1
0
mirror of https://github.com/vimagick/dockerfiles.git synced 2024-12-23 01:39:27 +02:00
dockerfiles/registry/README.md

110 lines
2.9 KiB
Markdown
Raw Normal View History

2016-06-18 08:57:59 +02:00
registry
========
[Registry][1] is the Docker toolset to pack, ship, store, and deliver content.
## docker-compose.yml
```yaml
2021-12-13 07:21:46 +02:00
version: "3.8"
services:
registry:
image: registry:2
ports:
- "5000:5000"
volumes:
- /etc/docker/registry
- ./data:/var/lib/registry
- ./certs:/certs
- ./auth:/auth
environment:
- REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt
- REGISTRY_HTTP_TLS_KEY=/certs/domain.key
- REGISTRY_AUTH=htpasswd
- REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm
- REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
restart: unless-stopped
2016-08-29 02:13:48 +02:00
2021-12-13 07:21:46 +02:00
webui:
image: joxit/docker-registry-ui:2
ports:
- "5080:80"
environment:
- NGINX_PROXY_PASS_URL=http://registry:5000
- REGISTRY_TITLE=EasyPi Docker Registry
- DELETE_IMAGES=true
depends_on:
- registry
restart: unless-stopped
2016-06-18 08:57:59 +02:00
```
2016-08-29 02:13:48 +02:00
## Server Setup
2016-06-18 08:57:59 +02:00
```bash
2016-08-29 02:13:48 +02:00
$ mkdir -p ~/fig/registry/{auth,certs}
$ cd ~/fig/registry
$ openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt
2016-06-18 08:57:59 +02:00
$ docker-compose up -d
2016-08-27 13:44:32 +02:00
$ docker-compose exec registry sh
2016-06-18 08:57:59 +02:00
>>> htpasswd -Bbn username password >> /auth/htpasswd
2016-08-27 13:44:32 +02:00
>>> cat >> /etc/docker/registry/config.yml
proxy:
remoteurl: https://registry-1.docker.io
username: username
password: password
^D
2016-06-18 08:57:59 +02:00
>>> exit
2016-08-27 13:44:32 +02:00
$ docker-compose restart
2016-08-29 02:13:48 +02:00
```
2019-08-17 09:28:32 +02:00
> :warning: You cannot use it as registry+mirror at the same time.
2016-08-29 02:13:48 +02:00
## Client Setup
```bash
2019-10-12 13:32:28 +02:00
$ scp registry.easypi.pro:fig/registry/certs/domain.crt \
/etc/docker/certs.d/registry.easypi.pro:5000/ca.crt
2016-08-29 02:13:48 +02:00
2019-08-17 09:28:32 +02:00
$ vim /etc/docker/daemon.json
{
"registry-mirrors": [
2019-10-12 13:32:28 +02:00
"https://registry.easypi.pro:5000"
2019-08-17 09:28:32 +02:00
],
"insecure-registries": [
2019-10-12 13:32:28 +02:00
"registry.easypi.pro"
2019-08-17 09:28:32 +02:00
],
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "3"
}
}
2016-08-29 02:13:48 +02:00
2019-08-17 09:28:32 +02:00
$ systemctl reload docker
$ docker info
2016-06-18 08:57:59 +02:00
$ docker pull alpine
2019-10-12 13:32:28 +02:00
$ docker tag alpine registry.easypi.pro:5000/alpine
2016-06-18 08:57:59 +02:00
2019-10-12 13:32:28 +02:00
$ docker login -u username -p password easypi.pro:5000
$ docker push registry.easypi.pro:5000/alpine
$ docker rmi registry.easypi.pro:5000/alpine
$ docker pull registry.easypi.pro:5000/alpine
2016-08-29 02:13:48 +02:00
2019-10-12 13:32:28 +02:00
$ curl -k -u username:password https://registry.easypi.pro:5000/v2/_catalog
$ curl -k -u username:password https://registry.easypi.pro:5000/v2/alpine/tags/list
2016-06-18 08:57:59 +02:00
```
2019-08-17 09:28:32 +02:00
> :warning: Docker will connect [insecure-registries][2] via HTTPS first (ignore TLS error), then try HTTP.
2016-08-29 02:13:48 +02:00
## Read More
2016-06-20 15:33:42 +02:00
- https://github.com/docker/distribution/blob/master/docs/deploying.md
- https://github.com/docker/distribution/blob/master/docs/insecure.md
- https://serversforhackers.com/tcp-load-balancing-with-nginx-ssl-pass-thru
2016-08-27 13:44:32 +02:00
- https://github.com/docker/distribution/blob/master/docs/recipes/mirror.md
2019-10-12 13:32:28 +02:00
- https://docs.docker.com/registry/spec/api/
2016-06-20 15:33:42 +02:00
2016-06-18 08:57:59 +02:00
[1]: https://github.com/docker/distribution
2019-08-17 09:28:32 +02:00
[2]: https://docs.docker.com/registry/insecure/#deploy-a-plain-http-registry