|
|
# **证书配置教程**
|
|
|
## **一、下载证书压缩包**
|
|
|
从组件开发平台中下载证书压缩包,包含以下3个文件:
|
|
|
|
|
|
- ca.pem
|
|
|
- server-cert.pem
|
|
|
- server-key.pem
|
|
|
## **二、上传至服务器**
|
|
|
使用winscp、FTP、XFTP、SCP等其他工具,将3个文件上传到服务器上。
|
|
|
|
|
|
在本次示例中,文件上传路径为 /etc/docker (可以替换为其他路径,在daemon.json中对应修改即可)
|
|
|
|
|
|
- sudo mv ca.pem /etc/docker/ca.pem
|
|
|
- sudo mv server-cert.pem /etc/docker/server-cert.pem
|
|
|
- sudo mv server-key.pem /etc/docker/server-key.pem
|
|
|
|
|
|
|
|
|
|
|
|
## 三、修改 Hosts 配置
|
|
|
|
|
|
将 当前平台访问ip 写入host中, 作为部署节点需要通过改ip获取docker镜像
|
|
|
|
|
|
```shell
|
|
|
echo CURRENT_IP nexus.io | sudo tee -a /etc/hosts
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
## **四、修改 docker 服务**
|
|
|
|
|
|
1. 将服务器上的 `docker.service` 进行修改:
|
|
|
|
|
|
通过 `systemctl status docker`查看docker服务状态:
|
|
|
|
|
|
通过 `cat` 检查ExecStart内容
|
|
|
|
|
|
```shell
|
|
|
cat /lib/systemd/system/docker.service | grep fd
|
|
|
```
|
|
|
|
|
|
如果执行结果为:`ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock`
|
|
|
|
|
|
则需要执行以下命令对 `docker.service` 进行修改:
|
|
|
|
|
|
```shell
|
|
|
sudo sed -i 's/-H\ fd:\/\///g' /lib/systemd/system/docker.service
|
|
|
```
|
|
|
|
|
|
2. 修改`daemon.json`配置
|
|
|
|
|
|
通过以下命令备份数据
|
|
|
|
|
|
```shell
|
|
|
sudo cp -v /etc/docker/daemon.json /etc/docker/daemon.json.$(date +%Y%m%d%H%M%S)
|
|
|
```
|
|
|
|
|
|
通过以下命令配置
|
|
|
|
|
|
```shell
|
|
|
echo '{
|
|
|
"hosts": [
|
|
|
"fd://",
|
|
|
"tcp://0.0.0.0:2375",
|
|
|
"unix:///var/run/docker.sock"
|
|
|
],
|
|
|
"tlsverify": true,
|
|
|
"tlscacert": "/etc/docker/ca.pem",
|
|
|
"tlscert": "/etc/docker/server-cert.pem",
|
|
|
"tlskey": "/etc/docker/server-key.pem",
|
|
|
"registry-mirrors": [
|
|
|
"https://hub.uuuadc.top",
|
|
|
"https://docker.anyhub.us.kg",
|
|
|
"https://dockerhub.jobcher.com",
|
|
|
"https://dockerhub.icu",
|
|
|
"https://docker.ckyl.me",
|
|
|
"https://docker.awsl9527.cn",
|
|
|
"https://registry.docker-cn.com",
|
|
|
"https://docker.m.daocloud.io",
|
|
|
"https://ghcr.nju.edu.cn",
|
|
|
"https://docker.nju.edu.cn",
|
|
|
"https://atomhub.openatom.cn/"
|
|
|
],
|
|
|
"insecure-registries": [
|
|
|
"https://nexus.io:8082"
|
|
|
]
|
|
|
}' | sudo tee -a /etc/docker/daemon.json
|
|
|
```
|
|
|
|
|
|
3. 重启 docker 服务
|
|
|
|
|
|
```shell
|
|
|
systemctl daemon-reload && service docker restart
|
|
|
```
|