1、建立Docker Registry服務器git
[root@localhost ~]# docker run -d -p 5000:5000 --restart=always --name registry -v /opt/data/registry:/var/lib/registry registry:2 Unable to find image 'registry:2' locally 2: Pulling from library/registry cbdbe7a5bc2a: Pull complete 47112e65547d: Pull complete 46bcb632e506: Pull complete c1cc712bcecd: Pull complete 3db6272dcbfa: Pull complete Digest: sha256:8be26f81ffea54106bae012c6f349df70f4d5e7e2ec01b143c46e2c03b9e551d Status: Downloaded newer image for registry:2 9f41b7101b2a0b3e5a32edfc13ad6877a7db6821a4ccc639ddfbc8e2ef819b21 [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry 2 2d4f4b5309b1 2 months ago 26.2MB [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 9f41b7101b2a registry:2 "/entrypoint.sh /etc…" 58 seconds ago Up 57 seconds 0.0.0.0:5000->5000/tcp registry
[root@localhost ~]# docker tag apache2.4.25:centos7.8 192.168.146.199:5000/images/apache2.4.25:centos7.8 [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.146.199:5000/images/apache2.4.25 centos7.8 1c65ef06567d 11 days ago 362MB apache2.4.25 centos7.8 1c65ef06567d 11 days ago 362MB registry 2 2d4f4b5309b1 2 months ago 26.2MB [root@localhost ~]# docker push 192.168.146.199:5000/images/apache2.4.25:centos7.8 The push refers to repository [192.168.146.199:5000/images/apache2.4.25] Get https://192.168.146.199:5000/v2/: http: server gave HTTP response to HTTPS client docker registry交互默認使用的是HTTPS,可是搭建私有鏡像默認使用的是HTTP服務,因此與私有鏡像交時出現以上錯誤。 從錯誤信息來看,client與Registry交互,默認將採用https訪問,但咱們在install Registry時並未配置指定任何tls相關的key和crt文件,https訪問定然失敗。要想弄清這個問題,只能查看Registry Manual。
2、Insecure Registrygithub
不建議使用這種方式,不安全,並且這種方式每一個docker daemon都須要配置
[root@localhost ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://rmjzc498.mirror.aliyuncs.com"],
"insecure-registries": ["192.168.146.199:5000"]
}
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl restart docker.service
訪問出現{}正常
[root@localhost ~]# curl http://192.168.146.199:5000/v2/
{}[root@mydockerhub ~]#
訪問:http://192.168.146.199:5000/v2/
[root@mydockerhub ~]# docker info
Insecure Registries:
192.168.146.199:5000
127.0.0.0/8
[root@localhost ~]# docker push 192.168.146.199:5000/images/apache2.4.25:centos7.8
The push refers to repository [192.168.146.199:5000/images/apache2.4.25]
f12518ead8c9: Pushed
585d052d1d0b: Pushed
613be09ab3c0: Pushed
centos7.8: digest: sha256:a65eec8cd9ba043f6b327b7e1163055ed6e4e85afe8249e40150de0bb8c1653f size: 953
查看所有鏡像
[root@mydockerhub ~]# curl -XGET http://192.168.146.199:5000/v2/_catalog
查看指定鏡像
[root@mydockerhub ~]# curl -XGET http://192.168.146.199:5000/v2/images/apache2.4.25/tags/list
{"name":"images/apache2.4.25","tags":["centos7.8"]}
測試拉取
[root@mydockerhub ~]# docker rmi ubuntu:latest
Untagged: ubuntu:latest
Untagged: ubuntu@sha256:31dfb10d52ce76c5ca0aa19d10b3e6424b830729e32a89a7c6eee2cda2be67a5
Deleted: sha256:4e2eef94cd6b93dd4d794c18b45c763f72edc22858e0da5b6e63a4566a54c03c
Deleted: sha256:160004bdd9a2800d0085be0315b769a9ce04c07ca175ecae89593eeee9aeb944
Deleted: sha256:9ed638911072c3379e75d2eaf7c2502220d6757446325c8d96236410b0729268
Deleted: sha256:ce7da152e578608030e9a05f9f5259b329fe5dcc5bf48b9f544e48bd69a5f630
Deleted: sha256:2ce3c188c38d7ad46d2df5e6af7e7aed846bc3321bdd89706d5262fefd6a3390
[root@mydockerhub ~]# docker images
[root@mydockerhub ~]# docker pull 192.168.146.199:5000/ubuntu:latest
latest: Pulling from ubuntu
54ee1f796a1e: Pull complete
f7bfea53ad12: Pull complete
46d371e02073: Pull complete
b66c17bbf772: Pull complete
Digest: sha256:6f2fb2f9fb5582f8b587837afd6ea8f37d8d1d9e41168c90f410a6ef15fa8ce5
Status: Downloaded newer image for 192.168.146.199:5000/ubuntu:latest
192.168.146.199:5000/ubuntu:latest
[root@mydockerhub ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.146.199:5000/ubuntu latest 4e2eef94cd6b 2 weeks ago 73.9MB
3、registry實現WebUI(docker-registry-frontend)web
ENV_DOCKER_REGISTRY_HOST不能填宿主機IP(不然報503 service unavailable錯誤),要填registry容器的172.17.0.2 IP地址。 [root@mydockerhub ~]# docker run -d --restart=always -e ENV_DOCKER_REGISTRY_HOST=172.17.0.2 -e ENV_DOCKER_REGISTRY_PORT=5000 -p 8080:80 konradkleine/docker-registry-frontend:v2 82ee9bb3372cc272c9b89dd31361155a853067f42ebbb29eb65fe8da5d3cfece [root@mydockerhub ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES eecba665dfcc konradkleine/docker-registry-frontend:v2 "/bin/sh -c $START_S…" 18 seconds ago Up 16 seconds 443/tcp, 0.0.0.0:8080->80/tcp root_frontend_1 若是registry啓用https訪問,則容器啓動命令爲: [root@mydockerhub ~]# docker run -d --restart=always -e ENV_DOCKER_REGISTRY_HOST=172.17.0.2 -e ENV_DOCKER_REGISTRY_PORT=5000 -e ENV_DOCKER_REGISTRY_USE_SSL=1 -p 8080:80 konradkleine/docker-registry-frontend:v2 若是registry啓用https訪問,而且docker-registry-frontend:v2啓用web https訪問,則容器啓動命令爲: [root@mydockerhub ~]# docker run -d --restart=always -e ENV_DOCKER_REGISTRY_HOST=172.17.0.2 -e ENV_DOCKER_REGISTRY_PORT=5000 -e ENV_DOCKER_REGISTRY_USE_SSL=1 -e ENV_USE_SSL=yes -v /opt/certs/domain.crt:/etc/apache2/server.crt:ro -v /opt/certs/domain.key:/etc/apache2/server.key:ro -p 443:443 konradkleine/docker-registry-frontend:v2
訪問: http://192.168.146.199:8080/docker
備註:F12查看加載url,最主要是這個 http://192.168.146.199:8080/v2/_catalog?n=20&last=。。apache
宿主機8080會重定向到docker-registry-frontend容器內apache80端口,容器內80端口會轉換到5000端口,因爲registry是在容器內提供服務的,因此docker-registry-frontend指向的registry IP須要填registry容器的。json