原创作品,允许转载,转载时请务必以超链接形式标明文章
原始出处 、作者信息和本声明。否则将追究法律责任。
http://dgd2010.blog.51cto.com/1539422/1729858
-
安装Docker引擎服务
-
安装docker-enter工具,便于使用docker
-
安装docker-registry服务
-
支持HTTPS的docker-registry服务
-
编译安装nginx
-
免费制作https所需的可被权威CA认证的SSL证书(DV Certificates)
-
配置nginx https服务
-
-
验证最终结果
-
CentOS运行python2.7的方法
(1)系统初始化完成后开始安装Docker引擎服务
1
|
apt-get -qq update -y
|
1
|
which
wget >
/dev/null
|| apt-get -qq
install
-y wget
|
1
|
wget -qO- https:
//get
.docker.com
/gpg
| apt-key add -
|
1
|
wget -qO- https:
//get
.docker.com/ | sh
|
1
|
docker version
|
(2)安装docker-enter工具,便于使用docker
1
|
which
curl >
/dev/null
|| apt-get -qq
install
-y curl
|
1
2
3
4
5
6
|
cd
/tmp
; wget -q https:
//www
.kernel.org
/pub/linux/utils/util-linux/v2
.24
/util-linux-2
.24.
tar
.gz;
tar
xzvf util-linux-2.24.
tar
.gz
cd
util-linux-2.24
.
/configure
--without-ncurses &&
make
nsenter
cp
nsenter
'/usr/local/bin'
which
nsenter
cd
|
1
2
|
wget -P ~ https:
//github
.com
/yeasy/docker_practice/raw/master/_local/
.bashrc_docker;
echo
"[ -f ~/.bashrc_docker ] && . ~/.bashrc_docker"
>> ~/.bashrc;
source
~/.bashrc
|
(3)安装docker-registry服务
1
|
apt-get -qq -y
install
build-essential python-dev libevent-dev python-pip libssl-dev liblzma-dev libffi-dev swig
|
1
2
3
|
git clone https:
//github
.com
/docker/docker-registry
.git
cd
docker-registry
python setup.py
install
|
1
|
test
-d
'/usr/local/lib/python2.7/dist-packages/docker_registry-1.0.0_dev-py2.7.egg/config/'
&&
cd
/usr/local/lib/python2
.7
/dist-packages/docker_registry-1
.0.0_dev-py2.7.egg
/config/
|
1
|
cp
config_sample.yml config.yml
|
1
|
nohup
gunicorn --access-logfile - --error-logfile - -k gevent -b 0.0.0.0:5000 -w 4 --max-requests 100 docker_registry.wsgi:application >>
/tmp/docker-registry
.log &
|
1
|
killall gunicorn
|
1
2
3
|
# Insecure Registry, Deploying a plain HTTP registry,Using self-signed certificates
grep
insecure
/etc/default/docker
||
echo
'DOCKER_OPTS="--insecure-registry docker.domain.com:5000"'
>>
/etc/default/docker
service docker stop && service docker start
|
(4)配置支持HTTPS的docker-registry服务
编译安装nginx
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
wget http:
//nginx
.org
/download/nginx-1
.8.0.
tar
.gz
tar
zxf nginx-1.8.0.
tar
.gz
wget
ftp
:
//ftp
.csx.cam.ac.uk
/pub/software/programming/pcre/pcre-8
.37.
tar
.gz
tar
zxf pcre-8.37.
tar
.gz
wget https:
//www
.openssl.org
/source/openssl-1
.0.2e.
tar
.gz
tar
zxf openssl-1.0.2e.
tar
.gz
wget http:
//zlib
.net
/zlib-1
.2.8.
tar
.gz
tar
zxf zlib-1.2.8.
tar
.gz
groupadd -r www
useradd
-r -g www www -c
"Web user"
-d
/dev/null
-s
/sbin/nologin
cd
nginx-1.8.0
.
/configure
--prefix=
/usr/local/nginx
--with-http_ssl_module --user=www --group=www --with-pcre=
/root/pcre-8
.37 --with-zlib=
/root/zlib-1
.2.8 --with-openssl=
/root/openssl-1
.0.2e
make
&&
make
install
/usr/local/nginx/sbin/nginx
-V
|
免费制作https所需的可被权威CA认证的SSL证书(DV Certificates)
-
python2.6以上(不含python2.6),CentOS系统默认安装的是python2.6,CentOS升级python的方法参照下文。
-
要申请的证书的common name也就是证书使用者(持有人)的域名需要指向当前客户端所在的主机,例如你要给自己的网站域名为www.domian.com申请证书,则www.domain.com必须与你执行下列步骤时所在的主机是同一个主机(域名解析到此主机,不区分A记录还是CNAME记录),原因是在生成证书的过程中letsencrypt服务器会与当前客户端进行通信,如果不是同一个主机则将导致无法通过验证或者通信失败,进而导致证书生成失败。 如果,域名不是DNS运营商来得到的,则可以尝试修改hosts文件。例如在Linux下,修改/etc/hosts文件,添加your_ip_address www.yourdomainname.com条目即可。
1
2
3
|
git clone https:
//github
.com
/letsencrypt/letsencrypt
cd
letsencrypt
.
/letsencrypt-auto
certonly --standalone --email dgdenterprise@gmail.com -d www.domain.com
|
配置nginx https服务
1
2
|
# for htpasswd
apt-get -qq -y
install
apache2-utils
|
1
|
mkdir
/usr/local/nginx/conf/vhost
|
1
|
sed
-i
'$i include vhost/*.conf;'
/usr/local/nginx/conf/nginx
.conf
|
1
|
vim
/usr/local/nginx/conf/vhost/https_www
.yourdomainname.com.conf
|
1
|
vim
/usr/local/nginx/conf/vhost/http_www
.yourdomainname.com.conf
|
1
2
|
/usr/local/nginx/sbin/nginx
-t
/usr/local/nginx/sbin/nginx
-s reload
|
(5)验证最终结果
附加:CentOS将python2.6切换到python2.7的方法
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
yum groupinstall -y
"Development tools"
yum
install
-y zlib-devel
bzip2
-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel
echo
'/usr/local/lib'
>>
/etc/ld
.so.conf
ldconfig
# Python 2.7.6:
wget -c http:
//python
.org
/ftp/python/2
.7.6
/Python-2
.7.6.
tar
.xz
tar
xf Python-2.7.6.
tar
.xz
cd
Python-2.7.6
.
/configure
--prefix=
/usr/local
--
enable
-unicode=ucs4 --
enable
-shared LDFLAGS=
"-Wl,-rpath /usr/local/lib"
make
&&
make
altinstall
cd
# First get the setup script for Setuptools:
wget -c https:
//bitbucket
.org
/pypa/setuptools/raw/bootstrap/ez_setup
.py
python2.7 ez_setup.py
easy_install-2.7 pip
# Install virtualenv for Python 2.7 and create a sandbox called my27project:
pip2.7
install
virtualenv
virtualenv-2.7 my27project
# Check the system Python interpreter version:
python --version
# This will show Python 2.6.6
# Activate the my27project sandbox and check the version of the default Python interpreter in it:
source
my27project
/bin/activate
python --version
# This will show Python 2.7.6
# 在这里运行生成证书的程序
# 生成证书完毕后执行deactivate,退出virtualenv
deactivate
|