Shulou(Shulou.com)05/31 Report--

Based on how to build a private Docker Registry based on BOS, many novices are not very clear about this. In order to help you solve this problem, the following editor will explain it in detail. People with this need can come and learn. I hope you can get something.

Building private Docker Registry based on BOS

As one of the core components of Docker, Docker Registry is responsible for the storage and distribution of images. Users only need to use the client of Docker to interact with Registry directly, download and upload images.

Baidu object Storage BOS (Baidu Object Storage) provides stable, secure, efficient and highly scalable storage services.

Baidu BOS storagedriver is based on the official Docker Registry source code, combined with Baidu Cloud Go language SDK: https://github.com/guoyao/baidubce-sdk-go.git, and provides a StorageDriver for Baidu Cloud BOS by implementing the storagedriver.StorageDriver interface.

Preparatory work

Please refer to the official documentation of Docker to install Docker Engine.

Download Registry image (or build an image yourself through the source code repository https://github.com/guoyao/distribution.git)

Docker pull guoyao/registry:0.6.0

Because the image is downloaded from the official Registry of Docker, the speed will be relatively slow, so you can configure domestic image acceleration.

Sign up for Baidu Cloud account, activate BOS service, and create a new Bucket in Baidu Cloud BOS console. Assume that the name of Bucket is registry-test.

Get Baidu Cloud AK / SK

Deploy private Docker Registry

Create a separate directory for Registry-related configurations

Mkdir registry & & cd registry

Create a new password for our account under the current directory (the simplest way to verify the account)

Mkdir authhtpasswd-Bbn admin 123456 > auth/htpasswd

Start Registry

Docker run-d\-v `pwd` / auth:/auth:ro\-e REGISTRY_AUTH=htpasswd\-e REGISTRY_AUTH_HTPASSWD_REALM=basic-realm\-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd\-e REGISTRY_STORAGE=bos\-e REGISTRY_STORAGE_BOS_ACCESSKEYID=Your_AK\-e REGISTRY_STORAGE_BOS_ACCESSKEYSECRET=Your_SK\ -e REGISTRY_STORAGE_BOS_REGION=bj\-e REGISTRY_STORAGE_BOS_BUCKET=registry-test\-p 5000VOL5000\-- restart=always\ guoyao/registry:0.6.0

The detailed configuration document for BOS STORAGE is here: https://github.com/guoyao/distribution/blob/release/0.6/docs/storage-drivers/bos.md

Operation Mirror

Login

Docker login localhost:5000

According to the command line prompt, enter the previously set user name: admin, password: 123456; successful login will prompt: Login Succeeded

Push

First, generate an image through Dockerfile, or modify an existing tag, such as localhost:5000/busybox

Docker push localhost:5000/busybox

After the push is successful, you can check the image on Baidu Cloud BOS console.

Pull

Docker pull localhost:5000/busybox

The above methods can only push and pull images through localhost. If you want to use the public network domain name or IP, you need to configure-insecure-registry xxx.xxx.xxx.xxx to the startup parameters of Docker Deamon, and restart Docker Deamon, otherwise an error will be reported:

Error response from daemon: Get https://xxx.xxx.xxx.xxx:5000/v1/users/: http: server gave HTTP response to HTTPS client is accessed via domain name & configure https certificate

If you do not want to configure the-insecure-registry parameter, you need to purchase a separate domain name (assuming myregistrydomain.com), apply for the https certificate for the domain name, place the certificate xxx.crt and xxx.key files in the current certs subdirectory, and then configure the certificate when starting Registry:

Docker run-d\-v `pwd` / auth:/auth:ro\-e REGISTRY_AUTH=htpasswd\-e REGISTRY_AUTH_HTPASSWD_REALM=basic-realm\-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd\-v `pwd` / certs:/certs:ro\-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/xxx.crt\-e REGISTRY _ HTTP_TLS_KEY=/certs/xxx.key\-e REGISTRY_STORAGE=bos\-e REGISTRY_STORAGE_BOS_ACCESSKEYID=Your_AK\-e REGISTRY_STORAGE_BOS_ACCESSKEYSECRET=Your_SK\-e REGISTRY_STORAGE_BOS_REGION=bj\-e REGISTRY_STORAGE_BOS_BUCKET=registry-test\-p 443Vol 5000\-- restart=always\ guoyao/registry:0.6.0

Now that we have used the https certificate, we can change the exposed port to port 443, and then we can manipulate the image directly through the domain name:

Docker login myregistrydomain.comdocker push myregistrydomain.com/busyboxdocker pull myregistrydomain.com/busybox

For more information on deploying Registry, please refer to the official document: https://docs.docker.com/registry/deploying/

Configure Nginx proxy access

To launch multiple containers, here we use docker-compose to do container choreography. First, install docker-compose (you need to use the root user to install it), as follows:

Curl-L https://github.com/docker/compose/releases/download/1.10.1/docker-compose-`uname-s`-`uname-m` > / usr/local/bin/docker-composechmod + x / usr/local/bin/docker-compose

Create a nginx master profile

Cat > auth/nginx.conf

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.