docker 私人仓库搭建
阿里云
地址:https://cr.console.aliyun.com/cn-chengdu/instances
registry
[root@instance-uzddkjqj ~]# docker pull registry
Using default tag: latest
latest: Pulling from library/registry
Digest: sha256:169211e20e2f2d5d115674681eb79d21a217b296b43374b8e39f97fcf866b375
Status: Image is up to date for registry:latest
docker.io/library/registry:latest
[root@instance-uzddkjqj ~]# systemctl restart docker.service
[root@instance-uzddkjqj ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://yqxeo7rm.mirror.aliyuncs.com"],
"insecure-registries": ["127.0.0.1:5000"]
}
[root@instance-uzddkjqj ~]# docker run -di --name registry -p 5000:5000 -v /root/docker_registry:/var/lib/registry registry
7e6c898f65eadc8064d69d661618e1688ce142c17cbda4c32271199da56fc225
验证访问
[root@instance-uzddkjqj ~]# docker pull hello-world
Using default tag: latest
latest: Pulling from library/hello-world
2db29710123e: Pull complete
Digest: sha256:cc15c5b292d8525effc0f89cb299f1804f3a725c8d05e158653a563f15e4f685
Status: Downloaded newer image for hello-world:latest
docker.io/library/hello-world:latest
[root@instance-uzddkjqj ~]# docker tag hello-world:latest 127.0.0.1:5000/test-hello-world:1.0.0
[root@instance-uzddkjqj ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest b8604a3fe854 3 weeks ago 26.2MB
127.0.0.1:5000/test-hello-world 1.0.0 feb5d9fea6a5 2 months ago 13.3kB
hello-world latest feb5d9fea6a5 2 months ago 13.3kB
[root@instance-uzddkjqj ~]# docker push 127.0.0.1:5000/test-hello-world:1.0.0
The push refers to repository [127.0.0.1:5000/test-hello-world]
e07ee1baac5f: Pushed
1.0.0: digest: sha256:f54a58bc1aac5ea1a25d796ae155dc228b3f0e11d046ae276b39c4bf2f13d8c4 size: 525
[root@instance-uzddkjqj ~]# ls /root/docker_registry/docker/registry/v2/repositories/
test-hello-world
私有仓库认证
- 创建证书
[root@instance-uzddkjqj ~]# openssl req -newkey rsa:2048 -nodes -sha256 -keyout /root/registry_certs/domain.key -x509 -days 365 -out /root/registry_certs/domain.crt
Generating a RSA private key
..+++++
.......+++++
writing new private key to '/root/registry_certs/domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:cd
Locality Name (eg, city) [Default City]:cd
Organization Name (eg, company) [Default Company Ltd]:work
Organizational Unit Name (eg, section) []:work
Common Name (eg, your name or your server's hostname) []:127.0.0.1
Email Address []:2571714169@qq.com
备注:Common Name不能随便填写,必须跟你的私有仓库IP一致
- 生成鉴权密码
[root@instance-uzddkjqj ~]# mkdir /root/registry_certs/auth
[root@instance-uzddkjqj ~]# yum install httpd
[root@instance-uzddkjqj ~]# ls /root/registry_certs/auth/htpasswd
/root/registry_certs/auth/htpasswd
docker run -di --name registry -p 5000:5000 -v /root/docker_registry:/var/lib/registry -v /root/registry_certs:/certs -v /root/registry_certs/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM= Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -e REGISTRY_AUTH_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_AUTH_TLS_KEY=/certs/domain.key registry
- 打包上传
[root@instance-uzddkjqj ~]# docker tag hello-world:latest 127.0.0.1:5000/test-hello-world:1.0.0
[root@instance-uzddkjqj ~]# docker push 127.0.0.1:5000/test-hello-world:1.0.0
The push refers to repository [127.0.0.1:5000/test-hello-world]
e07ee1baac5f: Preparing
no basic auth credentials
提示需要身份验证
- 登录
[root@instance-uzddkjqj ~]# docker login 127.0.0.1:5000
Username: root
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
- 推送
[root@instance-uzddkjqj ~]# docker push 127.0.0.1:5000/test-hello-world:1.0.0
The push refers to repository [127.0.0.1:5000/test-hello-world]
e07ee1baac5f: Layer already exists
1.0.0: digest: sha256:f54a58bc1aac5ea1a25d796ae155dc228b3f0e11d046ae276b39c4bf2f13d8c4 size: 525
[root@instance-uzddkjqj ~]# docker logout 127.0.0.1:5000
Removing login credentials for 127.0.0.1:5000