Nexus部署docker本地倉庫

上一篇講了怎么部署Nexus,及用Nexus部署yum源，現在講一下使用Nexus部署docker倉庫，為以后部署k8s等做本地倉庫。

下面安裝docker。

環境：centos7

yum -y install docker

yum -y install nginx

因為docker在傳輸的過程中默認使用的是https,在網上搜了一下有些說可以把它取消掉，做了一下測試，發現在上傳的時候還是有問題，因此我還是使用https的方式，所以在本地搭建了一個nginx用來做反向代理。

nginx配置：

[root@yangdong ~]# cat /usr/local/nginx/conf/conf.d/nexus.conf 
upstream nexus_docker_get {
    server 192.168.105.233:8082;
}
 
upstream nexus_docker_put {
    server 192.168.105.233:8083;
}
server {
    listen 80;
    listen 443 ssl;
    server_name idocker.yangdong.com;
    access_log /var/log/nginx/idocker.io.log;
    ssl_certificate  certs/server.crt;
    ssl_certificate_key certs/server.key;
    ssl_protocols TLSv1.1 TLSv1.2;
    ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    client_max_body_size 0;
    chunked_transfer_encoding on;
    if ( $request_method ~* 'GET') {
        set $upstream "nexus_docker_get";
    }
    index index.html index.htm index.php;
    if ( $request_method !=  'GET' ) {
    set $upstream "nexus_docker_put";
    }
    location / {
            proxy_pass http://$upstream;
            proxy_set_header Host $host;
            proxy_connect_timeout 3600;
            proxy_send_timeout 3600;
            proxy_read_timeout 3600;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_buffering off;
            proxy_request_buffering off;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto http;
    }
}

#證書需要自己簽發一個，我這里是自己簽發了一個idocker.yangdong.com的證書。因為這是本地簽發的因此需要在客戶端上做一下hosts解析。

vim /etc/hosts
192.168.105.233  idocker.yangdong.com

這時候還需要做一下docker的證書認證：

[root@yangdong certs.d]# cd /etc/docker/certs.d/
[root@yangdong certs.d]# ls idocker.yangdong.com/
ca.crt

#在docker的證書目錄下新建一個目錄，把自簽發的crt證書拷貝過來，記住一定要把名字改為ca.crt

重啟docker:

systemctl restart docker

 

驗證：

[root@yangdong ~]# docker login -uadmin -padmin123  idocker.yangdong.com
Login Succeeded
[root@yangdong ~]# docker images
REPOSITORY                                         TAG                 IMAGE ID            CREATED           
  SIZEdocker.io/nginx                                    latest              5a3221f0137b        5 days ago        
  126 MBfdfsimg.vip.test.suixinhuan.com/nginx              latest              5a3221f0137b        5 days ago        
  126 MBidocker.yangdong.com/nginx-v1                      latest              5a3221f0137b        5 days ago        
  126 MB192.168.105.233:8084/redis                         latest              f7302e4ab3a8        6 days ago        
  98.2 MBdocker.io/redis                                    latest              f7302e4ab3a8        6 days ago        
  98.2 MBfdfsimg.vip.test.suixinhuan.com/redis-v1           latest              f7302e4ab3a8        6 days ago        
  98.2 MBfdfsimg.vip.test.suixinhuan.com/redis              latest              f7302e4ab3a8        6 days ago        
  98.2 MBfdfsimg.vip.test.suixinhuan.com/gitlab/gitlab-ce   latest              eb85f9e7e4b4        8 days ago        
  1.84 GB[root@yangdong ~]# docker login -uadmin -padmin123  idocker.yangdong.com
Login Succeeded
[root@yangdong ~]# docker tag docker.io/redis idocker.yangdong.com/redis
[root@yangdong ~]# docker push idocker.yangdong.com/redis
The push refers to a repository [idocker.yangdong.com/redis]
567b5c120525: Layer already exists 
56f790a1596e: Layer already exists 
07c26782b55f: Layer already exists 
57ad49a0010c: Layer already exists 
00ac47184776: Layer already exists 
1c95c77433e8: Layer already exists 
latest: digest: sha256:0e67625224c1da47cb3270e7a861a83e332f708d3d89dde0cbed432c94824d9a size: 1572

這時候我們去Nexus上查看可以發現redis已經上傳到本地倉庫了。

 

 同理docker pull you_want_images也可以下載下來。