From 62be70c24154725535e77a246b91bd6b0baa36f2 Mon Sep 17 00:00:00 2001 From: kev Date: Mon, 29 Aug 2016 08:13:48 +0800 Subject: [PATCH] update registry --- registry/README.md | 51 +++++++++++++++++++++++++++++++++---- registry/docker-compose.yml | 23 ++++++++++++++--- 2 files changed, 66 insertions(+), 8 deletions(-) diff --git a/registry/README.md b/registry/README.md index 4dc6e5a..b01e0d3 100644 --- a/registry/README.md +++ b/registry/README.md @@ -7,7 +7,7 @@ registry ```yaml registry: - image: registry + image: registry:2 ports: - "5000:5000" volumes: @@ -16,17 +16,37 @@ registry: - ./certs:/certs - ./auth:/auth environment: - - REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registry.easypi.info.crt - - REGISTRY_HTTP_TLS_KEY=/certs/registry.easypi.info.key + - REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt + - REGISTRY_HTTP_TLS_KEY=/certs/domain.key - REGISTRY_AUTH=htpasswd - REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm - REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd restart: always + +frontend: + image: konradkleine/docker-registry-frontend:v2 + ports: + - "8080:80" + - "8443:443" + links: + - registry + volume: + - ./certs/domain.crt:/etc/apache2/domain.crt + - ./certs/domain.key:/etc/apache2/domain.key + environment: + - ENV_DOCKER_REGISTRY_HOST=registry + - ENV_DOCKER_REGISTRY_PORT=5000 + - ENV_DOCKER_REGISTRY_USE_SSL=1 + - ENV_USE_SSL=yes + restart: always ``` -## up and running +## Server Setup ```bash +$ mkdir -p ~/fig/registry/{auth,certs} +$ cd ~/fig/registry +$ openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt $ docker-compose up -d $ docker-compose exec registry sh >>> htpasswd -Bbn username password >> /auth/htpasswd @@ -38,16 +58,37 @@ proxy: ^D >>> exit $ docker-compose restart +``` + +## Client Setup + +```bash +$ scp registry.easypi.info:fig/registry/certs/domain.crt \ + /etc/docker/certs.d/registry.easypi.info:5000/ca.crt + +$ systemctl edit docker +# /etc/systemd/system/docker.service.d/override.conf +[Service] +ExecStart= +ExecStart=/usr/bin/dockerd -H fd:// --registry-mirror https://registry.easypi.info:5000 + +$ systemctl daemon-reload +$ systemctl restart docker $ docker pull alpine $ docker tag alpine registry.easypi.info:5000/alpine $ docker login -u username -p password easypi.info:5000 $ docker push registry.easypi.info:5000/alpine +$ docker rmi registry.easypi.info:5000/alpine $ docker pull registry.easypi.info:5000/alpine + +$ firefox http://registry.easypi.info:8080 ``` -## read more +> Append `--insecure-registry registry.easypi.info:5000` option to disable TLS. + +## Read More - https://github.com/docker/distribution/blob/master/docs/deploying.md - https://github.com/docker/distribution/blob/master/docs/insecure.md diff --git a/registry/docker-compose.yml b/registry/docker-compose.yml index b722e24..7ac2d9a 100644 --- a/registry/docker-compose.yml +++ b/registry/docker-compose.yml @@ -1,5 +1,5 @@ registry: - image: registry + image: registry:2 ports: - "5000:5000" volumes: @@ -8,9 +8,26 @@ registry: - ./certs:/certs - ./auth:/auth environment: - - REGISTRY_HTTP_TLS_CERTIFICATE=/certs/easypi.info.crt - - REGISTRY_HTTP_TLS_KEY=/certs/easypi.info.key + - REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt + - REGISTRY_HTTP_TLS_KEY=/certs/domain.key - REGISTRY_AUTH=htpasswd - REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm - REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd restart: always + +frontend: + image: konradkleine/docker-registry-frontend:v2 + ports: + - "8080:80" + - "8443:443" + links: + - registry + volume: + - ./certs/domain.crt:/etc/apache2/domain.crt + - ./certs/domain.key:/etc/apache2/domain.key + environment: + - ENV_DOCKER_REGISTRY_HOST=registry + - ENV_DOCKER_REGISTRY_PORT=5000 + - ENV_DOCKER_REGISTRY_USE_SSL=1 + - ENV_USE_SSL=yes + restart: always