Docker Compose 部署配置和使用 Registry 私有镜像仓库
source link: https://www.ioiox.com/archives/140.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
早前本站介绍过使用docker官方registry来部署加速镜像仓库和私有镜像仓库的教程.近期由于需要使用gcr.io谷歌的镜像仓库,发现国内无法访问,于是就着手在公网搭建自己的私有镜像仓库方便使用,同时配置HTTPS和账号密码确保安全.
本文将安装部署,Push,Pull,查询,管理和删除镜像等基础功能分享给大家.
安装服务端
本文以部署至公网,开启账号密码,并配置域名反向代理为例.
命令参数过多,为方便配置参数,建议使用docker compose部署.
创建 htpasswd 账号密码
启动一个一次性容器用于创建账号密码.密码文件路径以/root/registry/htpasswd为例,账号密码以admin和12345678为例.
docker run --rm --entrypoint \
htpasswd httpd:2 -Bbn \
admin 12345678 > /root/registry/htpasswddocker-compose.yml
volumes 挂载htpasswd密码文件,数据目录,时区文件.配置文件config.yml作为高级用户可选挂载.
environment 环境变量开启认证,并开启删除镜像功能.
version: "3"
services:
registry:
image: registry:2
container_name: registry
volumes:
# - ./config.yml:/etc/docker/registry/config.yml
- ./htpasswd:/auth/htpasswd
- ./registry:/var/lib/registry
- /etc/localtime:/etc/localtime
ports:
- 5000:5000
environment:
- REGISTRY_AUTH=htpasswd
- REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
- REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm
- REGISTRY_STORAGE_DELETE_ENABLED=true
networks:
- registry
restart: always
networks:
registry:docker-compose up -d成功启动后私有镜像仓库内网地址为: 192.168.1.5:5000
由于registry在公网访问默认需使用HTTPS协议,博主使用nginx配置反向代理和证书.具体配置文件参考如下:
upstream registry {
server 172.17.0.1:5000;
}
server {
listen 80;
server_name registry.yourdomain.com;
return 301 https://registry.yourdomain.com$request_uri;
}
server {
listen 443 ssl;
server_name registry.yourdomain.com;
gzip on;
ssl_certificate /your_ssl_path/registry.yourdomain.com.crt;
ssl_certificate_key /your_ssl_path/registry.yourdomain.com.key;
location / {
proxy_redirect off;
proxy_pass http://registry;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
client_max_body_size 100m;
client_body_buffer_size 128k;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}docker login registry.yourdomain.com
# 使用上文创建的账号密码 admin 12345678 登录docker logout registry.yourdomain.com将现有镜像tag为私有仓库镜像名
docker images
# 获取现有镜像的 IMAGE ID
docker tag 102816b1ee7d registry.yourdomain.com/mysql:8.0.13Push 至私有镜像仓库
docker push registry.yourdomain.com/mysql:8.0.13docker pull registry.yourdomain.com/mysql:8.0.13查看镜像仓库清单
curl -u admin:12345678 -X GET https://registry.yourdomain.com/v2/_catalog查看镜像 tag 清单
curl -u admin:12345678 -X GET https://registry.yourdomain.com/v2/mysql/tags/list确保docker-compose.yml环境变量中开启REGISTRY_STORAGE_DELETE_ENABLED=true
获取镜像 digest hash
curl -u admin:12345678 --header "Accept: application/vnd.docker.distribution.manifest.v2+json" -I -X GET https://registry.yourdomain.com/v2/mysql/manifests/8.0.13
# 获取 digest hash 如下
sha256:45a2a291xxx223123fc03d9be551e362b460exxs56787736919baa删除镜像清单
curl -u admin:12345678 -I -X DELETE https://registry.yourdomain.com/v2/mysql/manifests/sha256:45a2a291xxx223123fc03d9be551e362b460exxs56787736919baa清理磁盘空间
docker exec registry bin/registry garbage-collect /etc/docker/registry/config.yml手动删除目录
完成上述操作后还可以删除存储目录中的空目录文件,如不删除依旧可以被上述查看镜像仓库的命令查询到结果.
依照上文示例,挂载存储目录路径如下:
更多信息请参考官方文档
本站提供免费和付费的技术支持.你可以通过留言,邮件,TG群的方式来技术交流和免费咨询.同时也可以付费支持的方式获得相关的技术支持,项目部署配置等服务.具体相关详情请点击查看 技术支持页面
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK