环境准备
安装 Docker:确保在你的服务器上已经安装了 Docker。如果没有安装,可以参考官方文档 安装 Docker。
sudo apt update
sudo apt install docker.io
sudo systemctl start docker
sudo systemctl enable docker
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": [
"https://dockerproxy.com",
"https://docker.mirrors.ustc.edu.cn",
"https://docker.nju.edu.cn"
]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker创建 htpasswd 账号密码
启动一个一次性容器用于创建账号密码.密码文件路径为/opt/registry/htpasswd, 账号admin密码admin123
docker run --rm --entrypoint \
htpasswd httpd:2 -Bbn \
admin admin123 > /opt/registry/htpasswd搭建 Docker Registry
拉取 Docker Registry 镜像:
docker pull registry:2创建存储目录
sudo mkdir -p /opt/registry/data
创建一个 docker-compose.yml 文件,运行 Docker Registry 容器:
version: '3.1'
services:
registry:
image: registry:2
ports:
- 5000:5000
restart: always
volumes:
- ./opt/registry/htpasswd:/auth/htpasswd
- /opt/registry/data:/var/lib/registry
- /etc/localtime:/etc/localtime
environment:
- REGISTRY_AUTH=htpasswd
- REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
- REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm
- REGISTRY_STORAGE_DELETE_ENABLED=true
networks:
- registry
restart: always
networks:
registry:运行
docker-compose up -d这将启动一个 Docker Registry 实例,默认监听在 5000 端口,挂载卷来持久化镜像数据。
配置 Nginx
server {
listen 443;
server_name your-registry-domain;
ssl_certificate /etc/nginx/ssl/certificate.crt;
ssl_certificate_key /etc/nginx/ssl/private.key;
location / {
proxy_redirect off;
proxy_pass 127.0.0.1:5000;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
client_max_body_size 2048m;
client_body_buffer_size 128k;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}
server {
listen 80;
server_name your-registry-domain;
return 301 https://$host$request_uri;
}使用 Docker Registry
登录
docker login your-registry-domain退出
docker logout your-registry-domain标记和推送镜像:
docker images
# 获取现有镜像的 IMAGE ID
docker tag a16ccc8418ab your-registry-domain/your-image:tag
docker push your-registry-domain/your-image:tag
# 标记
docker tag your-image:tag your-registry-domain/your-image:tag
docker push your-registry-domain/your-image:tag从私有仓库拉取镜像:
docker pull your-registry-domain/your-image:tag查看镜像仓库清单
curl -u admin:admin123 -X GET https://your-registry-domain/v2/_catalog
查看镜像 tag 清单
curl -u admin:admin123 -X GET https://your-registry-domain/v2/mysql/tags/list删除镜像
curl -u admin:admin123 --header "Accept: application/vnd.docker.distribution.manifest.v2+json" -I -X GET https://your-registry-domain/v2/*/manifests/*
# 获取 digest hash 如下
sha256:******
#删除
curl -u admin:admin123 -I -X DELETE https://your-registry-domain/v2/*/manifests/sha256:*****
参考文章:
Docker Compose 部署配置和使用 Registry 私有镜像仓库 – 思有云 – IOIOX