转载

访问私有镜像服务器 (包含最新的 Docker Trusted Registry)

如果你想连接私有镜像服务器,请看下面的简单步骤。

​比如你有一台私有镜像服务器 test.example.com:443

1) 先得到该服务器的 公钥(public key)

$ openssl s_client -showcerts -connect test.example.com:443

将其输出结果中的公钥复制出来

$ openssl s_client -showcerts -connect test.example.com:443
CONNECTED(00000003)
depth=0 C = US, O = Docker, OU = Docker, L = San Francisco, CN = test.example.com
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, O = Docker, OU = Docker, L = San Francisco, CN = test.example.com

verify return:1

Certificate chain

0 s:/C=US/O=Docker/OU=Docker/L=San Francisco/CN=test.example.com

i:/C=US/O=Docker/OU=Docker/L=San Francisco/CN=test.example.com

-----BEGIN CERTIFICATE-----

MIIFsjCCA5qgAwIBAgIRALRtKdj9DyxVtWXgQYDUIOAwDQYJKoZIhvcNAQELBQAw

YjELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkRvY2tlcjEPMA0GA1UECxMGRG9ja2Vy

MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRkwFwYDVQQDExB0ZXN0LmV4YW1wbGUu

Y29tMB4XDTE2MDIyODIwMzYzNVoXDTE3MDIyNzIwMzYzNVowYjELMAkGA1UEBhMC

VVMxDzANBgNVBAoTBkRvY2tlcjEPMA0GA1UECxMGRG9ja2VyMRYwFAYDVQQHEw1T

YW4gRnJhbmNpc2NvMRkwFwYDVQQDExB0ZXN0LmV4YW1wbGUuY29tMIICIjANBgkq

hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqVOIkSOQGdTN+/xv01lZo2ICs+VVGU+Q

auPF/bKI/5WUQCIjb9QF+voprzRD5Etwym11QIqnIk6XnQwe25mJwMu1ZkGN3ZF/

gcCXlh44Yam2VB2VU0A0wAFO395ZJbj20ma2R8b9+XQkk3SnnpSKWzkCJphvn6PV

8nk3GN3l+U6lSBZhNQkybvya9no0IOcEVXkDNf4aoRJukRxcl/8kJqgJchyk1Qs4

UY3KFSSuxDqMGOcX3zbIhIZfW7yVlVtt4H/BnzzxAkdJvgiKOMXg8ekvf3hz3WTM

waMv9BzF1X2KMFaMupz0pVGOCLpRiLJCENYAbVHJq7i3JGprQWtH9nMGa5OdPJy1

ZI2m87jDmf6kGXiylcjPlFbcy77/fTgNr5ZoBSVdiDOhA4NznuQTBevIpCJaIOcw

dNsiKOWLI0aTZfQlCYDU6km43W5P6Wpet39whm5ENNBLAUffpEm2ykMxOFZa6Irm

pTtvNFZcgN6r9wftJ4jBAFdMIiEFbJtJWf8JlLPx7ehMMpbXit0xppspv5072jE8

5+NQY1kAzuwJxDkshDC0FVgh4p8e6IuObWIkyWBPg4nQxFhyBu0cbBO31rKWfbbd

Id3fWmNl+7VcI81w1I1tbc4yrT24Yst1XYRRQJYxkDuhwhh6FY8+0XoSX7Vee9F+

VWRMMwTes48CAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQFMAMB

Af8wHQYDVR0OBBYEFGy9bakVCvc9FBSee6gsZ4NZlM4bMB8GA1UdIwQYMBaAFGy9

bakVCvc9FBSee6gsZ4NZlM4bMA0GCSqGSIb3DQEBCwUAA4ICAQBOFHSBIgkvOybo

2lnm9WvL1mL0WLitHmY1krrFEnlva+h1U2YUbpFunZbEx61fC6rhy8jpiEFF4mdI

zCXd1b0fQb5+LtDO2rvqZXhANqCtXeoRf3gNPBDORca7w3BoSm3KaAOCE3zKYHqj

TE7lwZCwNlNslVMuVBfsZ5mk1K6NBzQMai+AzxSQVOYIW8hA7YaS2qumTe7Hulce

1NVUVRA0wtMBSXRWelrTXi8LJtRtU5W3nkq9TefaWK+dI3EYENflOSO4Cw+IBJX8

bA9hWgvKzFZKu5p4rfpqCHygi3Bbr+VLiKaGKbdlj9p3ro4hMCbYEIZQFullGubS

N8Rk+a9WTEPmZ/J7rgi7y1v+nwnrhMsRU4sg7H4JXaEE0pA4MBQbJexstXvSk2YP

9eWjHinmhNjfFSudt7hRXoH2kwlcd8pwA6PbaLTHTUCzESy1oFnSRVVYA2pJC5jt

vFXQU2vz4b25zIrDYuRr37GSKJXCzc6HcsGlu6+EumkA7kvUGZRX7oZmod9v6GU1

klTb370cFMy7Dn2Fq4iubM85P3bOMai8hT48nVa2WTJPik1b6WvJhzl1ZZOVc9Jt

1uO61+oSMZWm2unIyyZ3ZQZE0q1da++JXqGW7VKJDZbVw4GQyCtDji/cgrfFnopB

tnVd5ASYgCpXEgB+aGP5Cu00isU47A==

-----END CERTIFICATE-----

Server certificate

subject=/C=US/O=Docker/OU=Docker/L=San Francisco/CN=test.example.com

issuer=/C=US/O=Docker/OU=Docker/L=San Francisco/CN=test.example.com

2) 复制公钥到文件 /etc/docker/certs.d/test.example.com:443/ca.crt

3) 验证该CA证书

cd /etc/docker/certs.d/test.example.com:443
curl -u user:password --cacert ca.crt https://test.example.com:443

4) 即可成功登录镜像服务器

docker login -u user -p password -e mailbox test.example.com:443
原文  http://dockone.io/article/1073
正文到此结束
Loading...