Docker仓库管理

#登录到hub仓库
docker login
 
#上传镜像之前需先打标签
固定格式：docker.io/帐号/镜像名:TAG
docker tag alpine:3.11 docker.io/ghostevil/alpine:3.11-v1
 
#上传自己的镜像
docker push docker.io/ghostevil/alpine:3.11-v1

Harbor

Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器，由VMware开源

#安装Docker-compose
curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
 
#下载harbor文件
mkdir /apps/
https://github.com/goharbor/harbor/releases
tar -zxvf *.tgz -C /apps/
#修改模板为harbor.yml
 
#HTTPS
mkdir /apps/harbor/certs/
#生成CA证书
openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -subj "/CN=ca.ccav.com" -days 365 -out ca.crt
 
#证书申请
openssl req -newkey rsa:4096 -nodes -sha256 -subj "/CN=harbor.ccav.com" -keyout harbor.ccav.com.key -out harbor.ccav.com.csr
 
#证书颁发
openssl x509 -req -in harbor.ccav.com.csr -CA ca.crt - CAkey ca.key -CAcreateserial -out harbor.ccav.com.crt
 
./install.sh
 
#默认配置文件中的密码
harbor_admin_password: Harbor12345
password: root123
service实现启动
vim /lib/systemd/system/harbor.service
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
 
[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml down
 
[Install]
WantedBy=multi-user.target
上传镜像
vim /lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2375 --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.238.129
 
#登录
docker login 192.168.238.129
admin/Harbor12345
 
#打标签
docker tag alpine:3.11 192.168.238.129/test1/alpine:3.11-v1
 
#上传
docker push 192.168.238.129/test1/alpine:3.11-v1
 
#关于HTTPS上传
mkdir -pv /etc/docker/certs.d/harbor.ccav.com/
scp -r harbor.ccav.com:/apps/harbor/certs/ca.crt /etc/docker/certs.d/harbor.ccav.com/
 
#下载
把证书下载到/etc/docker/certs.d/

在渗透中特别在内网更为容易遇到，可以通过弱密码、未授权获取镜像文件，分析镜像里面的内容可获取相关数据库帐号密码等相关信息。

Docker Compose

docker单机编排工具docker-compose，是容器的一种单机编排服务。

#安装Docker-compose
curl -L
"https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
 
#启动容器，前台执行
docker-compose up
 
#启动容器，后台执行
docker-compose up -d
docker-compose.yml文件格式

服务名称:

image: 镜像
  container_name: 命名
  expose:
   - 80
    - 8080
   ports:
    - "80:80"
    - "8080:8080"
   links:
    - 连接其它服务
    volumes:
     - /data/nginx:/apps/nginx/html #指定数据卷

PreviousDocker网络管理 NextDocker常见攻击方式

Last updated 1 year ago

Was this helpful?

#登录到hub仓库 docker login #上传镜像之前需先打标签固定格式：docker.io/帐号/镜像名:TAG docker tag alpine:3.11 docker.io/ghostevil/alpine:3.11-v1 #上传自己的镜像 docker push docker.io/ghostevil/alpine:3.11-v1

#安装Docker-compose curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose #下载harbor文件 mkdir /apps/ https://github.com/goharbor/harbor/releases tar -zxvf *.tgz -C /apps/ #修改模板为harbor.yml #HTTPS mkdir /apps/harbor/certs/ #生成CA证书 openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -subj "/CN=ca.ccav.com" -days 365 -out ca.crt #证书申请 openssl req -newkey rsa:4096 -nodes -sha256 -subj "/CN=harbor.ccav.com" -keyout harbor.ccav.com.key -out harbor.ccav.com.csr #证书颁发 openssl x509 -req -in harbor.ccav.com.csr -CA ca.crt - CAkey ca.key -CAcreateserial -out harbor.ccav.com.crt ./install.sh #默认配置文件中的密码 harbor_admin_password: Harbor12345 password: root123 service实现启动 vim /lib/systemd/system/harbor.service [Unit] Description=Harbor After=docker.service systemd-networkd.service systemd-resolved.service Requires=docker.service [Service] Type=simple Restart=on-failure RestartSec=5 ExecStart=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml up ExecStop=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml down [Install] WantedBy=multi-user.target 上传镜像 vim /lib/systemd/system/docker.service ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2375 --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.238.129 #登录 docker login 192.168.238.129 admin/Harbor12345 #打标签 docker tag alpine:3.11 192.168.238.129/test1/alpine:3.11-v1 #上传 docker push 192.168.238.129/test1/alpine:3.11-v1 #关于HTTPS上传 mkdir -pv /etc/docker/certs.d/harbor.ccav.com/ scp -r harbor.ccav.com:/apps/harbor/certs/ca.crt /etc/docker/certs.d/harbor.ccav.com/ #下载把证书下载到/etc/docker/certs.d/

#安装Docker-compose curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose #启动容器，前台执行 docker-compose up #启动容器，后台执行 docker-compose up -d docker-compose.yml文件格式

image: 镜像 container_name: 命名 expose: - 80 - 8080 ports: - "80:80" - "8080:8080" links: - 连接其它服务 volumes: - /data/nginx:/apps/nginx/html #指定数据卷