Docker Registry私有倉庫搭建
部署registry
準備一個registry.mydocker.com 的證書php
對私有registry取名registry.mydocker.comhtml
目錄規劃
倉庫數據目錄:/data/docker/registry/registry/ --> /var/lib/registry/
SSL證書目錄:/data/docker/registry/ssl/ --> /etc/docker/registry/ssl/
密碼文件目錄:/data/docker/registry/auth/ --> /etc/docker/registry/auth/mysql
啓動registry容器
[root@Docker_Machine_192.168.31.130 ~]# docker run -d \ -v /data/docker/registry/registry/:/var/lib/registry/ \ -v /data/docker/registry/ssl/:/etc/docker/registry/ssl/ \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/docker/registry/ssl/registry.mydocker.com.crt \ -e REGISTRY_HTTP_TLS_KEY=/etc/docker/registry/ssl/registry.mydocker.com.key \ --restart=always \ --name registry.mydocker.com \ --hostname registry.mydocker.com \ registry [root@Docker_Machine_192.168.31.130 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 9215e587ea8e registry "/entrypoint.sh /etc…" About an hour ago Up 20 minutes 5000/tcp registry.mydocker.com
配置ngx
server {
listen 127.0.0.1:443 ssl;
server_name registry.mydocker.com;
index index.html index.htm index.php;
root /data/web/webclose/;
include ssl_registry.mydocker.com.conf;
include deny_file.conf;
# disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;
# required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486)
chunked_transfer_encoding on;
location / {
# Do not allow connections from docker 1.5 and earlier
# docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
return 404;
}
proxy_pass https://172.17.0.2:5000;
proxy_set_header Host $host;
expires off;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
access_log /data/logs/$host.log access;
}
經常使用手段
push
push 鏡像前,須要tag在pushgit
[root@Docker_Machine_192.168.31.130 ~]# docker tag me/percona-server-5.7.23.24 registry.mydocker.com/mysql/percona-server-5.7.23.24 [root@Docker_Machine_192.168.31.130 ~]# docker push registry.mydocker.com/mysql/percona-server-5.7.23.24 The push refers to repository [registry.mydocker.com/mysql/percona-server-5.7.23.24] 7705ebebf110: Pushed 158db895cdd8: Pushed bcc97fbfc9e1: Pushed latest: digest: sha256:a081a3396473904e67fd438b555576a41296057eeddf8af5f6cb2c93cc68064c size: 955
pull
[root@Docker_Machine_192.168.31.130 ~]# docker pull registry.mydocker.com/mysql/percona-server-5.7.23.24 Using default tag: latest latest: Pulling from mysql/percona-server-5.7.23.24 Digest: sha256:a081a3396473904e67fd438b555576a41296057eeddf8af5f6cb2c93cc68064c Status: Downloaded newer image for registry.mydocker.com/mysql/percona-server-5.7.23.24:latest [root@Docker_Machine_192.168.31.130 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE me/percona-server-5.7.23.24 latest 5af5b8e6c4c8 2 months ago 775MB registry.mydocker.com/mysql/percona-server-5.7.23.24 latest 5af5b8e6c4c8 2 months ago 775MB
垃圾回收
registry garbage-collect /etc/docker/registry/config.ymlgithub
[root@Docker_Machine_192.168.31.130 ~]# docker exec -it registry.mydocker.com sh / # registry garbage-collect /etc/docker/registry/config.yml mysql/percona-server-5.7.23.24 mysql/percona-server-5.7.23.24: marking manifest sha256:a081a3396473904e67fd438b555576a41296057eeddf8af5f6cb2c93cc68064c mysql/percona-server-5.7.23.24: marking blob sha256:5af5b8e6c4c84ed6945cd7a563b9128d8c0aa2107e2882aff6a5a27ef4c9b623 mysql/percona-server-5.7.23.24: marking blob sha256:7dc0dca2b1516961d6b3200564049db0a6e0410b370bb2189e2efae0d368616f mysql/percona-server-5.7.23.24: marking blob sha256:554337fab389bc00d82df4a8deb7719c4f8898f458980d54ecc6b7edb65eb67f mysql/percona-server-5.7.23.24: marking blob sha256:06fcba1e485b285ac7f3a5b54f6105b1e19504fc24b456252a0dcba8bd208adc 5 blobs marked, 0 blobs eligible for deletion
使用api
查看鏡像 GET /v2/_catalogweb
[root@Docker_Machine_192.168.31.130 ~]# curl https://registry.mydocker.com/v2/_catalog
{"repositories":["mysql/percona-server-5.7.23.24"]}
刪除鏡像sql
DELETE /v2/<name>/manifests/<reference>
name:鏡像名稱docker
reference: 鏡像對應sha256值shell
[root@Docker_Machine_192.168.31.130 ~]# curl -X DELETE https://registry.mydocker.com/v2/percona-server-5.7.23.24/manifests/sha256:a081a3396473904e67fd438b555576a41296057eeddf8af5f6cb2c93cc68064c
{"errors":[{"code":"UNSUPPORTED","message":"The operation is unsupported."}]}
這種狀況是私有倉庫不支持刪除操做,須要在配置文件config.yml中增長delete:enabled:true字段json
具體參考https://docs.docker.com/registry/spec/api/
Authentication的加持
建立帳號密碼
cd /data/dokcer/registry/auth #registry 密碼文件 docker run --rm --entrypoint htpasswd registry -Bbn reguser regpasswd > registry_htpasswd #ngx密碼文件 echo "reguser:`openssl passwd -crypt regpasswd 2> /dev/null`" > registry_ngxpasswd
啓動registry容器
docker run -d \ -v /data/docker/registry/registry/:/var/lib/registry/ \ -v /data/docker/registry/ssl/:/etc/docker/registry/ssl/ \ -v /data/docker/registry/auth/:/etc/docker/registry/auth/ \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/docker/registry/ssl/registry.mydocker.com.crt \ -e REGISTRY_HTTP_TLS_KEY=/etc/docker/registry/ssl/registry.mydocker.com.key \ -e REGISTRY_AUTH=htpasswd \ -e REGISTRY_AUTH_HTPASSWD_REALM="Registry Realm" \ -e REGISTRY_AUTH_HTPASSWD_PATH=/etc/docker/registry/auth/registry_htpasswd \ --restart=always \ --name registry.mydocker.com \ --hostname registry.mydocker.com \ registry
配置ngx
map $upstream_http_docker_distribution_api_version $docker_distribution_api_version {
'' 'registry/2.0';
}
server {
listen 127.0.0.1:443 ssl;
server_name registry.mydocker.com;
index index.html index.htm index.php;
root /data/web/webclose/;
include ssl_registry.mydocker.com.conf;
include deny_file.conf;
# disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;
# required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486)
chunked_transfer_encoding on;
location / {
# Do not allow connections from docker 1.5 and earlier
# docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
return 404;
}
# To add basic authentication to v2 use auth_basic setting.
auth_basic "Registry realm";
auth_basic_user_file /data/docker/registry/auth/registry_ngxpasswd;
## If $docker_distribution_api_version is empty, the header is not added.
## See the map directive above where this variable is defined.
add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;
proxy_pass https://172.17.0.2:5000;
expires off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
access_log /data/logs/$host.log access;
}
使用api
curl -XGET -u reguser:regpasswd https://registry.mydocker.com/v2/_catalog
登陸registry
配置認證後,使用 pull push 鏡像時須要登錄registry
[root@Docker_Machine_192.168.31.130 ~]# docker login -u=reguser -p=regpasswd registry.mydocker.com WARNING! Using --password via the CLI is insecure. Use --password-stdin. WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [root@Docker_Machine_192.168.31.130 ~]# docker logout registry.mydocker.com Removing login credentials for registry.mydocker.com
登陸後就能夠正常pull push等操做了。
相關文章
- 1. registry私有倉庫搭建
- 2. 快速搭建Docker Registry私有倉庫
- 3. Docker:搭建私有倉庫(Registry 2.4)
- 4. Ubuntu Docker Registry 搭建私有倉庫
- 5. 搭建docker私有倉庫registry
- 6. Docker 搭建私有鏡像倉庫Registry
- 7. Docker私有倉庫Registry的搭建
- 8. Docker 之registry私有倉庫搭建
- 9. Docker搭建私有倉庫之registry
- 10. docker registry私有倉庫搭建
- 更多相關文章...
- • Git 創建倉庫 - Git 教程
- • Docker 倉庫管理 - Docker教程
- • Docker 清理命令
- • 適用於PHP初學者的學習線路和建議
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
歡迎關注本站公眾號,獲取更多信息
