2

Docker仓库管理

 2 years ago
source link: https://chenjiehua.me/linux/simple-docker-management.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Docker仓库管理 

之前写过一篇文章《如何搭建私有的docker registry 》记录如何部署私有 docker 仓库,时隔已久,今天我们重新找了一些新的开源工具,以便更加方便地进行管理。

Docker Registry

首先,我们依旧需要进行docker仓库的搭建,参考官方文档,同时我们还使用 htpasswd 来进行简单的认证:

run_registry.sh
#!/bin/bash
set -ex
docker run -d --rm -p 5000:5000 --name docker-registry \
-v /home/ubuntu/vhost/docker:/var/lib/registry \
-v /home/ubuntu/vhost/docker/auth:/auth \
-e REGISTRY_AUTH=htpasswd \
-e REGISTRY_AUTH_HTPASSWD_REALM=RegistryRealm \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-e REGISTRY_STORAGE_DELETE_ENABLED=true \
registry:2

Registry UI

之前我们使用 docker-frontend 来作为 web 界面,不过其实并不是太好用,它只支持DOCKER REGISTRY V2,而且有些功能也不完善。

因此这一次我们将改用 craneoperator

run_registry_ui.sh
#!/bin/bash
set -ex
docker run -d --rm -p 5002:80 \
-e REGISTRY_HOST=192.168.0.1 \
-e REGISTRY_PORT=5000 \
-e REGISTRY_PROTOCOL=http \
-e SSL_VERIFY=false \
-e REGISTRY_PUBLIC_URL=docker.chenjiehua.me \
-e ALLOW_REGISTRY_LOGIN=true \
-e REGISTRY_ALLOW_DELETE=true \
-e TITLE="Docker Registry" \
parabuzzle/craneoperator:latest

Portaniner

最后,我们使用 portainer 来管理我们的 docker 实例:

run_portainer.sh
#!/bin/bash
set -ex
docker run -d --rm -p 5001:9000 \
--name portainer \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /home/ubuntu/vhost/docker/portainer:/data \
portainer/portainer

Nginx配置

我们使用 nginx 来做web server,配置docker https 访问:

nginx docker
Default
# docker
server {
listen 80;
server_name docker.chenjiehua.me;
return 301 https://$host$request_uri$is_args$args;
server {
listen 443 ssl;
index index.html index.htm;
server_name docker.chenjiehua.me;
root /var/www;
ssl on;
ssl_certificate /etc/letsencrypt/live/docker.chenjiehua.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/docker.chenjiehua.me/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
   ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
access_log /home/ubuntu/log/nginx/docker.log main;
error_log /home/ubuntu/log/nginx/docker-err.log;
client_max_body_size 512M;
# docker webui
location / {
proxy_pass http://127.0.0.1:5002;
include proxy_params;
# docker registry
location /v2 {
proxy_pass http://127.0.0.1:5000;
include proxy_params;
# docker portainer
location /web/ {
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_pass http://127.0.0.1:5001/;
location /web/api/websocket/ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:5001/api/websocket/;
     location /.well-known/acme-challenge/ {
     root /var/www;

这样子,我们就可以正常通过浏览器访问 docker 啦。


About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK