2021年7月1日 (四) 13:32的版本

1 高级之Harbor
2 初入门
3 使用Docker Registry
- 3.1 docker 运行
4 配置SSL证书及nginx反向代理docker registry
- 4.1 SSL证书生成
  - 4.1.1 配置nginx反向代理docker registry
  - 4.1.2 registry usage
- 4.2 client
5 trouble
- 5.1 docker push unknown blob received unexpected HTTP status: 502 Bad Gateway
6 see also
- 6.1 other
7 changelog

高级之Harbor

安装Harbor1.4.0开源docker镜像仓库（含letsencrypt证书

https://blog.51cto.com/u_13043516/2365284

初入门

docker run -d -p 5000:5000 --restart=always --name registry -v /opt/registry:/var/lib/registry registry:2

93602b4311e2        k8s.gcr.io/pause:3.1   "/pause"

commit 将一个容器提交成镜像 和指定tag
root@k8s-node1:~# docker commit 93602b4311e2  192.168.88.59:5000/mypause:v1
335sha256:0937ae67cb675168c23ede1e15408d19d235112a892f1c095c33404f50c9bf9f

docker push 192.168.88.59:5000/mypause:v1

使用Docker Registry

docker 运行

如何 docker-compose

info   Registry server 192.168.88.52

mkdir  /data/registry
#指定目录比指定配置文件更加重要
 docker run -d \
  -p 5000:5000 \
  --restart=always \
  --name registry \
  -v /data/registry:/var/lib/registry \
  registry:2



docker  images 
REPOSITORY              TAG                 IMAGE ID            CREATED             SIZE
php                     7.1-fpm-alpine      cbfebc795f0b        4 weeks ago         70.1MB

docker tag php:7.1-fpm-alpine  192.168.88.52:5000/php

[root@localhost ~]# docker push 192.168.88.52:5000/php
The push refers to repository [192.168.88.52:5000/php]
Get https://192.168.88.52:5000/v2/: http: server gave HTTP response to HTTPS client

vi  /etc/docker/daemon.json
{ "insecure-registries":["192.168.88.52:5000"] }

systemctl restart docker

#再次push成功
docker push 192.168.88.52:5000/php

配置SSL证书及nginx反向代理docker registry

SSL证书生成



搭建私有CA，初始化CA环境，在/etc/pki/CA/下建立证书索引数据库文件index.txt和序列号文件serial，并为证书序列号文件提供初始值。
# touch /etc/pki/CA/{index.txt,serial}
# echo 01 > /etc/pki/CA/serial


生成密钥并保存到/etc/pki/CA/private/cakey.pem
# (umask 077;openssl genrsa -out  /etc/pki/CA/private/cakey.pem 2048)

生成根证书
# openssl req -new -x509 -key  /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3650


需要填写的信息：

Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing  
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:hub
Organizational Unit Name (eg, section) []:ops
Common Name (eg, your name or your server's hostname) []:hub.com
Email Address []:[email protected]


使系统信任根证书
cat /etc/pki/CA/cacert.pem >> /etc/pki/tls/certs/ca-bundle.crt

安装nginx
yum install  openssl模块已有


签发证书
创建ssl目录用来存放密钥文件和证书申请文件

mkdir /app/nginx/conf/ssl

创建密钥文件和证书申请文件
(umask 077;openssl genrsa -out /app/nginx/conf/ssl/docker.key 2048)
openssl req -new -key /app/nginx/conf/ssl/docker.key -out /app/nginx/conf/ssl/docker.csr


填写的申请信息前四项要和私有CA的信息一致

Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:hub
Organizational Unit Name (eg, section) []:ops
Common Name (eg, your name or your server's hostname) []:hub.com
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: #直接回车
An optional company name []:


签署，证书
openssl ca -in /app/nginx/conf/ssl/docker.csr -out /app/nginx/conf/ssl/docker.crt -days 3650

output 省
Certificate is to be certified until Jun 30 02:55:22 2029 GMT (3650 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

配置nginx反向代理docker registry

添加认证
yum -y install httpd-tools

#docker-registry.htpasswd 文件看nginx 的配置文件便可知
htpasswd  -c /etc/nginx/conf.d/docker-registry.htpasswd test
New password: 
Re-type new password: 
Adding password for user test


[root@localhost conf.d]# cat  docker-registry.conf

upstream docker-registry {
        server 127.0.0.1:5000;
    }
server {
    listen 80;
    server_name hub.com;
    return  301 https://$server_name$request_uri; 
} 
    server {
        listen       443;
        server_name  hub.com;
        #charset koi8-r;
 
        #access_log  logs/host.access.log  main;
        ssl                   on;
        ssl_certificate       /app/nginx/conf/ssl/docker.crt;
        ssl_certificate_key   /app/nginx/conf/ssl/docker.key;

        chunked_transfer_encoding on;

            proxy_set_header        X-Forwarded-Proto "https";
                    client_max_body_size 1G;
                    proxy_connect_timeout 3000;
                    proxy_send_timeout 3000;
                    proxy_read_timeout 3000;
                    proxy_buffering    off;
                    tcp_nodelay        on;


        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always;
 
        location / {
           auth_basic   "Docker registry";
               auth_basic_user_file /etc/nginx/conf.d/docker-registry.htpasswd;
               proxy_pass  http://docker-registry;
        }
        location /_ping{
               auth_basic off;
               proxy_pass  http://docker-registry;
               }
        location /v2/_ping{
               auth_basic off;
               proxy_pass  http://docker-registry;
        }
}


systemctl  restart nginx

registry usage

如果没有DNS解析内网域名，修改hosts文件
cat >>/etc/hosts <<EOF
192.168.88.52 hub.com
EOF

systemctl daemon-reload 
systemctl restart docker

登录
[root@localhost conf.d]#  docker login hub.com
Username: test
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

把一个容器提交为images 
[root@localhost conf.d]# docker  ps 
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
6d5f17124090        registry:2          "/entrypoint.sh /etc…"   2 hours ago         Up 20 minutes       0.0.0.0:5000->5000/tcp   registry
[root@localhost conf.d]# docker commit 6d5f17124090 hub.com/registry:v2
sha256:d7af5d03593d7f60903dc9da2b9a4d1d0a1a70878e0a7a09423372261cb4fccb
[root@localhost conf.d]# docker push hub.com/registry:v2
The push refers to repository [hub.com/registry]

上传镜像

 docker tag  nginx hub.com/nginx
 docker push  hub.com/nginx

查看
curl -u test:test https://hub.com/v2/_catalog
{"repositories":["httpd","nginx","php"]}

client

局域网内其他机器认证（192.168.88.60 ubuntu

其它机器
cat >>/etc/hosts <<EOF
192.168.88.52 hub.com
EOF

把CA的密钥发送到客户机，并添加到ca-bundle.crt

on 60 
mkdir -p /etc/pki/tls/certs/

on 52 
 scp -p /etc/pki/tls/certs/ca-bundle.crt  [email protected]:/etc/pki/tls/certs/ca-bundle.crt
 scp -p /etc/pki/CA/cacert.pem [email protected]:/etc/pki/CA/cacert.pem

#on 60
 cat /etc/pki/CA/cacert.pem >> /etc/pki/tls/certs/ca-bundle.crt
重启docker
systemctl  restart  docker

trouble

问题

[root@localhost conf.d]# docker login hub.com
Username: test
Password: 
Error response from daemon: login attempt to https://hub.com/v2/ failed with status: 404 Not Found

host 搞错 要前面是ip 后面是域名


一开始注释了ssl证书
Username: test
Password: 
Error response from daemon: Get https://hub.com/v2/: http: server gave HTTP response to HTTPS client

ssl err 


#on ubuntu 
root@k8s-node2:~# docker login  hub.com
Username: test
Password: 
Error response from daemon: Get https://hub.com/v2/: x509: certificate signed by unknown authority

 cat /etc/docker/daemon.json
{
  "insecure-registries" : ["hub.com"]
}

systemctl  restart docker

docker push unknown blob received unexpected HTTP status: 502 Bad Gateway

docker  push hub.com/httpd:2.4.16
最后老是
unknown blob

nginx 配置文件问题？

received unexpected HTTP status: 502 Bad Gateway

解决办法 在nginx.conf add 
 proxy_set_header        X-Forwarded-Proto "https";
                    client_max_body_size 1G;
                    proxy_connect_timeout 3000;
                    proxy_send_timeout 3000;
                    proxy_read_timeout 3000;
                    proxy_buffering    off;
                    tcp_nodelay        on;




proxy_set_header Host $host;
        proxy_set_header X-Real-IP       $remote_addr;
        proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;

changelog

2019年 07月 03日星期三 16:23:35 CST 添加ssl

页面“Jenkins自动化构建和部署例子”与“部署私有Docker私有镜像仓库 harbor Registry-Docker”之间的差异

2021年7月1日 (四) 13:32的版本

目录

高级之Harbor

初入门

使用Docker Registry

docker 运行

配置SSL证书及nginx反向代理docker registry

SSL证书生成

配置nginx反向代理docker registry

registry usage

client

trouble

docker push unknown blob received unexpected HTTP status: 502 Bad Gateway

see also

other

changelog

导航菜单

个人工具

名字空间

变种

视图

更多

搜索

导航

我的导航

工具

@@ 第1行： / 第1行： @@
-=站内源码 =
+=高级之Harbor=
-[[代码发布]]
+[https://www.cnblogs.com/bytefish/p/8452190.html 安装Harbor1.4.0开源docker镜像仓库（含letsencrypt证书]
-=jenkins 使用Maven构建Java应用程序=
+https://blog.51cto.com/u_13043516/2365284
-[https://www.jenkins.io/zh/doc/tutorials/build-a-java-app-with-maven/  使用Maven构建Java应用程序 ]
-=java+maven项目+tapd+jenkins+gitlab+sonarqube+docker实现自动化持续部署=
+=初入门=
-[https://juejin.cn/post/6955025879688806430#heading-66 java+maven项目+tapd+jenkins+gitlab+sonarqube+docker实现自动化持续部署（超详细） ]
+<pre>
+docker run -d -p 5000:5000 --restart=always --name registry -v /opt/registry:/var/lib/registry registry:2
+b4311e2        k8s.gcr.io/pause:3.1   "/pause"
+commit 将一个容器提交成镜像 和指定tag
+root@k8s-node1:~# docker commit 93602b4311e2  192.168.88.59:5000/mypause:v1
+sha256:0937ae67cb675168c23ede1e15408d19d235112a892f1c095c33404f50c9bf9f
-=download.app=
+docker push 192.168.88.59:5000/mypause:v1
- jenkins project name  prod-tg-websi
+</pre>
+=使用Docker Registry=
+== docker 运行==
+如何 docker-compose
-=* conf project =
 <pre>
-新建 自由风格的软件项目 ->
+info   Registry server 192.168.88.52
-geneal 丢弃旧的构建
-源码管理 用git   http的话就直接用上你的gitlabt用户和密码
+mkdir  /data/registry
-构建  这里填写上你的 over SSH  服务器 一般在  系统管理--系统设置里面配置并起别名
+#指定目录比指定配置文件更加重要
- 一般hostname 填写IP username    Remote Directory /    其它的看着办
+ docker run -d \
+   -p 5000:5000 \
+  --restart=always \
+  --name registry \
+  -v /data/registry:/var/lib/registry \
+   registry:2
+docker  images
+REPOSITORY              TAG                 IMAGE ID            CREATED             SIZE
+php                     7.1-fpm-alpine      cbfebc795f0b        4 weeks ago         70.1MB
+docker tag php:7.1-fpm-alpine  192.168.88.52:5000/php
-构建 要填写的
+[root@localhost ~]# docker push 192.168.88.52:5000/php
+The push refers to repository [192.168.88.52:5000/php]
+Get https://192.168.88.52:5000/v2/: http: server gave HTTP response to HTTPS client
-Source files  **
+vi  /etc/docker/daemon.json
-Remove prefix  不填写
+{ "insecure-registries":["192.168.88.52:5000"] }
-Remote directory  你远程服务器的web目录
+systemctl restart docker
+#再次push成功
+docker push 192.168.88.52:5000/php
 </pre>
-=* 配置权限=
+=配置SSL证书及nginx反向代理docker registry=
+==SSL证书生成==
+<pre>
+搭建私有CA，初始化CA环境，在/etc/pki/CA/下建立证书索引数据库文件index.txt和序列号文件serial，并为证书序列号文件提供初始值。
+# touch /etc/pki/CA/{index.txt,serial}
+# echo 01 > /etc/pki/CA/serial
+生成密钥并保存到/etc/pki/CA/private/cakey.pem
+# (umask 077;openssl genrsa -out  /etc/pki/CA/private/cakey.pem 2048)
+生成根证书
+# openssl req -new -x509 -key  /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3650
+需要填写的信息：
+Country Name (2 letter code) [XX]:CN
+State or Province Name (full name) []:Beijing
+Locality Name (eg, city) [Default City]:Beijing
+Organization Name (eg, company) [Default Company Ltd]:hub
+Organizational Unit Name (eg, section) []:ops
+Common Name (eg, your name or your server's hostname) []:hub.com
+Email Address []:[email protected]
+使系统信任根证书
+cat /etc/pki/CA/cacert.pem >> /etc/pki/tls/certs/ca-bundle.crt
+安装nginx
+yum install  openssl模块已有
+签发证书
+创建ssl目录用来存放密钥文件和证书申请文件
+mkdir /app/nginx/conf/ssl
+创建密钥文件和证书申请文件
+(umask 077;openssl genrsa -out /app/nginx/conf/ssl/docker.key 2048)
+openssl req -new -key /app/nginx/conf/ssl/docker.key -out /app/nginx/conf/ssl/docker.csr
+填写的申请信息前四项要和私有CA的信息一致
+Country Name (2 letter code) [XX]:CN
+State or Province Name (full name) []:Beijing
+Locality Name (eg, city) [Default City]:Beijing
+Organization Name (eg, company) [Default Company Ltd]:hub
+Organizational Unit Name (eg, section) []:ops
+Common Name (eg, your name or your server's hostname) []:hub.com
+Email Address []:[email protected]
+Please enter the following 'extra' attributes
+to be sent with your certificate request
+A challenge password []: #直接回车
+An optional company name []:
+签署，证书
+openssl ca -in /app/nginx/conf/ssl/docker.csr -out /app/nginx/conf/ssl/docker.crt -days 3650
+output 省
+Certificate is to be certified until Jun 30 02:55:22 2029 GMT (3650 days)
+Sign the certificate? [y/n]:y
+out of 1 certificate requests certified, commit? [y/n]y
+Write out database with 1 new entries
+Data Base Updated </pre>
+===配置nginx反向代理docker registry===
 <pre>
-#这样还视图自动归类功能 不错不错  记住前面不要有空格
+添加认证
-Manage and Assign Roles -->  Manage Roles -->    在他有的项目组里面 Frontend_h5    添加   prod-tg-websit| -->
+yum -y install httpd-tools
+#docker-registry.htpasswd 文件看nginx 的配置文件便可知
+htpasswd  -c /etc/nginx/conf.d/docker-registry.htpasswd test
+New password:
+Re-type new password:
+Adding password for user test
-  Manage and Assign Roles --> Assign Roles
+[root@localhost conf.d]# cat  docker-registry.conf
+upstream docker-registry {
+        server 127.0.0.1:5000;
+    }
+server {
+    listen 80;
+    server_name hub.com;
+    return  301 https://$server_name$request_uri;
+}
+    server {
+        listen       443;
+        server_name  hub.com;
+        #charset koi8-r;
-Item roles -->User/group to add  填写项目名  prod-tg-website</pre>
+        #access_log  logs/host.access.log  main;
+        ssl                   on;
+        ssl_certificate       /app/nginx/conf/ssl/docker.crt;
+        ssl_certificate_key   /app/nginx/conf/ssl/docker.key;
+        chunked_transfer_encoding on;
+            proxy_set_header        X-Forwarded-Proto "https";
+                    client_max_body_size 1G;
+                    proxy_connect_timeout 3000;
+                    proxy_send_timeout 3000;
+                    proxy_read_timeout 3000;
+                    proxy_buffering    off;
+                    tcp_nodelay        on;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always;
+        location / {
+           auth_basic   "Docker registry";
+               auth_basic_user_file /etc/nginx/conf.d/docker-registry.htpasswd;
+               proxy_pass  http://docker-registry;
+        }
+        location /_ping{
+               auth_basic off;
+               proxy_pass  http://docker-registry;
+               }
+        location /v2/_ping{
+               auth_basic off;
+               proxy_pass  http://docker-registry;
+        }
+}
+systemctl  restart nginx
+</pre>
+=== registry  usage===
+<pre>
+如果没有DNS解析内网域名，修改hosts文件
+cat >>/etc/hosts <<EOF
+.168.88.52 hub.com
+EOF
+systemctl daemon-reload
+systemctl restart docker
+登录
+[root@localhost conf.d]#  docker login hub.com
+Username: test
+Password:
+WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
+Configure a credential helper to remove this warning. See
+https://docs.docker.com/engine/reference/commandline/login/#credentials-store
+Login Succeeded
+把一个容器提交为images
+[root@localhost conf.d]# docker  ps
+CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
+d5f17124090        registry:2          "/entrypoint.sh /etc…"   2 hours ago         Up 20 minutes       0.0.0.0:5000->5000/tcp   registry
+[root@localhost conf.d]# docker commit 6d5f17124090 hub.com/registry:v2
+sha256:d7af5d03593d7f60903dc9da2b9a4d1d0a1a70878e0a7a09423372261cb4fccb
+[root@localhost conf.d]# docker push hub.com/registry:v2
+The push refers to repository [hub.com/registry]
+上传镜像
+ docker tag  nginx hub.com/nginx
+ docker push  hub.com/nginx
+查看
+curl -u test:test https://hub.com/v2/_catalog
+{"repositories":["httpd","nginx","php"]}
+</pre>
+==client==
+<pre>
+局域网内其他机器认证（192.168.88.60 ubuntu
+其它机器
+cat >>/etc/hosts <<EOF
+.168.88.52 hub.com
+EOF
+把CA的密钥发送到客户机，并添加到ca-bundle.crt
+on 60
+mkdir -p /etc/pki/tls/certs/
+on 52
+ scp -p /etc/pki/tls/certs/ca-bundle.crt  [email protected]:/etc/pki/tls/certs/ca-bundle.crt
+ scp -p /etc/pki/CA/cacert.pem [email protected]:/etc/pki/CA/cacert.pem
+#on 60
+ cat /etc/pki/CA/cacert.pem >> /etc/pki/tls/certs/ca-bundle.crt
+重启docker
+systemctl  restart  docker
+</pre>
+=trouble=
+<pre>
+问题
+[root@localhost conf.d]# docker login hub.com
+Username: test
+Password:
+Error response from daemon: login attempt to https://hub.com/v2/ failed with status: 404 Not Found
+host 搞错 要前面是ip 后面是域名
+一开始注释了ssl证书
+Username: test
+Password:
+Error response from daemon: Get https://hub.com/v2/: http: server gave HTTP response to HTTPS client
+ssl err
+#on ubuntu
+root@k8s-node2:~# docker login  hub.com
+Username: test
+Password:
+Error response from daemon: Get https://hub.com/v2/: x509: certificate signed by unknown authority
+ cat /etc/docker/daemon.json
+{
+  "insecure-registries" : ["hub.com"]
+}
+systemctl  restart docker
+</pre>
+==docker push unknown blob  received unexpected HTTP status: 502 Bad Gateway==
+<pre>
+docker  push hub.com/httpd:2.4.16
+最后老是
+unknown blob
+nginx 配置文件问题？
+received unexpected HTTP status: 502 Bad Gateway
+解决办法 在nginx.conf add
+  proxy_set_header        X-Forwarded-Proto "https";
+                    client_max_body_size 1G;
+                    proxy_connect_timeout 3000;
+                    proxy_send_timeout 3000;
+                    proxy_read_timeout 3000;
+                    proxy_buffering    off;
+                    tcp_nodelay        on;
+proxy_set_header Host $host;
+        proxy_set_header X-Real-IP       $remote_addr;
+        proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
+</pre>
+=see also=
+[https://www.cnblogs.com/Eivll0m/p/7089675.html 搭建私服-docker registry]
+https://docs.docker.com/registry/configuration/
+[https://my.oschina.net/u/4126211/blog/4540959 Docker 私有镜像仓库的搭建及认证]
+[https://blog.csdn.net/YoungAngelGirl/article/details/80031845  k8s实战之从私有仓库拉取镜像 - kubernetes]
+[https://blog.csdn.net/fenggj19870/article/details/82752554 docker login x509: certificate signed by unknown authority]
+[https://blog.csdn.net/www203203/article/details/58105177 docker push 出现：x509: certificate signed by unknown authority]
+https://docs.docker.com/registry/insecure/#deploy-a-plain-http-registry
+[https://www.jianshu.com/p/94eb79825372 Docker Hub 仓库使用，及搭建 Docker Registry]
+[https://blog.csdn.net/KingBoyWorld/article/details/80109916 docker通过代理上传https协议的私服地址报错unknown blob]
-=前端 nodejs jenkins之自动打包构建nodejs应用=
+[https://blog.csdn.net/jiangyu1013/article/details/84339469 解决：Error response from daemon: Get https://index.docker.io/v1/search?q=openjdk&n=25: dial tcp: looku]
-[https://www.cnblogs.com/vipzhou/p/7890016.html  jenkins学习之自动打包构建nodejs应用 ]
+[https://blog.csdn.net/xiaolummhae/article/details/51840881 docker login CA认证问题/添加自签发的 SSL 证书为受信任的根证书]
-[https://www.huaweicloud.com/articles/4e4228c181b8e610999badfa00ff7e4e.html Jenkins打包NodeJS项目---入门篇]
+[https://blog.csdn.net/mimica247706624/article/details/80724900 CentOS7.4 Docker Harbor registry基于Https方式安全认证私有仓库搭建]
-[https://my.oschina.net/mobinchao/blog/871703 Jenkins打包NodeJS项目---入门篇]
-[https://blog.csdn.net/weixin_43931358/article/details/103013031 jenkins系列之使用yarn构建前端项目]
+[https://blog.csdn.net/xcjing/article/details/70238273 搭建一个支持HTTPS的私有DOCKER Registry]
+[https://blog.csdn.net/bingoxubin/article/details/78726092 docker私有仓库]
-[https://blog.51cto.com/wzlinux/2491394 docker 中运行的 jenkins 使用 npm 构建 Node.js 应用]
+[https://blog.csdn.net/qq_42114918/article/details/81609465 Docker搭建本地仓库registry]
-[https://juejin.cn/post/6971630514742493197  jenkins+docker+gogs前端自动化部署 ]
+[https://www.cnblogs.com/xcloudbiz/articles/5526262.html 部署私有Docker Registry]
-=后端=
+[https://chuansongme.com/n/1134213 Moving to Docker(二):搭建一个私有registry服务]
-==php jenkins==
-[[Jenkins实现PHP持续集成部署]]
- [[category:ops]] [[category:devops]]
+==other==
+[https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-on-centos-7 How To Create a Self-Signed SSL Certificate for Nginx on CentOS 7]
-== Java springboot==
+[https://www.cnblogs.com/piscesLoveCc/p/6120875.html Nginx启动SSL功能，并进行功能优化]
-[https://zhuanlan.zhihu.com/p/354677279 SpringBoot项目打包+shell脚本部署实践]
-== Java tomcat==
+[https://blog.csdn.net/u012486840/article/details/52610320 CentOS 7 yum 安装 Nginx]
-和xk的一样喽
+=changelog=
-[https://blog.51cto.com/u_13760351/2382103  Jenkins自动部署发布Java代码（完整教程]
+年 07月 03日 星期三 16:23:35 CST 添加ssl
-== Docker+Jenkins+Gitlab+Django应用部署实践  ==
+[[category:Container]]
-[https://juejin.cn/post/6844903758384594958  Docker+Jenkins+Gitlab+Django应用部署实践 ]