月度归档： 2023 年 6 月

nginx生成ssl证书

1、创建证书存放路径

[root@nginx ~]# mkdir /home/nginx/ssl

[root@nginx ~]# cd /home/nginx/ssl

2、生成根证书的私钥

[root@nginx ~]# openssl genrsa 1024 > /home/nginx/ssl/server.key

genrsa：产生rsa密钥命令
1024： 密钥的长度位数，默认为512

3、生成证书签署请求，（创建服务器证书的申请文件server.csr）

[root@nginx nginx]# openssl req -new -key /home/nginx/ssl/server.key > /home/nginx/ssl/server.csr

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN　　　　#国家名称
State or Province Name (full name) []:BJ　　#州或省名称
Locality Name (eg, city) [Default City]:BJ　　　　#城市
Organization Name (eg, company) [Default Company Ltd]:xiaoguaishou　　#组织名称（例如，公司）
Organizational Unit Name (eg, section) []:OP　　　　　　#组织单位名称（例如，部门）
Common Name (eg, your name or your server's hostname) []:127.0.0.1　　　　　　#通用名称（例如，您的名称或服务器主机名）
Email Address []:xiaoguaishou@qq.com　　　　#电子邮件地址

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:test@123　　　　#密码
An optional company name []:xiaoguaishou　　　　#可选公司名称

4、创建服务器证书（有效期十年）

[root@nginx nginx]# openssl req -x509 -days 3650 -key /home/nginx/ssl/server.key -in /home/nginx/ssl/server.csr > /home/nginx/ssl/server.crt

5、查看生成的证书

[root@nginx ssl]# ls
server.crt server.csr server.key　　　　　　#共生成3个文件

6、nginx配置证书

[root@nginx ]# vim /home/nginx/conf/nginx.conf

server {
listen 443 ssl;
server_name localhost;

ssl_certificate /home/nginx/ssl/server.crt;　　　　#证书路径
ssl_certificate_key /home/nginx/ssl/server.key;　　#证书路径

ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;

ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location / {
root html;
index index.html index.htm;
}
}

7、重启nginx

[root@nginx nginx]# systemctl restart nginx.service

8、访问，测试

浏览器：https://192.168.61.142

2023-06-04

Docker Registry web-ui 部署

Registry web-ui 获取

docker pull hyper/docker-registry-web

编辑配置文件 vim RegistryWebUi/config.yml

registry:
  # Docker registry url
  url: http://ip:端口/v2
  # Docker registry fqdn
  name: localhost:端口
  # To allow image delete, should be false
  readonly: false
  auth:
    # Disable authentication
    enabled: false ##如果不需要分用户权限设置，推荐选择false

Registry web-ui 运行

docker run -d -p 10082:8080  --name registry-web --link myRegistry -v $(pwd)/RegistryWebUi/:/conf/:ro hyper/docker-registry-web:latest

* --link myRegistry  这边的myRegistry是我之前搭建的docker仓库容器的名字
* 之前搭建docker仓库的命令是：
ocker run -p 31000:5000 --restart=always -itd  --privileged=true -v /hardDisk_sdd/registry:/var/lib/registry  --name myRegistry -v /etc/localtime:/etc/localtime  registry:latest

Registry 设置

sudo docker exec -it myRegistry /bin/sh
cd /etc/docker/registry
vi config.yml
加入
  delete:                                                                                                                                                                          
    # To allow image delete                                                                                                                                                        
    enabled: true

version: 0.1                                                                                                                                                                       
log:                                                                                                                                                                               
  level: info                                                                                                                                                                      
  formatter: text                                                                                                                                                                  
  fields:                                                                                                                                                                          
    service: registry                                                                                                                                                              
    environment: OfficeProduction                                                                                                                                                  
storage:                                                                                                                                                                           
  cache:                                                                                                                                                                           
    blobdescriptor: inmemory                                                                                                                                                       
  filesystem:                                                                                                                                                                      
    rootdirectory: /var/lib/registry                                                                                                                                               
  delete:                                                                                                                                                                          
    # To allow image delete                                                                                                                                                        
    enabled: true                                                                                                                                                                  
http:                                                                                                                                                                              
  addr: :31000                                                                                                                                                                     
  headers:                                                                                                                                                                         
    X-Content-Type-Options: [nosniff]                                                                                                                                              
health:                                                                                                                                                                            
  storagedriver:                                                                                                                                                                   
    enabled: true                                                                                                                                                                  
    interval: 10s                                                                                                                                                                  
    threshold: 3

重启 myRegistry

sudo docker restart myRegistry

2023-06-03

Docker registry API

查询catalog

sudo curl -k -XGET https://www.registry.com/v2/_catalog

查询tags

sudo curl -k -XGET https://www.registry.com/v2/<image>/tags/list

删除镜像

# 查询镜像是否存在，以及tags
sudo curl -k -XGET https://user:passwd@www.registry.com/v2/debian/tags/list
# 获取digest参数
sudo curl -v --silent -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -XGET -k https://user:passwd@www.registry.com/v2/debian/manifests/jessie 2>&1 | grep Docker-Content-Digest | awk '{print $3}'
# 根据digest进行删除
sudo curl -X DELETE -k https://user:passwd@www.registry.com/v2/debian/manifests/sha256:a4a28eee3eb9698fef895484b2dbf1a2179e0f7b23408f5ebfc39b30bab031b4
# 数据清理
sudo docker exec registry /bin/registry garbage-collect /etc/docker/registry/config.yml
sudo docker exec registry rm -rf /data/docker/registry/v2/respositories/debian

2023-06-03