目录
- 搭建 HTTP Registry
- 搭建 domain registry
- 设置registry访问控制
- Docker Compose搭建registry
- 添加apache或nginx代理认证
搭建 HTTP Registry
- 安装Registry
docker run -d -p 5000:5000 --restart=always --name registry \
-v `pwd`/data:/var/lib/registry \
-v `pwd`/data:/var/lib/registry \
registry:2
- 客户端修改Docker配置文件
vi /etc/default/docker
DOCKER_OPTS="--insecure-registry myregistrydomain.com:5000"
# myregistrydomain.com为域名
- 客户端修改hosts文件
cat /etc/hosts
192.168.100.23 myregistrydomain.com
# 192.168.100.23 为registry服务器的IP
- 重启docker daemon
service docker restart
搭建 domain registry
- 创建自签证书
mkdir -p certs && openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt
# Common Name (e.g. server FQDN or YOUR name) []: 一定要输入域名,也就是“myregistrydomain.com”
- 客户端添加认证
将生产的domain.crt证书scp到每个机器的/etc/docker/certs.d/myregistrydomain.com:5000/ca.crt目录下
- 重启docker服务
service docker restart
- 创建domain registry
docker run -d -p 5000:5000 --restart=always --name registry \
-v `pwd`/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
registry:2
- 测试
docker pull ubuntu
docker tag ubuntu myregistrydomain.com:5000/ubuntu
docker push myregistrydomain.com:5000/ubuntu
docker pull myregistrydomain.com:5000/ubuntu
设置registry访问控制
- 创建密码文件
mkdir auth
docker run --entrypoint htpasswd registry:2 -Bbn testuser testpassword > auth/htpasswd
# user=testuser、pwd=testpassword
- 创建registry
docker run -d -p 5000:5000 --restart=always --name registry \
-v `pwd`/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-v `pwd`/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
registry:2
- Login
docker login myregistrydomain.com:5000
Docker Compose搭建registry
- docker-compose.yml
registry:
restart: always
image: registry:2
ports:
- 5000:5000
environment:
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt
REGISTRY_HTTP_TLS_KEY: /certs/domain.key
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
volumes:
- /path/data:/var/lib/registry
- /path/certs:/certs
- /path/auth:/auth
- 启动compose构建registry
docker-compose up -d
添加apache或nginx代理认证
- 安装配置笔记简单,参考上面的docker hub链接即可,也可以参考 其github主页 。
$ docker pull konradkleine/docker-registry-frontend
$ docker run \
--net=host -d \
-e ENV_DOCKER_REGISTRY_HOST=hub.docker.localhost \ (注:先在 /etc/hosts 中添加registry容器的IP)
-e ENV_DOCKER_REGISTRY_PORT=5000 \
-e ENV_DOCKER_REGISTRY_USE_SSL=1 \
-e ENV_MODE_BROWSE_ONLY=true \ (注:browse mode, no repos/tags management feature in the UI)
konradkleine/docker-registry-frontend:v2
- 访问
http://registry-IP or registry domain/
注:如"ENV_DOCKER_REGISTRY_HOST "变量指向apache或nginx时,对应的“ENV_DOCKER_REGISTRY_PORT ”需要填写 apache或registry开放的端口
添加apache或nginx代理认证
参见:
apache:https://docs.docker.com/registry/recipes/apache/
nginx:https://docs.docker.com/registry/recipes/nginx/
# 搭建特别简单,启动docker-compose基本都可以完成搭建。
# 值得注意的是 domain.crt和domain.key应该存放到当前目录。