Docker Registry 搭建自己的私有 Docker 镜像仓库

环境准备

安装 Docker:确保在你的服务器上已经安装了 Docker。如果没有安装,可以参考官方文档 安装 Docker

sudo apt update
sudo apt install docker.io
sudo systemctl start docker
sudo systemctl enable docker

sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
    "registry-mirrors": [
        "https://dockerproxy.com",
        "https://docker.mirrors.ustc.edu.cn",
        "https://docker.nju.edu.cn"
    ]
}
EOF

sudo systemctl daemon-reload
sudo systemctl restart docker

创建 htpasswd 账号密码

启动一个一次性容器用于创建账号密码.密码文件路径为/opt/registry/htpasswd, 账号admin密码admin123

docker run --rm --entrypoint \
    htpasswd httpd:2 -Bbn \
    admin admin123 > /opt/registry/htpasswd

搭建 Docker Registry

拉取 Docker Registry 镜像:

docker pull registry:2

创建存储目录

sudo mkdir -p /opt/registry/data


创建一个 docker-compose.yml 文件,运行 Docker Registry 容器:

version: '3.1'

services:
  registry:
    image: registry:2
    ports:
      - 5000:5000
    restart: always
    volumes:
      - ./opt/registry/htpasswd:/auth/htpasswd
      - /opt/registry/data:/var/lib/registry
      - /etc/localtime:/etc/localtime
    environment:
      - REGISTRY_AUTH=htpasswd
      - REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
      - REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm
      - REGISTRY_STORAGE_DELETE_ENABLED=true
    networks:
      - registry
    restart: always
networks:
  registry:

运行

docker-compose up -d

这将启动一个 Docker Registry 实例,默认监听在 5000 端口,挂载卷来持久化镜像数据。

配置 Nginx

server {
    listen 443;
    server_name your-registry-domain;
    ssl_certificate /etc/nginx/ssl/certificate.crt;
    ssl_certificate_key /etc/nginx/ssl/private.key;

    location / {
        proxy_redirect off;
        proxy_pass 127.0.0.1:5000;
        
        proxy_set_header  Host                $http_host;
        proxy_set_header  X-Real-IP           $remote_addr;
        proxy_set_header  X-Forwarded-Ssl     on;
        proxy_set_header  X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header  X-Forwarded-Proto   $scheme;
        proxy_set_header  X-Frame-Options     SAMEORIGIN;

        client_max_body_size        2048m;
        client_body_buffer_size     128k;

        proxy_buffer_size           4k;
        proxy_buffers               4 32k;
        proxy_busy_buffers_size     64k;
        proxy_temp_file_write_size  64k;
    }
}

server {
    listen 80;
    server_name your-registry-domain;
    return 301 https://$host$request_uri;
}

使用 Docker Registry

登录

docker login your-registry-domain

退出

docker logout your-registry-domain

标记和推送镜像:

docker images
# 获取现有镜像的 IMAGE ID
docker tag a16ccc8418ab your-registry-domain/your-image:tag
docker push your-registry-domain/your-image:tag
# 标记
docker tag your-image:tag your-registry-domain/your-image:tag
docker push your-registry-domain/your-image:tag

从私有仓库拉取镜像:

docker pull your-registry-domain/your-image:tag

查看镜像仓库清单

curl -u admin:admin123 -X GET https://your-registry-domain/v2/_catalog

查看镜像 tag 清单

curl -u admin:admin123 -X GET https://your-registry-domain/v2/mysql/tags/list

删除镜像

curl -u admin:admin123 --header "Accept: application/vnd.docker.distribution.manifest.v2+json" -I -X GET https://your-registry-domain/v2/*/manifests/*
# 获取 digest hash 如下
sha256:******

#删除
curl -u admin:admin123 -I -X DELETE https://your-registry-domain/v2/*/manifests/sha256:*****

参考文章:

Docker Compose 部署配置和使用 Registry 私有镜像仓库 – 思有云 – IOIOX

发表评论