我们知道Docker官方提供了一个公有的registry服务 —— Docker Hub。但是在实际企业内部可能有些镜像不便放到公网上,所以Docker也提供了私有registry来让有需要的用户自己搭建私有仓库。本文就来简单介绍一下Docker Registry的搭建。

基础环境

[root@iZuf6ad1jbc6fxnx39qb04Z ~]# docker version
Client:
 Version:           18.09.3
 API version:       1.39
 Go version:        go1.10.8
 Git commit:        774a1f4
 Built:             Thu Feb 28 06:33:21 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.3
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.8
  Git commit:       774a1f4
  Built:            Thu Feb 28 06:02:24 2019
  OS/Arch:          linux/amd64
  Experimental:     false

下载Registry

[root@iZuf6ad1jbc6fxnx39qb04Z ~]# docker pull registry
Using default tag: latest
latest: Pulling from library/registry
c87736221ed0: Pull complete
1cc8e0bb44df: Pull complete
54d33bcb37f5: Pull complete
e8afc091c171: Pull complete
b4541f6d3db6: Pull complete
Digest: sha256:3b00e5438ebd8835bcfa7bf5246445a6b57b9a50473e89c02ecc8e575be3ebb5
Status: Downloaded newer image for registry:latest

运行Registry

[root@iZuf6ad1jbc6fxnx39qb04Z registry]# mkdir -p /root/diycoder/registry
[root@iZuf6ad1jbc6fxnx39qb04Z registry]# docker run -d --name registry  -p 5000:5000  -v  /root/diycoder/registry:/var/lib/registry  registry
65bc21e3ad537b337a18e70497fa8a93902424945862e2b1e3348a1312046acf
  • -d 后台运行
  • –name 给服务命名
  • -p 指定端口
  • -v把registry的镜像路径/var/lib/registry映射到本机的/root/diycoder/registry

查看运行状态,查询端口情况

[root@iZuf6ad1jbc6fxnx39qb04Z registry]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
65bc21e3ad53        registry            "/entrypoint.sh /etc…"   10 seconds ago      Up 9 seconds        0.0.0.0:5000->5000/tcp   registry
[root@iZuf6ad1jbc6fxnx39qb04Z registry]# netstat -anp | grep 5000
tcp6       0      0 :::5000                 :::*                    LISTEN      21438/docker-proxy

修改Docker配置文件

sudo vim /etc/docker/daemon.json

在文件中加入如下配置

{
  "insecure-registries": ["diycoder.com:5000"]
}

注意:上面的IP地址是Docker Registry的监听地址,需要替换成自己的

然后编辑

sudo vim /lib/systemd/system/docker.service

添加如下配置

docker-registry.png

重启Docker服务

[root@swarm-manager ~]$ sudo systemctl daemon-reload
[root@swarm-manager ~]$ sudo systemctl restart docker

上传镜像

我们就用上一篇构建的diycoder/web-app镜像修改一下,然后上传到Registry

将diycoder/web-app 修改为diycoder.com:5000/web-app

[root@swarm-manager diycoder.com]# docker tag diycoder/web-app diycoder.com:5000/web-app
[root@swarm-manager diycoder.com]# docker images
REPOSITORY                        TAG                 IMAGE ID            CREATED             SIZE
diycoder.com:5000/web-app         latest              192f44d9cd97        8 minutes ago       10.7MB
diycoder/web-app                  latest              192f44d9cd97        8 minutes ago       10.7MB

上传镜像

[root@swarm-manager diycoder.com]# docker push diycoder.com:5000/web-app
The push refers to repository [diycoder.com:5000/web-app]
043d18c9357d: Pushed
latest: digest: sha256:92e2bfa52cd3aa8dafca57b764a16fc816ba2e5797ad1983b12916a993206a70 size: 528

查看镜像仓库

[root@swarm-manager diycoder.com]# curl diycoder.com:5000/v2/_catalog
{"repositories":["web-app"]}

拉取私有仓库镜像

我们先把本地的删除,然后从镜像仓库拉取

[root@swarm-manager diycoder.com]# docker rmi -f diycoder.com:5000/web-app:latest
Untagged: diycoder.com:5000/web-app:latest
Untagged: diycoder.com:5000/web-app@sha256:92e2bfa52cd3aa8dafca57b764a16fc816ba2e5797ad1983b12916a993206a70
[root@swarm-manager diycoder.com]# docker pull diycoder.com:5000/web-app
Using default tag: latest
latest: Pulling from web-app
Digest: sha256:92e2bfa52cd3aa8dafca57b764a16fc816ba2e5797ad1983b12916a993206a70
Status: Downloaded newer image for diycoder.com:5000/web-app:latest
[root@swarm-manager diycoder.com]# docker images
REPOSITORY                        TAG                 IMAGE ID            CREATED             SIZE
diycoder.com:5000/web-app         latest              192f44d9cd97        16 minutes ago      10.7MB

拉取成功,OK ! 非用户认证的到此为止! 如果需要账户认证的请继续:

设置账户密码

先把上面的registry stop、rm

[root@iZuf6ad1jbc6fxnx39qb04Z ~]# docker stop 65bc21e3ad53
[root@iZuf6ad1jbc6fxnx39qb04Z ~]# docker rm d65bc21e3ad53

设置密码

[root@iZuf6ad1jbc6fxnx39qb04Z auth]# mkdir -p /root/diycoder/registry/auth/
[root@iZuf6ad1jbc6fxnx39qb04Z auth]# docker run --entrypoint htpasswd registry:latest -Bbn diycoder 123456  >> /root/diycoder/registry/auth/htpasswd

设置配置

[root@iZuf6ad1jbc6fxnx39qb04Z auth]# mkdir -p /root/diycoder/registry/config
[root@iZuf6ad1jbc6fxnx39qb04Z auth]# vim /root/diycoder/registry/config/config.yml

config.yml

version: 0.1
log:
  fields:
    service: registry
storage:
  delete:
    enabled: true
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
health:
  storagedriver:
    enabled: true
    interval: 10s
threshold: 3

启动Registry

[root@iZuf6ad1jbc6fxnx39qb04Z auth]# docker run -d --name registry -p 5000:5000 --restart=always  --name=registry\
>     -v /root/diycoder/registry/config/:/etc/docker/registry/ \
>     -v /root/diycoder/registry/auth/:/auth/ \
>     -e "REGISTRY_AUTH=htpasswd" \
>     -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
>     -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
>     -v /root/diycoder/registry:/var/lib/registry/ \
>     registry:latest
147cc1273e7bfbba07c55a59eecb8720260d0abc76eb3ce9617b3c09ad3e23cb
[root@iZuf6ad1jbc6fxnx39qb04Z auth]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
147cc1273e7b        registry:latest     "/entrypoint.sh /etc…"   6 seconds ago       Up 5 seconds        0.0.0.0:5000->5000/tcp   registry

登录Registry

[root@swarm-manager diycoder.com]# docker login diycoder.com:5000
Username: diycoder
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

查看Registry

和之前一样的测试方式,不过curl需要加上用户名和密码:

[root@swarm-manager diycoder.com]# curl -u diycoder:123456 diycoder.com:5000/v2/_catalog
{"repositories":["web-app"]}

OK ,以上就是搭建Docker Registry认证和非认证的方法

参考链接:

Deploy a registry server
docker:用registry快速搭建私有镜像仓库
Docker私有库搭建过程(Registry)

文章目录