setup Docker private registry


一、 普通模式, no ssl

setup private docker registry (参考 https://www.digitalocean.com/community/tutorials/how-to-set-up-a-private-docker-registry-on-ubuntu-14-04 and http://www.dropbit.ch/private-docker-registry-with-nginx-on-centos-7/   )

On dedicated Docker private registry host, we use CentOS7:

add CentOS-Extras repository

yum -y install docker-registry
systemctl start docker-registry
systemctl enable docker-registry

install docker to pull images you needed, then

vi /etc/sysconfig/docker
INSECURE_REGISTRY=‘--insecure-registry=docker-registry-host:5000‘

systemctl restart docker

docker tag image-id registry-host-name:5000/ubuntu:14.04.2 , etc

docker push registry-host-name:5000/ubuntu:14.04.2, etc

查看docker private registry:

curl http://registry-host-name:5000/v1/search

on normal docker hosts that want to use this private registry:

CentOS7:
vi /etc/sysconfig/docker
INSECURE_REGISTRY=‘--insecure-registry=docker-registry-host:5000‘

systemctl restart docker
docker pull docker-registry-host:5000/ubuntu:14.04.2

CentOS6:
vi /etc/sysconfig/docker
other_args="--registry-mirror=http://8c6d2546.m.daocloud.io --insecure-registry=docker-registry-host:5000"

service docker restart
docker pull docker-registry-host:5000/ubuntu:14.04.2

Ubuntu 14.04.2
vi /etc/default/docker
DOCKER_OPTS="--registry-mirror=http://8c6d2546.m.daocloud.io --insecure-registry=192.168.1.6:5000"

service docker restart
docker pull docker-registry-host:5000/ubuntu:14.04.2

Notes: docker run -d -p 5000:5000 -v /opt/docker/registry:/tmp/registry registry:latest

一、 安全模式, with ssl

On dedicated Docker private registry host, we use CentOS7:

add CentOS-Extras repository
yum -y install docker-registry
systemctl start docker-registry
systemctl enable docker-registry

1. Installing Nginx:
add EPEL repository
yum -y install nginx
systemctl enable nginx
systemctl start nginx

2. Configure access through Nginx to your private docker registry
vi /etc/hosts
ip-address-of-docker-registry    www.ilovedocker.com

mkdir /etc/nginx/sites-available
vi /etc/nginx/sites-available/docker-registry
# For versions of Nginx > 1.3.9 that include chunked transfer encoding support
# Replace with appropriate values where necessary

upstream private-docker-registry {
 server localhost:5000;
}

server {
 listen 443;
 server_name www.ilovedocker.com;

#ssl on;
 #ssl_certificate /etc/pki/tls/certs/www.ilovedocker.com.crt;
 #ssl_certificate_key /etc/pki/tls/private/www.ilovedocker.com.key;

proxy_set_header Host       $http_host;   # required for Docker client sake
 proxy_set_header X-Real-IP  $remote_addr; # pass on real client IP

client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads

# required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
 chunked_transfer_encoding on;

location / {
     # let Nginx know about our auth file
     auth_basic              "Restricted";
     auth_basic_user_file    docker-registry.htpasswd;

proxy_pass http://private-docker-registry;
 }
 location /_ping {
     auth_basic off;
     proxy_pass http://private-docker-registry;
 }
 location /v1/_ping {
     auth_basic off;
     proxy_pass http://private-docker-registry;
 }

}

vi /etc/sysconfig/docker-registry
REGISTRY_ADDRESS=127.0.0.1

systemctl restart docker-registry

yum -y install httpd-tools
htpasswd -c /etc/nginx/docker-registry.htpasswd USERNAME
Open the file /etc/nginx/nginx.conf and add after the line “include /etc/nginx/conf.d/*.conf;”the following:
include /etc/nginx/sites-enabled/*;

mkdir /etc/nginx/sites-enabled
ln -s /etc/nginx/sites-available/docker-registry /etc/nginx/sites-enabled/docker-registry
systemctl reload nginx

curl USER:[email protected]:443

3. Configure Nginx to use ssl
mkdir ~/certs
cd ~/certs

create a new root key:
openssl genrsa -out dockerCA.key 2048

create a root certificate, you don’t have to answer the upcoming question, just hit enter:
openssl req -x509 -new -nodes -key dockerCA.key -days 3650 -out dockerCA.crt

create a private key for your Nginx Server:
openssl genrsa -out www.ilovedocker.com.key 2048

Next a certificate signing request is needed:
openssl req -new -key www.ilovedocker.com.key -out www.ilovedocker.com.csr
Answer the upcoming question for “Common Name” with the domain of your server, e.g: www.ilovedocker.com. Don’t provide a challenge password.

sign the certificate request:
openssl x509 -req -in www.ilovedocker.com.csr -CA dockerCA.crt -CAkey dockerCA.key -CAcreateserial -out www.ilovedocker.com.crt -days 3650

vi /etc/nginx/sites-available/docker-registry to uncomment ssl lines

cp www.ilovedocker.com.crt /etc/pki/tls/certs/
cp www.ilovedocker.com.key /etc/pki/tls/private/

update-ca-trust enable
cp dockerCA.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust extract
systemctl reload nginx

curl https://USER:[email protected]

4. on remote docker host

docker with your private remote docker registry
Ubuntu 14.04:
vi /etc/hosts
ip-address-of-docker-registry    www.ilovedocker.com

copy dockerCA.crt to /usr/local/share/ca-certificates
update-ca-certificates

CentOS6/7:
vi /etc/hosts
ip-address-of-docker-registry    www.ilovedocker.com

copy dockerCA.crt to /etc/pki/ca-trust/source/anchors
update-ca-trust enable
update-ca-trust extract

docker login https://www.ilovedocker.com
docker pull ubuntu
docker tag ubuntu www.ilovedocker.com/ubuntu:hj
docker push www.ilovedocker.com/ubuntu:hj

时间: 2024-10-11 13:01:19

setup Docker private registry的相关文章

docker private registry使用

一.搭建harbor: 步骤:略 二.命令行操作: 登录:docker login docker01 tag image: tag 一个 image,名称一定要标准( registryAddress[:端口]/项目/imageName[:tag] ),最后将其 push 即可 : docker  tag nginx:1.9  docker01/test/nginx:1.9 push即可:docker push  docker01/test/nginx:1.9

docker使用registry搭建本地私有仓库

参考链接来自:http://blog.csdn.net/wangtaoking1/article/details/44180901/ 和Mavan的管理一样,Dockers不仅提供了一个中央仓库,同时也允许我们使用registry搭建本地私有仓库. 使用私有仓库有许多优点: 节省网络带宽,针对于每个镜像不用每个人都去中央仓库上面去下载,只需要从私有仓库中下载即可: 提供镜像资源利用,针对于公司内部使用的镜像,推送到本地的私有仓库中,以供公司内部相关人员使用. 接下来我们就大致说一下如何在本地搭建

Setup a private http/nginx based GIT server

原文:http://aaba.me/blog/2014/03/setup-a-private-http-nginx-based-git-server.html https://doomzhou.github.io/git/linux/2016/03/30/git-over-http-by-nginx.html 参考:http://beginor.github.io/2016/03/12/http-git-server-on-nginx.html ? Downgrade Lightroom 5 c

从0到1体验Jenkins+Docker+Git+Registry实现CI自动化发布

一.前言 Jenkins是一款开源 CI&CD 软件,用于自动化各种任务,包括构建.测试和部署软件.Jenkins 支持各种运行方式,可通过系统包.Docker 或者通过一个独立的 Java 程序.Jenkins是一个广泛用于持续构建的可视化Web工具,持续构建就是将项目自动化编译.打包.部署.通过规范化来完成,简单,繁琐,浪费时间的重复工作. Jenkins名言:构建伟大,无所不能! Jenkins用户手册传送门:https://jenkins.io/zh/doc/ 二.发布流程 工作详细流程

Docker 私服Registry简介与使用Docker-Compose安装Registry

场景 Docker-Compose简介与Ubuntu Server 上安装Compose: https://blog.csdn.net/BADAO_LIUMANG_QIZHI/article/details/100902301 Docker Compose基本使用-使用Compose启动Tomcat为例: https://blog.csdn.net/BADAO_LIUMANG_QIZHI/article/details/100904080 Docker Compose部署项目到容器-基于Tomc

docker 之 registry私有仓库(harbor)

1.deploy a registry server 文档:https://docs.docker.com/registry/deploying/ 镜像dockerhub:https://store.docker.com 安装: docker run -d -p 8300:5000 --restart=always --nameemo registry registry:2 访问地址:主机/v2/_catolog 2.harbor 选型:https://www.cnblogs.com/jaazz

docker 搭建registry

Docke官方提供了Docker Hub网站来作为一个公开的集中仓库.然而,本地访问Docker Hub速度往往很慢,并且很多时候我们需要一个本地的私有仓库只供网内使用.Docker仓库实际上提供两方面的功能,一个是镜像管理,一个是认证.前者主要由docker-registry项目来实现,通过http服务来上传下载:后者可以通过docker-index(闭源)项目或者利用现成认证方案(如nginx)实现http请求管理. 系统环境:CentOS 7.2主机IP:192.168.116.148 1

Docker 私有registry出现的证书问题

在上一篇 最近搭建的私有registry里,参考的文章指出,在push时可能出现问题: 可能会出现无法push镜像到私有仓库的问题.这是因为我们启动的registry服务不是安全可信赖的.这是我们需要修改docker的配置文件/etc/default/docker,添加下面的内容, DOCKER_OPTS="--insecure-registry xxx.xxx.xxx.xxx:5000" 然后重启docker后台进程, $ sudo service docker restart 这是

setup Docker proxy

? ? ? $ mkdir /etc/systemd/system/docker.service.d/ $ cat >/etc/systemd/system/docker.service.d/proxy.conf << EOF [Service] Environment=HTTP_PROXY=http://myproxy:3128/ EOF $ systemctl daemon-reload $ systemctl restart docker.service ? ?