您的位置:首页 > 运维架构 > Docker

docker 搭建私有仓库registry (多用户)

2017-06-15 16:13 856 查看
Docker Registry v2 + Token Auth Server (Registry v2 认证)

环境:虚拟机中的centos

1,创建目录(基于/data/目录下)

auth_server/
├── config
│   └── auth_config.yml
└── ssl
    ├── server.key
    └── server.pem

2,创建证书:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.pem

3,cd /data/auth_server/config

      vi  auth_config.yml

server:  # Server settings.
# Address to listen on.
addr: ":5001"
# TLS certificate and key.
certificate: "/ssl/server.pem"
key: "/ssl/server.key"

token:  # Settings for the tokens.
issuer: "Auth Service"  # Must match issuer in the Registry config.
expiration: 900

# Static user map.
users:
# Password is specified as a BCrypt hash. Use htpasswd -B to generate.
"admin":
password: "$2y$05$B.x046DV3bvuwFgn0I42F.W/SbRU5fUoCbCGtjFl7S33aCUHNBxbq"
"hussein":
password: "$2y$05$xN3hNmNlBIYpST7UzqwK/O5T1/JyXDGuJgKJzf4XuILmvX7L5ensa"
"": {}  # Allow anonymous (no "docker login") access.

acl:
# Admin has full access to everything.
- match: {account: "admin"}
actions: ["*"]
# User "test" has full access to ubuntu image but nothing else.
- match: {account: "hussien", name: "ubuntu"}
actions: ["*"]
- match: {account: "test"}
actions: []
# All logged in users can pull all images.
- match: {account: "/.+/",name:"{$account}/*"}
actions: ["pull"]
# Anonymous users can pull "hello-world".
- match: {account: "", name: "hello-world"}
actions: ["pull"]
# Access is denied by default.

6,
docker run -d -p 5000:5000 \
-e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry \
-e REGISTRY_AUTH=token \
-e REGISTRY_AUTH_TOKEN_REALM=https://registry.example.com:5001/auth \
-e REGISTRY_AUTH_TOKEN_SERVICE="Docker registry" \
-e REGISTRY_AUTH_TOKEN_ISSUER="Auth Service" \
-e REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/ssl/server.pem \
-v /root/auth_server/ssl:/ssl \
-v /root/docker_registry/data:/var/lib/registry \
--restart=always \
--name registry registry:2

7,即可以用设置的账户登录进去,进行push和pull。
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航