Docker - 搭建私有倉庫（本地鏡像註冊中心，registry）

通過官方Docker Registry在局域網內部搭建私有鏡像註冊中心.

1 - 拉取registry鏡像

[anliven@anliven ~]$ cat /etc/system-release  # 本機系統版本
CentOS Linux release 7.8.2003 (Core)
[anliven@anliven ~]$
[anliven@anliven ~]$ ip addr show |grep "192.168.56."  # 本機地址
    inet 192.168.56.102/24 brd 192.168.56.255 scope global noprefixroute dynamic enp0s8
[anliven@anliven ~]$
[anliven@anliven ~]$ docker pull registry
Using default tag: latest
latest: Pulling from library/registry
9b794450f7b6: Pull complete
6ba25693af03: Pull complete
9eb68e7589ff: Pull complete
6cf77150f665: Pull complete
339e0c26c7cc: Pull complete
Digest: sha256:5bb9b919833aa955dfe1d1121cc038330b025ec6506ce47066c9192927e3dc3d
Status: Downloaded newer image for registry:latest
docker.io/library/registry:latest
[anliven@anliven ~]$
[anliven@anliven ~]$ docker images |grep registry
registry                                                            latest              ee34aa9d8ab2        12 days ago         26.2MB
[anliven@anliven ~]$

2 - 啓動registry容器

[anliven@anliven ~]$ sudo mkdir /local-registry
[anliven@anliven ~]$ ls -l / |grep local
drwxr-xr-x    2 root root    6 Apr 14 05:32 local-registry
[anliven@anliven ~]$ 
[anliven@anliven ~]$ docker run -d --name local-registry --restart=always  -p 5000:5000 -v /local-registry:/var/lib/registry registry:latest
5a7ec6db4b2f1987d2ae8355af6fbc887f64b8111efa8f2e2a42c95f8e77bae5
[anliven@anliven ~]$
[anliven@anliven ~]$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
5a7ec6db4b2f        registry:latest     "/entrypoint.sh /etc…"   8 seconds ago       Up 6 seconds        0.0.0.0:5000->5000/tcp   local-registry
[anliven@anliven ~]$
[anliven@anliven ~]$ sudo netstat -anpt |grep 5000
tcp6       0      0 :::5000                 :::*                    LISTEN      13895/docker-proxy
[anliven@anliven ~]$

瀏覽器打開localhost:5000/v2/， 或者命令行執行curl -v localhost:5000/v2/, 驗證本地registry是否運行正常

[anliven@anliven ~]$ curl -v localhost:5000/v2/  # 驗證本地registry是否運行正常
* About to connect() to localhost port 5000 (#0)
*   Trying ::1...
* Connected to localhost (::1) port 5000 (#0)
> GET /v2/ HTTP/1.1
> User-Agent: curl/7.29.0
> Host: localhost:5000
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Length: 2
< Content-Type: application/json; charset=utf-8
< Docker-Distribution-Api-Version: registry/2.0
< X-Content-Type-Options: nosniff
< Date: Wed, 14 Apr 2021 09:55:28 GMT
<
* Connection #0 to host localhost left intact
{}[anliven@anliven ~]$
[anliven@anliven ~]$
[anliven@anliven ~]$ curl localhost:5000/v2/_catalog  # 查看本地registry的鏡像
{"repositories":[]}
[anliven@anliven ~]$ curl 192.168.56.102:5000/v2/_catalog  # 使用ip
{"repositories":[]}
[anliven@anliven ~]$ 

3 - 推送鏡像到本地註冊中心（registry）

[anliven@anliven ~]$ docker images |grep ubuntu
ubuntu                                                              latest              4e2eef94cd6b        7 months ago        73.9MB
[anliven@anliven ~]$
[anliven@anliven ~]$ docker tag ubuntu localhost:5000/ubuntu   # 更改鏡像名稱
[anliven@anliven ~]$ docker images |grep ubuntu
ubuntu                                                              latest              4e2eef94cd6b        7 months ago        73.9MB
localhost:5000/ubuntu                                               latest              4e2eef94cd6b        7 months ago        73.9MB
[anliven@anliven ~]$
[anliven@anliven ~]$ docker push localhost:5000/ubuntu  # 推送鏡像到本地註冊中心
The push refers to repository [localhost:5000/ubuntu]
a4399aeb9a0e: Pushed
35a91a75d24b: Pushed
ad44aa179b33: Pushed
2ce3c188c38d: Pushed
latest: digest: sha256:6f2fb2f9fb5582f8b587837afd6ea8f37d8d1d9e41168c90f410a6ef15fa8ce5 size: 1152
[anliven@anliven ~]$
[anliven@anliven ~]$ docker images |grep ubuntu
ubuntu                                                              latest              4e2eef94cd6b        7 months ago        73.9MB
localhost:5000/ubuntu                                               latest              4e2eef94cd6b        7 months ago        73.9MB
[anliven@anliven ~]$
[anliven@anliven ~]$ curl localhost:5000/v2/_catalog  # 查看本地registry的鏡像
{"repositories":["ubuntu"]}
[anliven@anliven ~]$
[anliven@anliven ~]$ curl localhost:5000/v2/ubuntu/tags/list  # 查看本地registry中鏡像的詳細信息
{"name":"ubuntu","tags":["latest"]}
[anliven@anliven ~]$
[anliven@anliven ~]$ curl 192.168.56.102:5000/v2/ubuntu/tags/list
{"name":"ubuntu","tags":["latest"]}
anliven@anliven ~]$ 
[anliven@anliven ~]$ tree -L 3 /local-registry/docker/registry/v2/repositories/ubuntu/
/local-registry/docker/registry/v2/repositories/ubuntu/
├── _layers
│   └── sha256
│       ├── 46d371e02073acecf750a166495a63358517af793de739a51b680c973fae8fb9
│       ├── 4e2eef94cd6b93dd4d794c18b45c763f72edc22858e0da5b6e63a4566a54c03c
│       ├── 54ee1f796a1e650627269605cb8e6a596b77b324e6f0a1e4443dc41def0e58a6
│       ├── b66c17bbf772fa072c280b10fe87bc999420042b5fce5b111db38b4fe7c40b49
│       └── f7bfea53ad120b47cea5488f0b8331e737a97b33003517b0bd05e83925b578f0
├── _manifests
│   ├── revisions
│   │   └── sha256
│   └── tags
│       └── latest
└── _uploads

13 directories, 0 files
[anliven@anliven ~]$

4 - 拉取本地註冊中心（registry）中的鏡像

[anliven@anliven ~]$ cat /etc/docker/daemon.json
{
  "registry-mirrors": ["https://t5t8q6wn.mirror.aliyuncs.com"]
}
[anliven@anliven ~]$ 
[anliven@anliven ~]$ sudo vim /etc/docker/daemon.json  # 增加insecure-registries
[anliven@anliven ~]$ cat /etc/docker/daemon.json
{
  "registry-mirrors": ["https://t5t8q6wn.mirror.aliyuncs.com"],"insecure-registries": ["192.168.56.102:5000"]
}
[anliven@anliven ~]$
[anliven@anliven ~]$ sudo systemctl daemon-reload
[anliven@anliven ~]$ sudo systemctl restart docker
[anliven@anliven ~]$
[anliven@anliven ~]$ docker pull 192.168.56.102:5000/ubuntu
Using default tag: latest
latest: Pulling from ubuntu
Digest: sha256:6f2fb2f9fb5582f8b587837afd6ea8f37d8d1d9e41168c90f410a6ef15fa8ce5
Status: Downloaded newer image for 192.168.56.102:5000/ubuntu:latest
192.168.56.102:5000/ubuntu:latest
[anliven@anliven ~]$
[anliven@anliven ~]$ docker images |grep ubuntu
ubuntu                                                              latest              4e2eef94cd6b        7 months ago        73.9MB
localhost:5000/ubuntu                                               latest              4e2eef94cd6b        7 months ago        73.9MB
192.168.56.102:5000/ubuntu                                          latest              4e2eef94cd6b        7 months ago        73.9MB
[anliven@anliven ~]$

5 - 在其他主機拉取本地註冊中心（registry）中的鏡像

anliven@anliven:~$ lsb_release -a  # 系統版本
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 18.04.3 LTS
Release:        18.04
Codename:       bionic
anliven@anliven:~$
anliven@anliven:~$ ip addr show |grep "192.168.56"  # 主機地址
    inet 192.168.56.101/24 brd 192.168.56.255 scope global dynamic noprefixroute enp0s8
anliven@anliven:~$
anliven@anliven:~$ sudo vim /etc/docker/daemon.json  # 增加insecure-registries
anliven@anliven:~$ cat /etc/docker/daemon.json
{
  "registry-mirrors": ["https://t5t8q6wn.mirror.aliyuncs.com"],"insecure-registries": ["192.168.56.102:5000"]
}
anliven@anliven:~$ sudo systemctl daemon-reload
anliven@anliven:~$ sudo systemctl restart docker
anliven@anliven:~$
anliven@anliven:~$ curl 192.168.56.102:5000/v2/_catalog
{"repositories":["ubuntu"]}
anliven@anliven:~$
anliven@anliven:~$ docker pull 192.168.56.102:5000/ubuntu  # 拉取本地註冊中心（registry）中的鏡像
Using default tag: latest
latest: Pulling from ubuntu
54ee1f796a1e: Pull complete
f7bfea53ad12: Pull complete
46d371e02073: Pull complete
b66c17bbf772: Pull complete
Digest: sha256:6f2fb2f9fb5582f8b587837afd6ea8f37d8d1d9e41168c90f410a6ef15fa8ce5
Status: Downloaded newer image for 192.168.56.102:5000/ubuntu:latest
192.168.56.102:5000/ubuntu:latest
anliven@anliven:~$
anliven@anliven:~$ docker images |grep ubuntu
192.168.56.102:5000/ubuntu    latest              4e2eef94cd6b        7 months ago        73.9MB
anliven@anliven:~$

問題處理: "http: server gave HTTP response to HTTPS client"

問題現象

[anliven@anliven ~]$ docker pull 192.168.56.102:5000/ubuntu
Using default tag: latest
Error response from daemon: Get https://192.168.56.102:5000/v2/: http: server gave HTTP response to HTTPS client
[anliven@anliven ~]$

處理方法

[anliven@anliven ~]$ cat /etc/docker/daemon.json
{
  "registry-mirrors": ["https://t5t8q6wn.mirror.aliyuncs.com"]
}
[anliven@anliven ~]$ 
[anliven@anliven ~]$ sudo vim /etc/docker/daemon.json  # 增加insecure-registries
[anliven@anliven ~]$ cat /etc/docker/daemon.json
{
  "registry-mirrors": ["https://t5t8q6wn.mirror.aliyuncs.com"],"insecure-registries": ["192.168.56.102:5000"]
}
[anliven@anliven ~]$