docker registry v2使用配置

registry 2

---

registry

registry 是针对docker 的私有docker hub 但是只提供了API方法,没有提供ui显示,不过足以。详情配置参见[github]

pull镜像

docker pull registry:2.3.1

编写docker-compose.xml

编写compose.xml 使用配置文件填写密码的方式来配置registry。

registry:   image: registry:2.3.1   restart: always   volumes:      - /mnt/data/registry:/tmp/registry      - /mnt/data/auth:/auth   ports:      - "5000:5000"   environment:      STORAGE_PATH: /tmp/registry      REGISTRY_AUTH: htpasswd      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd      REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm  

使用registry镜像来生成htpasswd密码

新建目录/mnt/data/auth 并新建文件 htpasswd

#!/bin/bashdocker run --entrypoint htpasswd --name registry registry:2.3.1 -Bbn $1 $2 >>  htpasswddocker rm registry

使用nginx 转发https访问registry

docker-compose.xml:

proxy:   image: jerry/nginx-proxy:latest   restart: always   volumes:      - /mnt/logs/nginx-proxy:/var/log/nginx      - /mnt/git-project/docker-custom/nginx-proxy-mine/nginx.conf:/etc/nginx/nginx.conf      - /mnt/git-project/docker-custom/nginx-proxy-mine/conf.d:/etc/nginx/conf.d   ports:      - "80:80"      - "443:443"   links:       - registry

其他配置没什么,具体看下conf.d目录下的配置,在conf.d目录下新建文件夹ssl,专门存放ssl key ,免费申请地址很多,startssl、letsencrypt

registry.conf(存放在conf.d目录):

server {    listen 443 ssl ;    server_name hostname;    ssl_certificate conf.d/ssl/registry.crt;    ssl_certificate_key conf.d/ssl/registry.key;    location / {        proxy_redirect off;        proxy_set_header Host $host;        proxy_set_header X-Real-IP $remote_addr;        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;        proxy_pass http://registry;    }    access_log  /var/log/nginx/registry.access.log  main;    error_log  /var/log/nginx/registry.error.log warn;}server {    listen 80;    server_name hostname;    return 301 https://$host$request_uri;}