Shulou(Shulou.com)06/01 Report--

This article mainly introduces how to build docker registry private server, the article is very detailed, has a certain reference value, interested friends must read it!

So far, the official registry image of docker is divided into two versions, the previous version of v2 and the previous version of v2. I call it v1PowerV1 written in python, and then v2 uses the go language, and their API is also different. This article will build the above two versions of docker private server based on SSL and login authentication respectively.

Registry (v2)

Build environment: 172.16.71.52 (contos7,docker1.8)

First download the image

Docker pull resigtry:2

Create a certificate

Mkdir-p certs & & openssl req\-newkey rsa:4096-nodes-sha256-keyout certs/domain.key\-x509-days 365-out certs/domain.crt

Copy domain.crt to the specified directory. 172.16.71.52.xip.io is the domain name of the server where the private repository resides, and 5000 is the port number of registry.

Cp / certs/domain.crt / etc/docker/certs.d/172.16.71.52.xip.io:5000/ca.crt

Establish login authentication

Mkdir authdocker run-- entrypoint htpasswd registry:2-Bbn your user name and password > auth/htpasswd

Restart docker

Systemctl restart docker

Run, get up.

Docker run-d-p 5000 name registry 5000-- restart=always-- name registry\-v `pwd` / auth:/auth\-e "REGISTRY_AUTH=htpasswd"\-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm"\-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd\-v `pwd` / certs:/certs\-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt\-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key\ registry:2

Log in before using

Docker login 172.16.71.52.xip.io:5000 docker tag redis 172.16.71.52.xip.io:5000/redis docker push 172.16.71.52.xip.io:5000/redis

Check whether image has entered the private warehouse we built.

# find the externally mounted directory docker inspect-- format {{'json .Mounts'}} the image coming in from registry# push lies here quietly cd / tmp/data/docker/registry/v2/repositories

The following are considerations:

1. When creating the authentication certificate, common name should use the domain name of the machine where registry resides. My test with IP was not successful.

Before 2.docker run, make sure that port 5000 is not occupied. After starting successfully, use docker logs to see if there are any errors reported.

3.push and pull need to docker login before.

4. If you want to pass the security authentication, remember to copy the generated domain.crt to / etc/docker/certs.d/172.16.71.52.xip.io:5000/ca.crt, where 172.16.71.52.xip.io is the domain name of private server and 5000 is the external port of registry.

The api of 5.v2 has changed. If you visit v1/search, you will get an error of 404 not found. You can view the directory of private repositories through / v2/_catalog. The aip of v2 can be found here.

Referenc

Https://docs.docker.com/registry/deploying/

Https://docs.docker.com/engine/reference/commandline/inspect/

Https://docs.docker.com/registry/spec/api/

Registry (V1)

V1 version of registry is difficult to build (or maybe I didn't find an elegant way). I found a blog post using nginx for SSL and login authentication online. Thanks to the blogger, you can check it here (self-test is available).

Set up docker private network private server (docker-registry with nginx&ssl on centos)

For version reasons (docker1.8), on ssl authentication, you also need to copy the generated root certificate to the docker specified directory (as described when building V2)

Cp / etc/pki/CA/cacert.pem / etc/docker/certs.d/172.16.71.43.xip.io:5000/ca.crt

Note that you should also do the above when other hosts access the private server.

The above is all the contents of the article "how to build docker registry Private Server". Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.