目錄
- 搭建 HTTP Registry
- 搭建 domain registry
- 設定registry通路控制
- Docker Compose搭建registry
- 添加apache或nginx代理認證
搭建 HTTP Registry
- 安裝Registry
docker run -d -p 5000:5000 --restart=always --name registry \
-v `pwd`/data:/var/lib/registry \ registry:2
- 用戶端修改Docker配置檔案
vi /etc/default/docker DOCKER_OPTS="--insecure-registry myregistrydomain.com:5000" # myregistrydomain.com為域名
- 用戶端修改hosts檔案
cat /etc/hosts 192.168.100.23 myregistrydomain.com # 192.168.100.23 為registry伺服器的IP
- 重新開機docker daemon
service docker restart
搭建 domain registry
- 建立自簽證書
mkdir -p certs && openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt # Common Name (e.g. server FQDN or YOUR name) []: 一定要輸入域名,也就是“myregistrydomain.com”
- 用戶端添加認證
将生産的domain.crt證書scp到每個機器的/etc/docker/certs.d/myregistrydomain.com:5000/ca.crt目錄下
- 重新開機docker服務
service docker restart
- 建立domain registry
docker run -d -p 5000:5000 --restart=always --name registry \ -v `pwd`/certs:/certs \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \ registry:2
- 測試
docker pull ubuntu docker tag ubuntu myregistrydomain.com:5000/ubuntu docker push myregistrydomain.com:5000/ubuntu docker pull myregistrydomain.com:5000/ubuntu
設定registry通路控制
- 建立密碼檔案
mkdir auth docker run --entrypoint htpasswd registry:2 -Bbn testuser testpassword > auth/htpasswd # user=testuser、pwd=testpassword
- 建立registry
docker run -d -p 5000:5000 --restart=always --name registry \ -v `pwd`/auth:/auth \ -e "REGISTRY_AUTH=htpasswd" \ -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \ -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \ -v `pwd`/certs:/certs \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \ registry:2
- Login
docker login myregistrydomain.com:5000
Docker Compose搭建registry
- docker-compose.yml
registry: restart: always image: registry:2 ports: - 5000:5000 environment: REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt REGISTRY_HTTP_TLS_KEY: /certs/domain.key REGISTRY_AUTH: htpasswd REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm volumes: - /path/data:/var/lib/registry - /path/certs:/certs - /path/auth:/auth
- 啟動compose建構registry
docker-compose up -d
添加apache或nginx代理認證
- 安裝配置筆記簡單,參考上面的docker hub連結即可,也可以參考 其github首頁 。
$ docker pull konradkleine/docker-registry-frontend $ docker run \ --net=host -d \ -e ENV_DOCKER_REGISTRY_HOST=hub.docker.localhost \ (注:先在 /etc/hosts 中添加registry容器的IP) -e ENV_DOCKER_REGISTRY_PORT=5000 \ -e ENV_DOCKER_REGISTRY_USE_SSL=1 \ -e ENV_MODE_BROWSE_ONLY=true \ (注:browse mode, no repos/tags management feature in the UI) konradkleine/docker-registry-frontend:v2
- 通路
http://registry-IP or registry domain/
注:如"ENV_DOCKER_REGISTRY_HOST "變量指向apache或nginx時,對應的“ENV_DOCKER_REGISTRY_PORT ”需要填寫 apache或registry開放的端口
添加apache或nginx代理認證
參見: apache:https://docs.docker.com/registry/recipes/apache/ nginx:https://docs.docker.com/registry/recipes/nginx/
# 搭建特别簡單,啟動docker-compose基本都可以完成搭建。 # 值得注意的是 domain.crt和domain.key應該存放到目前目錄。