dockerfiles/registry/README.md

registry
========

[Registry][1] is the Docker toolset to pack, ship, store, and deliver content.

## docker-compose.yml

```yaml
registry:
  image: registry:2
  ports:
    - "5000:5000"
  volumes:
    - /etc/docker/registry
    - ./data:/var/lib/registry
    - ./certs:/certs
    - ./auth:/auth
  environment:
    - REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt
    - REGISTRY_HTTP_TLS_KEY=/certs/domain.key
    - REGISTRY_AUTH=htpasswd
    - REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm
    - REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
  restart: always

frontend:
  image: konradkleine/docker-registry-frontend:v2
  ports:
    - "8080:80"
    - "8443:443"
  links:
    - registry
  volume:
    - ./certs/domain.crt:/etc/apache2/domain.crt
    - ./certs/domain.key:/etc/apache2/domain.key
  environment:
    - ENV_DOCKER_REGISTRY_HOST=registry
    - ENV_DOCKER_REGISTRY_PORT=5000
    - ENV_DOCKER_REGISTRY_USE_SSL=1
    - ENV_USE_SSL=yes
  restart: always
```

## Server Setup

```bash
$ mkdir -p ~/fig/registry/{auth,certs}
$ cd ~/fig/registry
$ openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt
$ docker-compose up -d
$ docker-compose exec registry sh
>>> htpasswd -Bbn username password >> /auth/htpasswd
>>> cat >> /etc/docker/registry/config.yml
proxy:
  remoteurl: https://registry-1.docker.io
  username: username
  password: password
^D
>>> exit
$ docker-compose restart
```

> :warning: You cannot use it as registry+mirror at the same time.

## Client Setup

```bash
$ scp registry.easypi.pro:fig/registry/certs/domain.crt \
      /etc/docker/certs.d/registry.easypi.pro:5000/ca.crt

$ vim /etc/docker/daemon.json
{
  "registry-mirrors": [
    "https://registry.easypi.pro:5000"
  ],
  "insecure-registries": [
    "registry.easypi.pro"
  ],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "10m",
    "max-file": "3"
  }
}
                           
$ systemctl reload docker
$ docker info

$ docker pull alpine
$ docker tag alpine registry.easypi.pro:5000/alpine

$ docker login -u username -p password easypi.pro:5000
$ docker push registry.easypi.pro:5000/alpine
$ docker rmi registry.easypi.pro:5000/alpine
$ docker pull registry.easypi.pro:5000/alpine

$ curl -k -u username:password https://registry.easypi.pro:5000/v2/_catalog
$ curl -k -u username:password https://registry.easypi.pro:5000/v2/alpine/tags/list
```

> :warning: Docker will connect [insecure-registries][2] via HTTPS first (ignore TLS error), then try HTTP.

## Read More

- https://github.com/docker/distribution/blob/master/docs/deploying.md
- https://github.com/docker/distribution/blob/master/docs/insecure.md
- https://serversforhackers.com/tcp-load-balancing-with-nginx-ssl-pass-thru
- https://github.com/docker/distribution/blob/master/docs/recipes/mirror.md
- https://docs.docker.com/registry/spec/api/

[1]: https://github.com/docker/distribution
[2]: https://docs.docker.com/registry/insecure/#deploy-a-plain-http-registry
add registry 2016-06-18 08:57:59 +02:00			`registry`
			`========`

			`[Registry][1] is the Docker toolset to pack, ship, store, and deliver content.`

			`## docker-compose.yml`

			```yaml
			`registry:`
update registry 2016-08-29 02:13:48 +02:00			`image: registry:2`
add registry 2016-06-18 08:57:59 +02:00			`ports:`
			`- "5000:5000"`
			`volumes:`
registry mirror 2016-08-27 13:44:32 +02:00			`- /etc/docker/registry`
add registry 2016-06-18 08:57:59 +02:00			`- ./data:/var/lib/registry`
			`- ./certs:/certs`
			`- ./auth:/auth`
			`environment:`
update registry 2016-08-29 02:13:48 +02:00			`- REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt`
			`- REGISTRY_HTTP_TLS_KEY=/certs/domain.key`
add registry 2016-06-18 08:57:59 +02:00			`- REGISTRY_AUTH=htpasswd`
			`- REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm`
			`- REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd`
			`restart: always`
update registry 2016-08-29 02:13:48 +02:00
			`frontend:`
			`image: konradkleine/docker-registry-frontend:v2`
			`ports:`
			`- "8080:80"`
			`- "8443:443"`
			`links:`
			`- registry`
			`volume:`
			`- ./certs/domain.crt:/etc/apache2/domain.crt`
			`- ./certs/domain.key:/etc/apache2/domain.key`
			`environment:`
			`- ENV_DOCKER_REGISTRY_HOST=registry`
			`- ENV_DOCKER_REGISTRY_PORT=5000`
			`- ENV_DOCKER_REGISTRY_USE_SSL=1`
			`- ENV_USE_SSL=yes`
			`restart: always`
add registry 2016-06-18 08:57:59 +02:00			```

update registry 2016-08-29 02:13:48 +02:00			`## Server Setup`
add registry 2016-06-18 08:57:59 +02:00
			```bash
update registry 2016-08-29 02:13:48 +02:00			`$ mkdir -p ~/fig/registry/{auth,certs}`
			`$ cd ~/fig/registry`
			`$ openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt`
add registry 2016-06-18 08:57:59 +02:00			`$ docker-compose up -d`
registry mirror 2016-08-27 13:44:32 +02:00			`$ docker-compose exec registry sh`
add registry 2016-06-18 08:57:59 +02:00			`>>> htpasswd -Bbn username password >> /auth/htpasswd`
registry mirror 2016-08-27 13:44:32 +02:00			`>>> cat >> /etc/docker/registry/config.yml`
			`proxy:`
			`remoteurl: https://registry-1.docker.io`
			`username: username`
			`password: password`
			`^D`
add registry 2016-06-18 08:57:59 +02:00			`>>> exit`
registry mirror 2016-08-27 13:44:32 +02:00			`$ docker-compose restart`
update registry 2016-08-29 02:13:48 +02:00			```

update registry 2019-08-17 09:28:32 +02:00			`> :warning: You cannot use it as registry+mirror at the same time.`

update registry 2016-08-29 02:13:48 +02:00			`## Client Setup`

			```bash
update registry 2019-10-12 13:32:28 +02:00			`$ scp registry.easypi.pro:fig/registry/certs/domain.crt \`
			`/etc/docker/certs.d/registry.easypi.pro:5000/ca.crt`
update registry 2016-08-29 02:13:48 +02:00
update registry 2019-08-17 09:28:32 +02:00			`$ vim /etc/docker/daemon.json`
			`{`
			`"registry-mirrors": [`
update registry 2019-10-12 13:32:28 +02:00			`"https://registry.easypi.pro:5000"`
update registry 2019-08-17 09:28:32 +02:00			`],`
			`"insecure-registries": [`
update registry 2019-10-12 13:32:28 +02:00			`"registry.easypi.pro"`
update registry 2019-08-17 09:28:32 +02:00			`],`
			`"log-driver": "json-file",`
			`"log-opts": {`
			`"max-size": "10m",`
			`"max-file": "3"`
			`}`
			`}`
update registry 2016-08-29 02:13:48 +02:00
update registry 2019-08-17 09:28:32 +02:00			`$ systemctl reload docker`
			`$ docker info`
add registry 2016-06-18 08:57:59 +02:00
			`$ docker pull alpine`
update registry 2019-10-12 13:32:28 +02:00			`$ docker tag alpine registry.easypi.pro:5000/alpine`
add registry 2016-06-18 08:57:59 +02:00
update registry 2019-10-12 13:32:28 +02:00			`$ docker login -u username -p password easypi.pro:5000`
			`$ docker push registry.easypi.pro:5000/alpine`
			`$ docker rmi registry.easypi.pro:5000/alpine`
			`$ docker pull registry.easypi.pro:5000/alpine`
update registry 2016-08-29 02:13:48 +02:00
update registry 2019-10-12 13:32:28 +02:00			`$ curl -k -u username:password https://registry.easypi.pro:5000/v2/_catalog`
			`$ curl -k -u username:password https://registry.easypi.pro:5000/v2/alpine/tags/list`
add registry 2016-06-18 08:57:59 +02:00			```

update registry 2019-08-17 09:28:32 +02:00			`> :warning: Docker will connect [insecure-registries][2] via HTTPS first (ignore TLS error), then try HTTP.`
update registry 2016-08-29 02:13:48 +02:00
			`## Read More`
add dnsmasq-pxe 2016-06-20 15:33:42 +02:00
			`- https://github.com/docker/distribution/blob/master/docs/deploying.md`
			`- https://github.com/docker/distribution/blob/master/docs/insecure.md`
			`- https://serversforhackers.com/tcp-load-balancing-with-nginx-ssl-pass-thru`
registry mirror 2016-08-27 13:44:32 +02:00			`- https://github.com/docker/distribution/blob/master/docs/recipes/mirror.md`
update registry 2019-10-12 13:32:28 +02:00			`- https://docs.docker.com/registry/spec/api/`
add dnsmasq-pxe 2016-06-20 15:33:42 +02:00
add registry 2016-06-18 08:57:59 +02:00			`[1]: https://github.com/docker/distribution`
update registry 2019-08-17 09:28:32 +02:00			`[2]: https://docs.docker.com/registry/insecure/#deploy-a-plain-http-registry`