Docker私有源配置

基本命令

sudo docker run -d -p 5000:5000 --restart=always  --name registry \
		-v /home/docker/registry:/var/lib/registry registry:2 # 加入restart=always 跟随docker启动时自启动
# 本地启动后镜像服务器的地址为 localhost:5000

运行后会自动到docker hub 上拉取

sudo docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
registry            2                   2e2f252f3c88        4 weeks ago         33.3MB

Docker 镜像命名规则

完整的image名称：registry.domain.com/name/base:latest

1. registry.domain.com image 所在服务器地址
2. name 命名空间
3. base 具体名字
4. latest 版本号

验证本地私有镜像

1. 本地存在一个ubuntu:16.04 的镜像

root@pprt-s1:/home/docker# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
registry            2                   2e2f252f3c88        4 weeks ago         33.3MB
ubuntu              16.04               b9e15a5d1e1a        5 weeks ago         115MB

1. 添加一个新的taglocalhost:5000/ubuntu:16.04

root@pprt-s1:/home/docker# docker tag ubuntu:16.04 localhost:5000/ubuntu:16.04
root@pprt-s1:/home/docker# docker  images
REPOSITORY              TAG                 IMAGE ID            CREATED             SIZE
registry                2                   2e2f252f3c88        4 weeks ago         33.3MB
ubuntu                  16.04               b9e15a5d1e1a        5 weeks ago         115MB
localhost:5000/ubuntu   16.04               b9e15a5d1e1a        5 weeks ago         115MB

1. 将镜像localhost:5000/ubuntu:16.04 push 到私有源

root@pprt-s1:/home/docker# docker push  localhost:5000/ubuntu:16.04
The push refers to repository [localhost:5000/ubuntu]
75b79e19929c: Pushed
4775b2f378bb: Pushed
883eafdbe580: Pushed
19d043c86cbc: Pushed
8823818c4748: Pushed
16.04: digest: sha256:9b47044b1e79b965a8e1653e7f9c04b5f63e00b9161bedd5baef69bb8b4c4834 size: 1357

1. 删除本地 localhost:5000/ubuntu:16.04

root@pprt-s1:/home/docker# docker image rm localhost:5000/ubuntu:16.04
Untagged: localhost:5000/ubuntu:16.04
Untagged: localhost:5000/ubuntu@sha256:9b47044b1e79b965a8e1653e7f9c04b5f63e00b9161bedd5baef69bb8b4c4834
root@pprt-s1:/home/docker# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
registry            2                   2e2f252f3c88        4 weeks ago         33.3MB
ubuntu              16.04               b9e15a5d1e1a        5 weeks ago         115MB

1. 从私有源拉取镜像，成功得到镜像

root@pprt-s1:/home/docker# docker  pull localhost:5000/ubuntu:16.04
16.04: Pulling from ubuntu
Digest: sha256:9b47044b1e79b965a8e1653e7f9c04b5f63e00b9161bedd5baef69bb8b4c4834
Status: Downloaded newer image for localhost:5000/ubuntu:16.04
root@pprt-s1:/home/docker# docker images
REPOSITORY              TAG                 IMAGE ID            CREATED             SIZE
registry                2                   2e2f252f3c88        4 weeks ago         33.3MB
ubuntu                  16.04               b9e15a5d1e1a        5 weeks ago         115MB
localhost:5000/ubuntu   16.04               b9e15a5d1e1a        5 weeks ago         115MB

身份验证

$ mkdir auth
$ docker run \
  --entrypoint htpasswd \
  registry:2 -Bbn testuser testpassword > auth/htpasswd

为外网提供服务

sudo docker run -d -p 5000:5000 \
	--restart=always  \
	--name registry \
	-e REGISTRY_HTTP_TLS_CERTIFICATE=/home/docker/cert_file/os.pprt.net/pprt.net.cer \
    -e REGISTRY_HTTP_TLS_KEY=/home/docker/cert_file/os.pprt.net/pprt.net.key \
	-v /home/docker/registry:/var/lib/registry \
	-v `pwd`/auth:/auth \
	-e "REGISTRY_AUTH=htpasswd" \
    -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
    registry:2

nginx代理

https://github.com/docker/docker-registry/blob/master/contrib/nginx/nginx.conf

nginx.conf

# For nginx < 1.3.9
# FYI: Chunking requires nginx-extras package on Debian Wheezy and some Ubuntu versions
# See chunking http://wiki.nginx.org/HttpChunkinModule
# Replace with appropriate values where necessary

upstream docker-registry {
  server localhost:5000;
}

# uncomment if you want a 301 redirect for users attempting to connect
# on port 80
# NOTE: docker client will still fail. This is just for convenience
# server {
#   listen *:80;
#   server_name my.docker.registry.com;
#   return 301 https://$server_name$request_uri;
# }

server {
  listen 443;
  server_name docker.os.pprt.net;

  ssl on;
  ssl_certificate /home/docker/cert_file/fullchain.cer;
  ssl_certificate_key /home/docker/cert_file/pprt.net.key;

  client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads

  # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
  chunkin on;
  error_page 411 = @my_411_error;
  location @my_411_error {
    chunkin_resume;
  }

  location / {
    auth_basic            "Restricted";
    auth_basic_user_file  docker-registry.htpasswd;
    include               docker-registry.conf;
  }

  location /_ping {
    auth_basic off;
    include               docker-registry.conf;
  }

  location /v1/_ping {
    auth_basic off;
    include               docker-registry.conf;
  }
}

docker-registry.conf

proxy_pass                       http://docker-registry;
proxy_set_header  Host           $http_host;   # required for docker client's sake
proxy_set_header  X-Real-IP      $remote_addr; # pass on real client's IP
proxy_set_header  Authorization  ""; # see https://github.com/dotcloud/docker-registry/issues/170
proxy_read_timeout               900;

查询

$ curl http://domain.com/v2/_catalog
{"repositories":["ubuntu"]}

停止并删除容器

docker container stop registry && docker container rm -v registry