服務端：10.10.172.203/24

1、從Docker官方倉庫裏下載registry鏡像

# docker pull registry

2、docker images命令查看本地鏡像；

[root@docker ~]# docker images  
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
registry            latest              d1fd7d86a825        2 weeks ago         33.3MB

默認情況下，會將私有倉庫存放於容器內的/tmp/registry目錄下，這樣如果容器被刪除，則存放於容器中的鏡像也會丟失。

所以一般情況下會指定本地一個目錄掛載到容器內的/tmp/registry下，命令如下：

docker run -d -it --restart always --name docker-hub -p 5000:5000 -v /docker-hub/registry:/var/lib/registry registry

查看容器運行

[root@docker ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
048805afbcf1        registry            "/entrypoint.sh /etc…"   11 seconds ago      Up 8 seconds        0.0.0.0:5000->5000/tcp   docker-hub

由上可以看到，已經啟動了一個容器，地址為：10.10.172.203:5000。

3、由於倉庫與客戶端的https問題，需要修改/usr/lib/systemd/system/docker.service文件，添加 ExecStart=/usr/bin/dockerd --registry-mirror=http://019a7061.m.daocloud.io --insecure-registry 10.10.172.203:5000

[root@docker ~]# cat /usr/lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd --storage-driver=devicemapper --storage-opt=dm.thinpooldev=/dev/mapper/docker-thinpool --storage-opt dm.use_deferred_removal=true --registry-mirror=http://019a7061.m.daocloud.io  --insecure-registry 10.10.172.203:5000
ExecReload=/bin/kill -s HUP $MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s

[Install]
WantedBy=multi-user.target
[root@docker ~]# 

或者

[root@docker ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["http://df98fb04.m.daocloud.io"],
"insecure-registries":["10.10.172.203:5000"] 

}
[root@docker ~]#

重新加載docker服務
[root@docker ~]# systemctl daemon-reload
[root@docker ~]# systemctl restart docker 

註：因為Docker從1.3.X之後，與docker registry交互默認使用的是https，然而此處搭建的私有倉庫只提供http服務，所以當與私有倉庫交互時就會報上面的錯誤。
為了解決這個問題需要在啟動docker server時增加啟動參數為默認使用http訪問。
需要在docker的配置文件/etc/sysconfig/docker （ubuntu系統中的docker配置文件時/etc/default/docker ）添加參數“--insecure-registry=10.10.172.203:5000”。

溫馨提示：
這個是在客戶機的docker配置文件裏添加的(即上傳鏡像到私有倉庫裏或從私有倉庫下載鏡像的客戶機)。

4、重新啟動docker。（如果是在虛擬機中運行，重啟一下虛擬機，要不然還是使用其他機器訪問此倉庫還是會有https的問題）

# systemctl restart docker

5、docker tag將鏡像打tag，語法格式如下

docker tag <image_name> <registry_ip>:5000/<image_name>:<version>

# docker tag centos:latest 10.10.172.203:5000/centos7    //修改了tag後的鏡像若要刪除，docker rmi後面不能用鏡像ID了，需要用docker rmi 10.10.172.203:5000/centos7:latest

[root@docker ~]# docker images
REPOSITORY                   TAG                 IMAGE ID            CREATED             SIZE
registry                     latest              d1fd7d86a825        3 weeks ago         33.3MB
10.10.172.203:5000/centos7   latest              ff426288ea90        3 weeks ago         207MB
centos                       latest              ff426288ea90        3 weeks ago         207MB

6、鏡像的上傳與下載，語法格式如下

docker push <registry_ip>:5000/<image_name>:<version>;上傳鏡像至私有倉庫
docker pull <registry_ip>:5000/<image_name>:<version>;從私有倉庫pull鏡像

# docker push 10.10.172.203:5000/centos7

[root@docker ~]# docker push 10.10.172.203:5000/centos7
The push refers to repository [10.10.172.203:5000/centos7]
e15afa4858b6: Pushed 
latest: digest: sha256:7e94d6055269edb455bcfb637292573117e4a8341e9b9abbc09b17d8aafe8fbe size: 529
[root@docker ~]#

7、使用curl 10.10.172.203:5000/v2/_catalog 查看倉庫中的鏡像情況

[root@docker ~]# curl 10.10.172.203:5000/v2/_catalog
{"repositories":["centos7"]}
[root@docker ~]#

註意查看鏡像方法（docker pull registry:2.1.1）:

# curl -XGET http://registry_ip:5000/v2/_catalog
# curl -XGET http://registry_ip:5000/v2/image_name/tags/list

客戶端下載私有倉庫鏡像：

1. 配置docker信任私有倉庫地址(http)
   

[root@localhost ~]# cat /etc/docker/daemon.json 
{
"registry-mirrors": ["http://df98fb04.m.daocloud.io"],
"insecure-registries":["10.10.172.203:5000"]
}

2.查看客戶端本機鏡像列表

[root@localhost ~]# docker images               
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
centos              latest              ff426288ea90        3 weeks ago         207MB

3.從私有倉庫下載centos鏡像

[root@localhost ~]# docker pull 10.10.172.203:5000/centos7
Using default tag: latest
latest: Pulling from centos7
Digest: sha256:7e94d6055269edb455bcfb637292573117e4a8341e9b9abbc09b17d8aafe8fbe
Status: Downloaded newer image for 10.10.172.203:5000/centos7:latest

4.再次查看客戶端本機鏡像列表

[root@localhost ~]# docker images
REPOSITORY                   TAG                 IMAGE ID            CREATED             SIZE
10.10.172.203:5000/centos7   latest              ff426288ea90        3 weeks ago         207MB
centos                       latest              ff426288ea90        3 weeks ago         207MB
[root@localhost ~]#

總結：使用企業內部私有鏡像倉庫中的鏡像，大大節省了鏡像下載的時間。

docker-ce私有倉庫搭建