Dockerfile 构建私有 registry

Question

一、启动 registry

docker run -d -p 5000:5000 --restart=always --name registry -v /opt/registry:/var/lib/registry registry

--restart=always只要docker启动容器就也自动启动
// 还可以："live-restore":true
docker server配置文件/etc/docker/daemon.json参考
{
......
......
"live-restore":true
}

二、修改配置文件

vim /etc/docker/daemon.json

{
    "registry-mirrors":["https://68rmyzg7.mirror.aliyuncs.com"],
    "insecure-registries":["10.0.0.100:5000"]
}

systemctl restart docker

三、上传镜像

上传的镜像需要符合以下格式：10.0.0.100:5000/yaok/nginx:v1

//将nginx镜像上传
docker tag nginx:latest 10.0.0.100:5000/yaok/nginx:v1
docker push 10.0.0.100:5000/yaok/nginx:v1

//之后其他机器就可以docker pull镜像
docker pull 10.0.0.100:5000/yaok/nginx:v1

四、本地仓库加安全认证

生成密码:
yum install httpd-tools -y
mkdir -p /opt/registry-auth/
htpasswd -Bbn yaok 123 > /opt/registry-auth/htpasswd

//重新启动带有秘钥功能的registry容器
docker rm -f `docker ps -aq`
docker run -d -p 5000:5000 --restart=always --name registry-auth -v /opt/registry-auth/:/auth/ -v /opt/registry:/var/lib/registry -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" registry

//以后push的时候就需要密码了
docker login 10.0.0.100:500
Username: yaok
Password: 123