#拉取docker仓库镜像
docker pull registry:2.7.0

#创建临时目录（用于存储仓库所需密钥和证书以及挂载目录）
mkdir -p /root/registry/auth /root/registry/certs /root/registry/share

#生成仓库证书到临时目录
openssl req -x509 -days 3650 -subj '/CN=master1:5000/' -nodes -newkey rsa:2048 -keyout /root/registry/certs/domain.key -out /root/registry/certs/domain.crt

#创建临时仓库容器，通过临时仓库容器内的密钥生成组件生成密钥
docker run --name registry --entrypoint htpasswd registry:2.7.0 -Bbn root Aa123456 > /root/registry/auth/htpasswd

#删除临时仓库容器
docker rm -f registry

#创建仓库容器
docker run -d -p 5000:5000 --restart always --name registry -v /root/registry/share:/var/lib/registry -v /root/registry/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -v /root/registry/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key registry:2.7.0

#创建仓库证书目录
mkdir -p /etc/docker/certs.d/master1:5000

#拷贝之前生成的证书到仓库证书目录中
cp /root/registry/certs/domain.crt /etc/docker/certs.d/master1:5000

#修改docker配置，注册私有仓库
vim /etc/docker/daemon.json
{
        "exec-opts":["native.cgroupdriver=systemd"],
        "registry-mirrors":["https://6yu5a2i2.mirror.aliyuncs.com"],
        "insecure-registries":["master1:5000"]
}

#重载docker配置
systemctl reload docker

#重启docker
systemctl restart docker

#登录docker仓库
docker login master1:5000

#指定需要推送的镜像的标签（这里dian是一个测试镜像）
docker tag dian master1:5000/dian

#推送镜像到私有仓库
docker push master1:5000/dian

#删除本地镜像
docker rmi master1:5000/dian

#从私有仓库中重新拉取刚才推送的镜像
docker pull master1:5000/dian

#查看当前本地镜像，如果成功，则表示从私有仓库中拉取dian镜像成功了
docker images

#完结撒花