mirror of
https://github.com/vimagick/dockerfiles.git
synced 2024-12-23 01:39:27 +02:00
110 lines
2.9 KiB
Markdown
110 lines
2.9 KiB
Markdown
registry
|
|
========
|
|
|
|
[Registry][1] is the Docker toolset to pack, ship, store, and deliver content.
|
|
|
|
## docker-compose.yml
|
|
|
|
```yaml
|
|
version: "3.8"
|
|
services:
|
|
registry:
|
|
image: registry:2
|
|
ports:
|
|
- "5000:5000"
|
|
volumes:
|
|
- /etc/docker/registry
|
|
- ./data:/var/lib/registry
|
|
- ./certs:/certs
|
|
- ./auth:/auth
|
|
environment:
|
|
- REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt
|
|
- REGISTRY_HTTP_TLS_KEY=/certs/domain.key
|
|
- REGISTRY_AUTH=htpasswd
|
|
- REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm
|
|
- REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
|
|
restart: unless-stopped
|
|
|
|
webui:
|
|
image: joxit/docker-registry-ui:2
|
|
ports:
|
|
- "5080:80"
|
|
environment:
|
|
- NGINX_PROXY_PASS_URL=http://registry:5000
|
|
- REGISTRY_TITLE=EasyPi Docker Registry
|
|
- DELETE_IMAGES=true
|
|
depends_on:
|
|
- registry
|
|
restart: unless-stopped
|
|
```
|
|
|
|
## Server Setup
|
|
|
|
```bash
|
|
$ mkdir -p ~/fig/registry/{auth,certs}
|
|
$ cd ~/fig/registry
|
|
$ openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt
|
|
$ docker-compose up -d
|
|
$ docker-compose exec registry sh
|
|
>>> htpasswd -Bbn username password >> /auth/htpasswd
|
|
>>> cat >> /etc/docker/registry/config.yml
|
|
proxy:
|
|
remoteurl: https://registry-1.docker.io
|
|
username: username
|
|
password: password
|
|
^D
|
|
>>> exit
|
|
$ docker-compose restart
|
|
```
|
|
|
|
> :warning: You cannot use it as registry+mirror at the same time.
|
|
|
|
## Client Setup
|
|
|
|
```bash
|
|
$ scp registry.easypi.pro:fig/registry/certs/domain.crt \
|
|
/etc/docker/certs.d/registry.easypi.pro:5000/ca.crt
|
|
|
|
$ vim /etc/docker/daemon.json
|
|
{
|
|
"registry-mirrors": [
|
|
"https://registry.easypi.pro:5000"
|
|
],
|
|
"insecure-registries": [
|
|
"registry.easypi.pro"
|
|
],
|
|
"log-driver": "json-file",
|
|
"log-opts": {
|
|
"max-size": "10m",
|
|
"max-file": "3"
|
|
}
|
|
}
|
|
|
|
$ systemctl reload docker
|
|
$ docker info
|
|
|
|
$ docker pull alpine
|
|
$ docker tag alpine registry.easypi.pro:5000/alpine
|
|
|
|
$ docker login -u username -p password easypi.pro:5000
|
|
$ docker push registry.easypi.pro:5000/alpine
|
|
$ docker rmi registry.easypi.pro:5000/alpine
|
|
$ docker pull registry.easypi.pro:5000/alpine
|
|
|
|
$ curl -k -u username:password https://registry.easypi.pro:5000/v2/_catalog
|
|
$ curl -k -u username:password https://registry.easypi.pro:5000/v2/alpine/tags/list
|
|
```
|
|
|
|
> :warning: Docker will connect [insecure-registries][2] via HTTPS first (ignore TLS error), then try HTTP.
|
|
|
|
## Read More
|
|
|
|
- https://github.com/docker/distribution/blob/master/docs/deploying.md
|
|
- https://github.com/docker/distribution/blob/master/docs/insecure.md
|
|
- https://serversforhackers.com/tcp-load-balancing-with-nginx-ssl-pass-thru
|
|
- https://github.com/docker/distribution/blob/master/docs/recipes/mirror.md
|
|
- https://docs.docker.com/registry/spec/api/
|
|
|
|
[1]: https://github.com/docker/distribution
|
|
[2]: https://docs.docker.com/registry/insecure/#deploy-a-plain-http-registry
|