K8s:搭建镜像加速:修订间差异

来自WHY42
Riguz留言 | 贡献
建立內容為「= 生成证书 = 建一个空的网站,指向registry.riguz.com,然后更新证书: <syntaxhighlight lang="bash"> sudo certbot --apache </syntaxhighlight> =…」的新頁面
 
Riguz留言 | 贡献
第44行: 第44行:
   remoteurl : https://gcr.io
   remoteurl : https://gcr.io
</syntaxhighlight>
</syntaxhighlight>
<syntaxhighlight lang="bash">
docker run -d -p 5000:443 \
    --restart always \
    --name registry  \
    -v /etc/letsencrypt/archive/riguz.com:/certs \
    -v "$(pwd)"/auth:/auth \
    -v "$(pwd)"/config.yml:/etc/docker/registry/config.yml \
    -e "REGISTRY_AUTH=htpasswd" \
    -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
    -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
    -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
    -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/fullchain3.pem \
    -e REGISTRY_HTTP_TLS_KEY=/certs/privkey3.pem \
    registry:latest
</syntaxhighlight>
= apache 代理 =

2021年11月10日 (三) 02:00的版本

生成证书

建一个空的网站,指向registry.riguz.com,然后更新证书:

sudo certbot --apache

安装Docker

sudo apt-get install     ca-certificates     curl     gnupg     lsb-release
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
 echo   "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io

启动镜像

htpasswd -Bbn user xxxxxxxxx> auth/htpasswd
version: 0.1
log:
  fields:
    service: registry
storage:
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3
proxy:
  remoteurl : https://gcr.io
docker run -d -p 5000:443 \
    --restart always \
    --name registry  \
    -v /etc/letsencrypt/archive/riguz.com:/certs \
    -v "$(pwd)"/auth:/auth \
    -v "$(pwd)"/config.yml:/etc/docker/registry/config.yml \
    -e "REGISTRY_AUTH=htpasswd" \
    -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
    -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
    -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
    -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/fullchain3.pem \
    -e REGISTRY_HTTP_TLS_KEY=/certs/privkey3.pem \
    registry:latest

apache 代理