首先我们打开nexus:
创建一个docker hosted仓库:
取个名,给个端口号,创建仓库,docker push 请求是https请求,我的nexus部署在内网,也不需要https,
所以在docker里添加http访问白名单:
vim /etc/docker/daemon.json
添加内容 "insecure-registries":["10.30.80.200:5000"],把nexus的ip和刚才设置的端口号添加到以下文件中:
{
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"],
"exec-opts": ["native.cgroupdriver=cgroupfs"],
"log-driver": "json-file",
"insecure-registries":["192.168.146.133:5000"],
"log-opts": {
"max-size": "100m"
}
}
重启docker
systemctl daemon-reload && systemctl restart docker
测试以下上传镜像:
# [root@wh01-vmapp-80-200 ~]# docker login 10.30.80.105:8089
# Username: admin
# Password:
# WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
# Configure a credential helper to remove this warning. See
# https://docs.docker.com/engine/reference/commandline/login/#credentials-store
# Login Succeeded
# [root@wh01-vmapp-80-200 ~]# docker push 10.30.80.105:8089/defaultbackend:1.4
# The push refers to repository [10.30.80.105:8089/defaultbackend]
# d62604d5d244: Pushed
# 1.4: digest: sha256:865b0c35e6da393b8e80b7e3799f777572399a4cff047eb02a81fa6e7a48ed4b size: 528
上面登录的账号密码就是nexus的账号密码。
vim /etc/docker/daemon.json
FAQ:
如果你开启了https访问:Nexus 开启 https 访问,并且你的证书是自签的,
那么你在docker login的时候会提示,你的x509证书,是未知的。
需要把你的ca,安装到这台服务器上,重启docker:
cat ca.crt >> /etc/pki/tls/certs/ca-bundle.crt
systemctl daemon-reload && systemctl restart docker
如果是其他Linux发行版,该文件的位置可能是下面这些,视情况而定:
/etc/ssl/certs/ca-certificates.crt
/etc/ssl/ca-bundle.pem
/etc/ssl/cert.pem
/usr/local/share/certs/ca-root-nss.crt
网友评论