🐥Docker仓库管理
#登录到hub仓库
docker login
#上传镜像之前需先打标签
固定格式:docker.io/帐号/镜像名:TAG
docker tag alpine:3.11 docker.io/ghostevil/alpine:3.11-v1
#上传自己的镜像
docker push docker.io/ghostevil/alpine:3.11-v1
Harbor
Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器,由VMware开源
#安装Docker-compose
curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
#下载harbor文件
mkdir /apps/
https://github.com/goharbor/harbor/releases
tar -zxvf *.tgz -C /apps/
#修改模板为harbor.yml
#HTTPS
mkdir /apps/harbor/certs/
#生成CA证书
openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -subj "/CN=ca.ccav.com" -days 365 -out ca.crt
#证书申请
openssl req -newkey rsa:4096 -nodes -sha256 -subj "/CN=harbor.ccav.com" -keyout harbor.ccav.com.key -out harbor.ccav.com.csr
#证书颁发
openssl x509 -req -in harbor.ccav.com.csr -CA ca.crt - CAkey ca.key -CAcreateserial -out harbor.ccav.com.crt
./install.sh
#默认配置文件中的密码
harbor_admin_password: Harbor12345
password: root123
service实现启动
vim /lib/systemd/system/harbor.service
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml down
[Install]
WantedBy=multi-user.target
上传镜像
vim /lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2375 --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.238.129
#登录
docker login 192.168.238.129
admin/Harbor12345
#打标签
docker tag alpine:3.11 192.168.238.129/test1/alpine:3.11-v1
#上传
docker push 192.168.238.129/test1/alpine:3.11-v1
#关于HTTPS上传
mkdir -pv /etc/docker/certs.d/harbor.ccav.com/
scp -r harbor.ccav.com:/apps/harbor/certs/ca.crt /etc/docker/certs.d/harbor.ccav.com/
#下载
把证书下载到/etc/docker/certs.d/
在渗透中特别在内网更为容易遇到,可以通过弱密码、未授权获取镜像文件,分析镜像里面的内容可获取相关数据库帐号密码等相关信息。
Docker Compose
docker单机编排工具docker-compose,是容器的一种单机编排服务。
#安装Docker-compose
curl -L
"https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
#启动容器,前台执行
docker-compose up
#启动容器,后台执行
docker-compose up -d
docker-compose.yml文件格式
服务名称:
image: 镜像
container_name: 命名
expose:
- 80
- 8080
ports:
- "80:80"
- "8080:8080"
links:
- 连接其它服务
volumes:
- /data/nginx:/apps/nginx/html #指定数据卷
Last updated