月色真美

月色真美

搭建私有Docker Registry和Browser管理

126
2024-06-28

1.安装registry

registry的yaml脚本

  docker-registry:
    image: "registry:2.8.3"
    container_name: docker-registry
    volumes:
      - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime
      # 仓库映射
      - /data/docker/registry/data:/var/lib/registry
      # 登录密钥映射
      - /data/docker/registry/auth:/auth
      # 配置映射
      - /data/docker/registry/config.yml:/etc/docker/registry/config.yml
    environment:
      REGISTRY_AUTH: htpasswd
      REGISTRY_AUTH_HTPASSWD_REALM: "Registry Realm"
      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
    networks:
      - backend
    restart: always

config.yml配置文件

version: 0.1
log:
  fields:
    service: registry
storage:
  delete:
    enabled: true
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3

2.生成登录密钥

注意:账号密码按照自己需求自行修改

docker run --rm httpd:2.4 htpasswd -Bbn root 123456 > /data/docker/registry/auth/htpasswd

3.安装docker-registry-browser

生成一个密钥

openssl rand -hex 64

docker-registry-browser的yaml脚本

  docker-registry-browser:
    image: "klausmeyer/docker-registry-browser:1.7.2"
    container_name: docker-registry-browser
    volumes:
      - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime
    environment:
      SECRET_KEY_BASE: 5018c5a5a5f8791f4e5c7a488acd6cj59453e20d62ad9dba804b57eaf58ac70f7408e176b7dfa0dbc969c33e9ae90520eb7951ae7c16d9f0ce45136360e11ee6
      DOCKER_REGISTRY_URL: http://docker-registry:5000
      NO_SSL_VERIFICATION: true
      TOKEN_AUTH_USER: root
      TOKEN_AUTH_PASSWORD: 123456
      SCRIPT_NAME: "/browser"
      RAILS_RELATIVE_URL_ROOT: "/browser"
      ENABLE_DELETE_IMAGES: true
    networks:
      - backend
    restart: always

4.配置nginx代理

nginx的server代理配置

    location /browser/ {
        proxy_pass http://docker-registry-browser:8080/;
		proxy_set_header  Host $host;
		proxy_set_header  Origin $scheme://$host;
		proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header  X-Forwarded-Proto $scheme;
		proxy_set_header  X-Forwarded-Ssl on;
		proxy_set_header  X-Forwarded-Port $server_port;
		proxy_set_header  X-Forwarded-Host $host;
    }
    
    location /v2/ {
        proxy_pass http://docker-registry:5000;
        proxy_set_header  Host $host;
		proxy_set_header  Origin $scheme://$host;
		proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header  X-Forwarded-Proto $scheme;
		proxy_set_header  X-Forwarded-Ssl on;
		proxy_set_header  X-Forwarded-Port $server_port;
		proxy_set_header  X-Forwarded-Host $host;
    }

UI效果

5.推送镜像

登录账号

docker login <domain:port>

给镜像打标签

docker tag <old_container>:<old_tag> <domain:port>/<container>:<tag>

例如:

docker tag mysql:8.0.28 hub.docker.com/mysql:8.0.28

推送镜像

docker push <domain:port>/<container>:<tag>

例如:

docker push hub.docker.com/mysql:8.0.28