如何创建私有Docker Registry

Registry 服务器创建和设置

创建本地仓库目录

1
2
mkdir -p /opt/dorker/registry
cd /opt/dorker/registry

创建登录账号和密码

生成证书

在 Common Name 提示时填入 mydockerhub.com, 根据实际情况设置, 其余字段可按回车跳过,不设置

1
2
3
mkdir -p certs
openssl req -newkey rsa:2048 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt
# Common Name (e.g. server FQDN or YOUR name) []:mydockerhub.com

在 Docker 客户端设置 hosts

1
2
3
4
5
ifconfig eth0|grep inet
# inet addr:10.121.1.198 Bcast:10.121.1.255 Mask:255.255.255.0

grep mydockerhub /etc/hosts
#10.121.1.198 mydockerhub.com

创建密码

设置Registry账号为 testuser, 密码为 testpassword, 根据实际情况设置

1
2
mkdir -p auth
docker run --entrypoint htpasswd registry:2 -Bbn testuser testpassword > auth/htpasswd

更新秘钥

1
2
3
sudo mkdir -p /etc/docker/certs.d/mydockerhub.com:5000
sudo cp certs/domain.crt /etc/docker/certs.d/mydockerhub.com:5000/ca.crt
sudo service docker restart

启动 Registry 服务

1
2
3
4
5
6
7
8
9
10
11
12
13
docker run -d \
-p 5000:5000 \
--restart=always \
--name registry \
-v /opt/docker/registry:/var/lib/registry \
-v "$(pwd)"/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-v "$(pwd)"/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
registry:2

测试 Registry

登录

1
2
3
4
5
6
7
8
docker login mydockerhub.com:5000
#Username: testuser
#Password:
#WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
#Configure a credential helper to remove this warning. See
#https://docs.docker.com/engine/reference/commandline/login/#credentials-store

#Login Succeeded

推送镜像到私有 Registry

1
2
3
4
5
6
7
8
9
10
11
docker pull busybox
docker tag busybox:latest mydockerhub.com:5000/tonybai/busybox:latest
docker push mydockerhub.com:5000/tonybai/busybox
#The push refers to repository [mydockerhub.com:5000/tonybai/busybox]
#683f499823be: Pushed
#latest: digest: sha256:bbb143159af9eabdf45511fd5aab4fd2475d4c0e7fd4a5e154b98e838488e510 size: 527

docker image remove busybox
docker image remove mydockerhub.com:5000/tonybai/busybox:latest
docker pull mydockerhub.com:5000/tonybai/busybox:latest

启动 Registry Browser, 可以在浏览器浏览 Registry 中镜像列表

使用如下命令启动后,在Web访问 http://10.121.1.198:8080

1
2
3
4
5
6
7
8
9
10
11
12
13
cat hosts
#127.0.0.1 localhost
#10.121.1.198 mydockerhub.com

docker run -d \
--name registry-browser \
-p 8080:8080 \
-e DOCKER_REGISTRY_URL=https://mydockerhub.com:5000 \
-e BASIC_AUTH_USER=testuser \
-e BASIC_AUTH_PASSWORD=testpassword \
-e NO_SSL_VERIFICATION=true \
-v $PWD/hosts:/etc/hosts \
klausmeyer/docker-registry-browser

停止和删除 Registry

如果想重新创建 Registry,可以通过下面的命令停止和删除

docker container stop registry && docker container rm -v registry