docker 搭建私有仓库registry （多用户）

Docker Registry v2 + Token Auth Server （Registry v2 认证）

环境：虚拟机中的centos

1，创建目录(基于/data/目录下)

auth_server/├── config│   └── auth_config.yml└── ssl    ├── server.key    └── server.pem

2，创建证书：

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.pem

3，cd /data/auth_server/config

      vi  auth_config.yml

server:  # Server settings.  # Address to listen on.  addr: ":5001"  # TLS certificate and key.  certificate: "/ssl/server.pem"  key: "/ssl/server.key"token:  # Settings for the tokens.  issuer: "Auth Service"  # Must match issuer in the Registry config.  expiration: 900# Static user map. users:  # Password is specified as a BCrypt hash. Use htpasswd -B to generate.  "admin":    password: "$2y$05$B.x046DV3bvuwFgn0I42F.W/SbRU5fUoCbCGtjFl7S33aCUHNBxbq"  "hussein":    password: "$2y$05$xN3hNmNlBIYpST7UzqwK/O5T1/JyXDGuJgKJzf4XuILmvX7L5ensa"  "": {}  # Allow anonymous (no "docker login") access.acl:  # Admin has full access to everything.  - match: {account: "admin"}    actions: ["*"]  # User "test" has full access to ubuntu image but nothing else.  - match: {account: "hussien", name: "ubuntu"}    actions: ["*"]  - match: {account: "test"}    actions: []  # All logged in users can pull all images.  - match: {account: "/.+/"，name:"{$account}/*"}    actions: ["pull"]  # Anonymous users can pull "hello-world".  - match: {account: "", name: "hello-world"}    actions: ["pull"]  # Access is denied by default.

6,

docker run -d -p 5000:5000 \-e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry \-e REGISTRY_AUTH=token \-e REGISTRY_AUTH_TOKEN_REALM=https://registry.example.com:5001/auth \-e REGISTRY_AUTH_TOKEN_SERVICE="Docker registry" \-e REGISTRY_AUTH_TOKEN_ISSUER="Auth Service" \-e REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/ssl/server.pem \-v /root/auth_server/ssl:/ssl \-v /root/docker_registry/data:/var/lib/registry \--restart=always \--name registry registry:2

7,即可以用设置的账户登录进去，进行push和pull。