上节演示了通过Docker官方提供的registry搭建私有镜像仓库.正常小公司,内网使用的话,前面架个nginx,配上https的证书就可以愉快的玩耍了.
但在稍微正规一些的企业中,考虑到安全,扩展,统一认证,权限管理等各方面的因素,还是需要一些更加专业的三方软件,比如:harbor,当然今天的主角:Sonatpye Nexus Repository Manager.
Nexus是一个专业的软件源管理工具,支持:Maven,Yum,PyPI,Apt,Helm,Npm等多种类型,而对Docker的支持是从3.X版本开始的.
运行一个Nexus容器
docker run -dt \--name nexus3 \--restart=always \-p 8081:8081 \-p 8082:8082 \-v $PWD/nexus:/nexus-data \sonatype/nexus3Unable to find image 'sonatype/nexus3:latest' locallylatest: Pulling from sonatype/nexus30bb54aa5e977: Pull complete941e1e2b31a8: Pull completefb7cd7cf24c9: Pull complete4e63afcbf773: Pull completeDigest: sha256:81d182285d279081e80e74dbd13cb544fdf4255efadd61321436a577f56b87adStatus: Downloaded newer image for sonatype/nexus3:latestb014375f3b52d746fdf20b76b17632297e07cdee55b7faa00e6d207c498e150b
经过上一章的学习,上面的命令应该都熟悉了吧?
查看log
docker logs -f --tail 10 nexus32020-04-16 12:28:19,224+0000 INFO [jetty-main-1] *SYSTEM org.sonatype.nexus.repository.httpbridge.internal.ViewServlet - Initialized2020-04-16 12:28:19,287+0000 INFO [jetty-main-1] *SYSTEM org.eclipse.jetty.server.handler.ContextHandler - Started o.e.j.w.WebAppContext@4839264e{Sonatype Nexus,/,file:///opt/sonatype/nexus/public/,AVAILABLE}2020-04-16 12:28:19,363+0000 INFO [jetty-main-1] *SYSTEM org.eclipse.jetty.server.AbstractConnector - Started ServerConnector@1654397e{HTTP/1.1,[http/1.1]}{0.0.0.0:8081}2020-04-16 12:28:19,364+0000 INFO [jetty-main-1] *SYSTEM org.eclipse.jetty.server.Server - Started @52493ms2020-04-16 12:28:19,366+0000 INFO [jetty-main-1] *SYSTEM org.sonatype.nexus.bootstrap.jetty.JettyServer --------------------------------------------------Started Sonatype Nexus OSS 3.22.0-02-------------------------------------------------
到上面就启动成功了.
浏览器打开:
http://0.0.0.0:8081/
获取密码
点击右上角"Sign in"
提示密码位置在
/nexus-data/admin.password也就是当时运行命令目录下的nexus/admin.password
登陆成功后,会让设置新密码,按提示操作即可.
创建仓库
依次点击:设置图标->Repositories->Create repository
点击 docker(Hosted)
设置一个好记的名字,保存(Create repository)即可
注意:选择了HTTP并将端口设置成了8082
权限设置
添加用户规则,菜单Security->Roles->Create role
设置名字和描述,并在Privlleges选项搜索 docker把`nx-repository-admin-docker-docker_hosted-*`移动到右边的框中
此处为了方便,选择了管理权限,实际使用过程中,最好严格控制上传和下载权限
`Create role`保存
添加用户,菜单Security->Users->Create local user
依次设置,id,name,email,password这些信息,在Roles选项中选中docker_manager并加到右边
`Create local user`保存
启用Docker认证
菜单Security->Realms将Docker Bearer Token Realm移到右边的框中保存
接下来,演示一下,昨天推送镜像的过程
#查看镜像docker image lsREPOSITORY TAG IMAGE ID CREATED SIZEsonatype/nexus3 latest 640570fd0ff5 2 weeks ago 642MBalpine latest a187dde48cd2 3 weeks ago 5.6MB127.0.0.1:5000/alpine latest a187dde48cd2 3 weeks ago 5.6MBregistry latest 708bc6af7e5e 2 months ago 25.8MB#打tagdocker tag alpine 192.168.199.109:8082/alpine#推送docker push docker tag alpine 192.168.199.109:8082/alpineThe push refers to repository [192.168.199.109:8082/repository/docker_hosted/alpine]Get https://192.168.199.109:8082/v2/: http: server gave HTTP response to HTTPS client
提示需要https认证,按昨天说的,Docker配置里加一下
对了,启用的认证,还需要登陆一下
docker login 192.168.199.109:8082Username: dockerPassword:Login Succeeded
再次推送
docker push 192.168.199.109:8082/alpineThe push refers to repository [192.168.199.109:8082/alpine]beee9f30bc1f: Pushedlatest: digest: sha256:cb8a924afdf0229ef7515d9e5b3024e23b3eb03ddbba287f4a19c6ac90b8d221 size: 528
推送成功!