048
Enter pass phrase for server.key : 패스워드
Verifying - Enter pass phrase for server.key: 패스워드 다시 입력
Create csr
openssl req -new -key server.key -out server.csr
Country Name (2 letter code) [AU]: KR
State or Province Name (full name) [Some-State]: 도
Locality Name (eg, city) []: 시/군/구
Organization Name (eg, company) [Internet Widgits Pty Ltd]: 회사명
Organizational Unit Name (eg, section) []: 부서명
Common Name (e.g. server FQDN or YOUR name) []: 도메인, IP
Email Address []: Email
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Deconding Key File
openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:
key파일 생성 시 입력한 패스워드
create ext config file
echo subjectAltName=DNS:도메인,IP:아이피,IP:127.0.0.1 > extfile.cnf
Create CRT
openssl x509 -req -days 10000 -signkey server.key -in server.csr -out server.crt -extfile extfile.cnf
Apply Certs
sudo cp server.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
systemctl restart docker
Create registry.yml compose file
version: '3.7'
services:
registry:
container_name: "registry_web"
image: registry:2.6
ports:
- 5000:5000
environment:
REGISTRY_HTTP_ADDR: :5000
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/server.crt
REGISTRY_HTTP_TLS_KEY: /certs/server.key
REGISTRY_STORAGE: filesystem
REGISTRY_STORAGE_DELETE_ENABLED: 'true'
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /var/lib/registry
volumes:
- /data/registry:/var/lib/registry
- /data/certs:/certs
- /data/config/config.yml:/etc/docker/registry/config.yml
restart: always
logging:
driver: "json-file"
options:
"max-size": "10m"
"max-file": "5"
Start registry
docker-compose -f registry.yml up -d
Client Apply Certs
Server에서 생성한 server.crt 파일을 Client PC로 옮긴 후 아래 진행
Windows
![](https://debtolee.pe.kr/wp-content/uploads/2023/11/image-1.png)
server.crt 파일을 오른쪽 마우스 클릭 후 인증서 설치하면 완료.
Linux
sudo cp server.crt /usr/share/ca-certificates/
echo server.crt >> /etc/ca-certificates.conf
sudo update-ca-certificates
systemctl restart docker