docker私有倉庫搭建完整記錄(直接pull方式)
1.安裝docker-registry
#直接從官網pull映象registry,簡單粗暴。國內可能速度較慢,考慮掛VPN
docker pull registry
按照上一篇中的方式修改--insecure-registry設定及config.yml檔案
2.執行docker-registry
#後臺啟動registry,其中/home/alvin/registry為我本地倉庫的儲存路徑
docker run -d -v /home/alvin/registry:/tmp/registry -p 5000:5000 -e DOCKER_REGISTRY_CONFIG=/tmp/registry/config.yml registry
問題記錄:每次重新執行時映象丟失
解決方法:修改倉庫路徑到本地
docker run -d -e SETTINGS_FLAVOR=dev -e STORAGE_PATH=/tmp/registry -v /home/alvin/registry:/tmp/registry -p 5000:5000 registry
至此已經可以正常的push/pull操作了
3.nginx代理認證
#安裝nginx
sudo apt-get install -y nginx apache2-utils
#建立使用者名稱及密碼
sudo htpasswd -c /etc/nginx/docker-registry.htpasswd [USERNAME]
#配置nginx認證檔案
sudo vim /etc/nginx/sites-available/docker-registry
#檔案中寫入下面內容:
其中server_name改為主機的ip或域名# For versions of Nginx > 1.3.9 that include chunked transfer encoding support # Replace with appropriate values where necessary upstream docker-registry { server localhost:5000; } server { listen 8080; server_name 192.168.32.139; # ssl on; # ssl_certificate /etc/ssl/certs/docker-registry; # ssl_certificate_key /etc/ssl/private/docker-registry; proxy_set_header Host $http_host; # required for Docker client sake proxy_set_header X-Real-IP $remote_addr; # pass on real client IP client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486) chunked_transfer_encoding on; location / { # let Nginx know about our auth file auth_basic "Restricted"; auth_basic_user_file docker-registry.htpasswd; proxy_pass http://docker-registry; } location /_ping { auth_basic off; proxy_pass http://docker-registry; } location /v1/_ping { auth_basic off; proxy_pass http://docker-registry; } }
#連結配置檔案到nginx
sudo ln -s /etc/nginx/sites-available/docker-registry /etc/nginx/sites-enabled/docker-registry
#重啟nginx服務
sudo service nginx restart
可以通過ip:8080來訪問私有倉庫了,並且有使用者認證功能