# 1. 搭建本地倉庫 鏡像的結構 `${registry_name}/${repository_name}/${image_name}:${tag_name}` 倉庫名（ip:port）/個人倉庫名/鏡像名:標簽 **1.拉取鏡像:** ~~~ docker pull registry ~~~ ``` [root@bogon html]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE registry latest 1fd8e1b0bb7e 2 weeks ago 26.2MB ``` **2.創建宿主機儲存目錄【/opt/data/registry】:** ``` mkdir?-p /opt/data/registry ``` **3. 創建本地倉庫容器：** ``` docker run -d -p 5000:5000 -v?/opt/data/registry:/var/lib/registry?--name private_registry registry ``` **4.配置https權限支持：** `vim /etc/docker/daemon.json` 　內容：　 ``` {??"insecure-registries":["192.168.56.10:5000"]?} ``` 指定主機的ip端口或者域名 **4.重啟docker服務,重啟registry服務** ``` //重啟容器 systemctl? restart docker ``` **5. 上傳鏡像** ``` docker tag nginx 192.168.56.10:5000/tuna/nginx:v1 docker push 192.168.56.10:5000/tuna/nginx:v1 ``` **6. 拉取鏡像** ``` [root@bogon html]# docker pull 192.168.56.10:5000/tuna/nginx:v1 v1: Pulling from tuna/nginx Digest: sha256:42bba58a1c5a6e2039af02302ba06ee66c446e9547cbfb0da33f4267638cdb53 Status: Image is up to date for 192.168.56.10:5000/tuna/nginx:v1 192.168.56.10:5000/tuna/nginx:v1 [root@bogon html]# [root@bogon html]# [root@bogon html]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE registry latest 1fd8e1b0bb7e 2 weeks ago 26.2MB 192.168.56.10:5000/tuna/nginx v1 62d49f9bab67 2 weeks ago 133MB nginx latest 62d49f9bab67 2 weeks ago 133MB ``` 查詢鏡像列表 ``` curl http://192.168.56.10:5000/v2/_catalog {"repositories":["tuna/nginx"]} curl http://192.168.56.10:5000/v2/tuna/nginx/tags/list {"name":"tuna/nginx","tags":["v1"]} ``` 倉庫認證 ## 設置私有倉庫的用戶認證 > 私有倉庫搭建以后其他所有客戶端均可以push、pull， docker官方提供認證方法對docker倉庫進行權限保護 刪除原啟動的docker容器 1. 創建保存賬號密碼的文件 ~~~ mkdir /opt/data/auth docker run --entrypoint htpasswd registry -Bbn username userpasswd > auth/htpasswd ~~~ 重新啟動容器 ~~~ docker run -d -p 5000:5000 --restart=always --name docker-hub \ -v /opt/data/registry:/var/lib/registry \ -v /opt/data/auth:/auth \ -e "REGISTRY_AUTH=htpasswd" \ -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \ -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \ registry ~~~ 現在客戶端再pull、push會提示報錯，無法提交。需要登錄私有倉庫 登錄：docker login -u username -p userpasswd 172.16.77.71:5000 退出：docker logout 172.16.77.71:5000 認證以后無法直接在服務器查看 curl 172.16.77.71:5000/v2/\_catalog倉庫的鏡像，會出現報錯，但是可以用瀏覽器訪問（界面不友好，能看到信息很少） # 2. 搭建web界面 ``` docker pull hyper/docker-registry-web ``` vim web-config.yml ``` registry: # Docker registry url url: 'http://192.168.56.10:5000/v2' # web registry context path # empty string for root context, /app to make web registry accessible on http://host/app context_path: '' # Trust any SSL certificate when connecting to registry trust_any_ssl: false # base64 encoded token for basic authentication basic_auth: '' # To allow image delete, should be false readonly: true # Docker registry fqdn name: 'localhost:5000' # Authentication settings auth: # Enable authentication enabled: false ``` 啟動 ``` docker run -d --name registry-web3 --restart=always -p 8000:8080 -v /root/config.yml:/conf/config.yml hyper/docker-registry-web ```