部署registry

准备一个registry.mydocker.com 的证书

对私有registry取名registry.mydocker.com

目录规划

仓库数据目录:/data/docker/registry/registry/ --> /var/lib/registry/

SSL证书目录:/data/docker/registry/ssl/ --> /etc/docker/registry/ssl/

密码文件目录:/data/docker/registry/auth/ --> /etc/docker/registry/auth/

启动registry容器

[root@Docker_Machine_192.168.31.130 ~]# docker run -d \
-v /data/docker/registry/registry/:/var/lib/registry/ \
-v /data/docker/registry/ssl/:/etc/docker/registry/ssl/ \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/docker/registry/ssl/registry.mydocker.com.crt \
-e REGISTRY_HTTP_TLS_KEY=/etc/docker/registry/ssl/registry.mydocker.com.key \
--restart=always \
--name registry.mydocker.com \
--hostname registry.mydocker.com \
registry
[root@Docker_Machine_192.168.31.130 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9215e587ea8e registry "/entrypoint.sh /etc…" About an hour ago Up 20 minutes 5000/tcp registry.mydocker.com

配置ngx

server {
listen 127.0.0.1:443 ssl;
server_name registry.mydocker.com;
index index.html index.htm index.php;
root /data/web/webclose/; include ssl_registry.mydocker.com.conf;
include deny_file.conf; # disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0; # required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486)
chunked_transfer_encoding on; location / {
# Do not allow connections from docker 1.5 and earlier
# docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
return 404;
}
proxy_pass https://172.17.0.2:5000;
proxy_set_header Host $host;
expires off;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
access_log /data/logs/$host.log access;
}

常用手段

push

push 镜像前,需要tag在push

[root@Docker_Machine_192.168.31.130 ~]# docker tag me/percona-server-5.7.23.24   registry.mydocker.com/mysql/percona-server-5.7.23.24
[root@Docker_Machine_192.168.31.130 ~]# docker push registry.mydocker.com/mysql/percona-server-5.7.23.24
The push refers to repository [registry.mydocker.com/mysql/percona-server-5.7.23.24]
7705ebebf110: Pushed
158db895cdd8: Pushed
bcc97fbfc9e1: Pushed
latest: digest: sha256:a081a3396473904e67fd438b555576a41296057eeddf8af5f6cb2c93cc68064c size: 955

pull

[root@Docker_Machine_192.168.31.130 ~]# docker pull registry.mydocker.com/mysql/percona-server-5.7.23.24
Using default tag: latest
latest: Pulling from mysql/percona-server-5.7.23.24
Digest: sha256:a081a3396473904e67fd438b555576a41296057eeddf8af5f6cb2c93cc68064c
Status: Downloaded newer image for registry.mydocker.com/mysql/percona-server-5.7.23.24:latest
[root@Docker_Machine_192.168.31.130 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
me/percona-server-5.7.23.24 latest 5af5b8e6c4c8 2 months ago 775MB
registry.mydocker.com/mysql/percona-server-5.7.23.24 latest 5af5b8e6c4c8 2 months ago 775MB

垃圾回收

registry garbage-collect /etc/docker/registry/config.yml

[root@Docker_Machine_192.168.31.130 ~]# docker exec -it registry.mydocker.com sh
/ # registry garbage-collect /etc/docker/registry/config.yml
mysql/percona-server-5.7.23.24
mysql/percona-server-5.7.23.24: marking manifest sha256:a081a3396473904e67fd438b555576a41296057eeddf8af5f6cb2c93cc68064c
mysql/percona-server-5.7.23.24: marking blob sha256:5af5b8e6c4c84ed6945cd7a563b9128d8c0aa2107e2882aff6a5a27ef4c9b623
mysql/percona-server-5.7.23.24: marking blob sha256:7dc0dca2b1516961d6b3200564049db0a6e0410b370bb2189e2efae0d368616f
mysql/percona-server-5.7.23.24: marking blob sha256:554337fab389bc00d82df4a8deb7719c4f8898f458980d54ecc6b7edb65eb67f
mysql/percona-server-5.7.23.24: marking blob sha256:06fcba1e485b285ac7f3a5b54f6105b1e19504fc24b456252a0dcba8bd208adc 5 blobs marked, 0 blobs eligible for deletion

使用api

查看镜像 GET /v2/_catalog

[root@Docker_Machine_192.168.31.130 ~]# curl https://registry.mydocker.com/v2/_catalog
{"repositories":["mysql/percona-server-5.7.23.24"]}

删除镜像

DELETE /v2/<name>/manifests/<reference>

name:镜像名称

reference: 镜像对应sha256值

[root@Docker_Machine_192.168.31.130 ~]# curl -X DELETE  https://registry.mydocker.com/v2/percona-server-5.7.23.24/manifests/sha256:a081a3396473904e67fd438b555576a41296057eeddf8af5f6cb2c93cc68064c
{"errors":[{"code":"UNSUPPORTED","message":"The operation is unsupported."}]}

这种情况是私有仓库不支持删除操作,需要在配置文件config.yml中增加delete:enabled:true字段

具体参考https://docs.docker.com/registry/spec/api/

Authentication的加持

创建账号密码

cd /data/dokcer/registry/auth
#registry 密码文件
docker run --rm --entrypoint htpasswd registry -Bbn reguser regpasswd > registry_htpasswd
#ngx密码文件
echo "reguser:`openssl passwd -crypt regpasswd 2> /dev/null`" > registry_ngxpasswd

启动registry容器

docker run -d \
-v /data/docker/registry/registry/:/var/lib/registry/ \
-v /data/docker/registry/ssl/:/etc/docker/registry/ssl/ \
-v /data/docker/registry/auth/:/etc/docker/registry/auth/ \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/docker/registry/ssl/registry.mydocker.com.crt \
-e REGISTRY_HTTP_TLS_KEY=/etc/docker/registry/ssl/registry.mydocker.com.key \
-e REGISTRY_AUTH=htpasswd \
-e REGISTRY_AUTH_HTPASSWD_REALM="Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/etc/docker/registry/auth/registry_htpasswd \
--restart=always \
--name registry.mydocker.com \
--hostname registry.mydocker.com \
registry

配置ngx

map $upstream_http_docker_distribution_api_version $docker_distribution_api_version {
'' 'registry/2.0';
} server {
listen 127.0.0.1:443 ssl;
server_name registry.mydocker.com;
index index.html index.htm index.php;
root /data/web/webclose/; include ssl_registry.mydocker.com.conf;
include deny_file.conf; # disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;
# required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486)
chunked_transfer_encoding on; location / {
# Do not allow connections from docker 1.5 and earlier
# docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
return 404;
} # To add basic authentication to v2 use auth_basic setting.
auth_basic "Registry realm";
auth_basic_user_file /data/docker/registry/auth/registry_ngxpasswd; ## If $docker_distribution_api_version is empty, the header is not added.
## See the map directive above where this variable is defined.
add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always; proxy_pass https://172.17.0.2:5000;
expires off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
access_log /data/logs/$host.log access;
}

使用api

curl -XGET -u reguser:regpasswd https://registry.mydocker.com/v2/_catalog

登录registry

配置认证后,使用 pull push 镜像时需要登陆registry

[root@Docker_Machine_192.168.31.130 ~]# docker login -u=reguser -p=regpasswd registry.mydocker.com
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded
[root@Docker_Machine_192.168.31.130 ~]# docker logout registry.mydocker.com
Removing login credentials for registry.mydocker.com

登录后就可以正常pull push等操作了。

Docker Registry私有仓库搭建的更多相关文章

  1. Docker registry私有仓库(七)

    Docker registry私有仓库搭建基本几步流程(采用nginx+认证的方式) 1. 申请免费的ssl证书 https://buy.wosiqn.com/free 2. 设置nginx ssl证 ...

  2. Docker 之registry私有仓库搭建

    Docker 之registry私有仓库搭建 官方提供的私有仓库docker registry用法 https://yeasy.gitbooks.io/docker_practice/reposito ...

  3. Docker 本地私有仓库搭建:

    Docker 本地私有仓库搭建: 创建数据卷目录: mkdir /home/sky/registry 用registry镜像启动容器: docker run -d -p 5000:5000 -v /h ...

  4. Docker registry 私有仓库镜像查询、删除、上传、下载 shell

    #Docker官方私有仓库registry #官方只提供了API接口,不方便使用,就写了个shell #docker-registry安装配置http://www.cnblogs.com/elvi/p ...

  5. 搭建docker registry私有镜像仓库

    搭建docker registry私有镜像仓库 一.安装docker-distribution yum install -y docker-distribution 安装完成后,启动服务: syste ...

  6. docker registry 私有仓库 安装配置、查询、删除

    #++++++++++++++++++++++++++++++ #docker-registry 私有仓库 #搜索,下载register镜像 docker search registry docker ...

  7. Ubuntu 搭建docker registry 私有仓库

    一.为什么要搭建 docker 私有仓库 原因有几个: 项目需要,不希望将项目放到 docker hub 上. 环境需求,考虑网络.效率的问题,希望在私有服务器上建立自用的仓库,提高便利性和访问速度. ...

  8. Registry私有仓库搭建及认证

    本节内容: Registry相关概念 Registry V1和V2 安装Docker 搭建本地registry v2 搭建外部可访问的Registry 添加认证 更高级的认证 registry web ...

  9. 8. docker image 的发布 与 docker registry 私有仓库

    一.分享image 1.注册 登陆 docker hub https://hub.docker.com/ 2.在本地 使用 docker login 输入 注册的账号密码 进行登陆 3.使用 dock ...

随机推荐

  1. Python自学知识点----Day02

    Linux基本操作命令: 命令                                    作用                                     英文释义 ls    ...

  2. Java中的字符串截取(substring)的使用

    import java.util.*; public class ZiFu { public static void main(String args[]){ System.out.println(& ...

  3. 错误提示:未处理的“System.NullReferenceException”类型的异常出现在 system.data.dll 中。 其他信息: 未将对象引用设置到对象的实例。

    这种情况的发生一般有3种情况:1.代码中有一个对象没有初始化.例如Form A=new Form();2.连接数据库的问题.连接和打开连接的语句.3.T-SQL语句不正确,引起在访问数据库时有问题.

  4. js, Date.parse firefox 兼容

    Date.parse(dateVal); 这个方法很常用,parse() 方法可解析一个日期时间字符串,并返回 1970/1/1 午夜距离该日期时间的毫秒数. 可以验证输入日期是否窜在,不存在则返回N ...

  5. WinAPI 字符及字符串函数(5): IsCharAlpha - 是否是个字母

    unit Unit1; interface uses   Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, For ...

  6. model中的自动验证 $_validate $_auto

    普通模式: <?php class UserModel extends RelationModel{ /**自动验证**/ protected $_validate = array( /**ar ...

  7. opencart3修改产品页模板没有效果的原因排查

    这几天在opencart 3模板时发生了一个很奇怪的事情,ytkah明明已经将product.twig模板修改了,但是前端产品页就是没有变化,后台刷新缓存了也不起左右.后面想着把模板重命名成produ ...

  8. 深浅copy

    浅拷贝 只copy了一层 可哈希的变量改变则二者不同   不可哈希变量改变二者都改变深拷贝  全部都copy了 不论什么值改变 原值都改变呢 变量赋值.浅拷贝.深拷贝 1,创建变量 1.1不可变对象 ...

  9. CentOS7安装vsftpd3.0.2、以及虚拟用户配置

    vsftpd(very secure ftp daemon)是一款运行在Linux操作系统上的FTP服务程序,不仅完全开源而且免费,还具有很高的安全性.传输速度,以及支持虚拟用户验证. vsftpd ...

  10. Module 3 - Azure - Web Apps

     Module 3 - 微软云 Azure - Web Apps 1. Create new Web application in the Azure Portal Azure Portal -> ...