🐥Docker仓库管理

#登录到hub仓库
docker login
 
#上传镜像之前需先打标签
固定格式:docker.io/帐号/镜像名:TAG
docker tag alpine:3.11 docker.io/ghostevil/alpine:3.11-v1
 
#上传自己的镜像
docker push docker.io/ghostevil/alpine:3.11-v1

Harbor

Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器,由VMware开源

#安装Docker-compose
curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
 
#下载harbor文件
mkdir /apps/
https://github.com/goharbor/harbor/releases
tar -zxvf *.tgz -C /apps/
#修改模板为harbor.yml
 
#HTTPS
mkdir /apps/harbor/certs/
#生成CA证书
openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -subj "/CN=ca.ccav.com" -days 365 -out ca.crt
 
#证书申请
openssl req -newkey rsa:4096 -nodes -sha256 -subj "/CN=harbor.ccav.com" -keyout harbor.ccav.com.key -out harbor.ccav.com.csr
 
#证书颁发
openssl x509 -req -in harbor.ccav.com.csr -CA ca.crt - CAkey ca.key -CAcreateserial -out harbor.ccav.com.crt
 
./install.sh
 
#默认配置文件中的密码
harbor_admin_password: Harbor12345
password: root123
service实现启动
vim /lib/systemd/system/harbor.service
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
 
[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml down
 
[Install]
WantedBy=multi-user.target
上传镜像
vim /lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2375 --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.238.129
 
#登录
docker login 192.168.238.129
admin/Harbor12345
 
#打标签
docker tag alpine:3.11 192.168.238.129/test1/alpine:3.11-v1
 
#上传
docker push 192.168.238.129/test1/alpine:3.11-v1
 
#关于HTTPS上传
mkdir -pv /etc/docker/certs.d/harbor.ccav.com/
scp -r harbor.ccav.com:/apps/harbor/certs/ca.crt /etc/docker/certs.d/harbor.ccav.com/
 
#下载
把证书下载到/etc/docker/certs.d/

在渗透中特别在内网更为容易遇到,可以通过弱密码、未授权获取镜像文件,分析镜像里面的内容可获取相关数据库帐号密码等相关信息。

Docker Compose

docker单机编排工具docker-compose,是容器的一种单机编排服务。

#安装Docker-compose
curl -L
"https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
 
#启动容器,前台执行
docker-compose up
 
#启动容器,后台执行
docker-compose up -d
docker-compose.yml文件格式

服务名称:

image: 镜像
  container_name: 命名
  expose:
   - 80
    - 8080
   ports:
    - "80:80"
    - "8080:8080"
   links:
    - 连接其它服务
    volumes:
     - /data/nginx:/apps/nginx/html #指定数据卷

PreviousDocker网络管理NextDocker常见攻击方式

Last updated