registry 2
registry
registry 是針對docker 的私有docker hub 但是隻提供了API方法,沒有提供ui顯示,不過足以。詳情配置參見[github]
pull鏡像
docker pull registry:2.3.1
編寫docker-compose.xml
編寫compose.xml 使用配置文件填寫密碼的方式來配置registry。
registry:
image: registry:2.3.1
restart: always
volumes:
- /mnt/data/registry:/tmp/registry
- /mnt/data/auth:/auth
ports:
- "5000:5000"
environment:
STORAGE_PATH: /tmp/registry
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
使用registry鏡像來生成htpasswd密碼
新建目錄/mnt/data/auth 並新建文件 htpasswd
#!/bin/bash
docker run --entrypoint htpasswd --name registry registry:2.3.1 -Bbn $1 $2 >> htpasswd
docker rm registry
使用nginx 轉發https訪問registry
docker-compose.xml:
proxy:
image: jerry/nginx-proxy:latest
restart: always
volumes:
- /mnt/logs/nginx-proxy:/var/log/nginx
- /mnt/git-project/docker-custom/nginx-proxy-mine/nginx.conf:/etc/nginx/nginx.conf
- /mnt/git-project/docker-custom/nginx-proxy-mine/conf.d:/etc/nginx/conf.d
ports:
- "80:80"
- "443:443"
links:
- registry
其他配置沒什麼,具體看下conf.d目錄下的配置,在conf.d目錄下新建文件夾ssl,專門存放ssl key ,免費申請地址很多,startssl、letsencrypt
registry.conf(存放在conf.d目錄):
server {
listen 443 ssl ;
server_name hostname;
ssl_certificate conf.d/ssl/registry.crt;
ssl_certificate_key conf.d/ssl/registry.key;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://registry;
}
access_log /var/log/nginx/registry.access.log main;
error_log /var/log/nginx/registry.error.log warn;
}
server {
listen 80;
server_name hostname;
return 301 https://$host$request_uri;
}