docker registry v2使用配置

registry 2

registry

registry 是针对docker 的私有docker hub 但是只提供了API方法,没有提供ui显示,不过足以。详情配置参见[github]

pull镜像

docker pull registry:2.3.1

编写docker-compose.xml

编写compose.xml 使用配置文件填写密码的方式来配置registry。

registry:
image: registry:2.3.1
restart: always
volumes:
- /mnt/data/registry:/tmp/registry
- /mnt/data/auth:/auth
ports:
- "5000:5000"
environment:
STORAGE_PATH: /tmp/registry
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm

使用registry镜像来生成htpasswd密码

新建目录/mnt/data/auth 并新建文件 htpasswd

#!/bin/bash
docker run --entrypoint htpasswd --name registry registry:2.3.1 -Bbn $1 $2 >>  htpasswd
docker rm registry

使用nginx 转发https访问registry

docker-compose.xml:

proxy:
image: jerry/nginx-proxy:latest
restart: always
volumes:
- /mnt/logs/nginx-proxy:/var/log/nginx
- /mnt/git-project/docker-custom/nginx-proxy-mine/nginx.conf:/etc/nginx/nginx.conf
- /mnt/git-project/docker-custom/nginx-proxy-mine/conf.d:/etc/nginx/conf.d
ports:
- "80:80"
- "443:443"
links:
- registry

其他配置没什么,具体看下conf.d目录下的配置,在conf.d目录下新建文件夹ssl,专门存放ssl key ,免费申请地址很多,startssl、letsencrypt

registry.conf(存放在conf.d目录):

server {
listen 443 ssl ;
server_name hostname;
ssl_certificate conf.d/ssl/registry.crt;
ssl_certificate_key conf.d/ssl/registry.key;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://registry; }
access_log  /var/log/nginx/registry.access.log  main;
error_log  /var/log/nginx/registry.error.log warn;
}
server {
listen 80;
server_name hostname;
return 301 https://$host$request_uri; }