搭建带web页面和访问认证的docker私有仓库
创建证书文件夹
mkdir -p /opt/docker/registry/certs
创建registry登录用户配置文件文件夹
mkdir -p /opt/docker/registry/auth
生成ssl证书
openssl req -newkey rsa:4096 -nodes -sha256 \
-keyout /opt/docker/registry/certs/devops-registry.key \
-x509 -days 365 \
-out /opt/docker/registry/certs/devops-registry.crt
创建私有仓库用户
wisedu wisedutest
就是账号和密码了
docker run --entrypoint htpasswd registry:2 -Bbn wisedu wisedutest > /opt/docker/registry/auth/htpasswd
启动私有仓库
docker run -dit -p 5000:5000 --restart=always --name devops-registry \
-v /opt/docker/registry/auth:/auth \
-e REGISTRY_AUTH=htpasswd \
-e REGISTRY_AUTH_HTPASSWD_REALM="Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-v /opt/docker/registry/certs:/certs \
-v /opt/docker/registry/data:/var/lib/registry \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/devops-registry.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/devops-registry.key \
registry:2
或者使用docker-compose启动:
–编辑docker-registry.yml:
registry:
restart: always
image: registry:2
ports:
- 5000:5000
environment:
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/devops-registry.crt
REGISTRY_HTTP_TLS_KEY: /certs/devops-registry.key
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
volumes:
- /opt/docker/registry/data:/var/lib/registry
- /opt/docker/registry/certs:/certs
- /opt/docker/registry/auth:/auth
–启动:docker-compose -f docker-registry.yml up -d
测试私有仓库
1、docker客户机添加证书,在docker客户机上创建证书目录
mkdir -p /etc/docker/certs.d/devops-registry:5000
2、仓库服务器上生成的/opt/docker/registry/certs/devops-registry.crt复制到docker客户机上
cp /opt/docker/registry/certs/devops-registry.crt /etc/docker/certs.d/devops-registry:5000
3、编辑客户机的hosts文件,把仓库名和对应的ip地址加上
4、在docker客户机上登录私有仓库
docker login devops-registry:5000
5、测试推送和拉取镜像
docker tag busybox:latest devops-registry:5000/busybox:latest
docker push devops-registry:5000/busybox:latest
docker rmi devops-registry:5000/busybox:latest busybox:latest
docker pull devops-registry:5000/busybox:latest
启动web页面(docker-registry-frontend)
–编辑docker-compose.yml文件:
version: '2'
services:
docker_ui:
build: .
image: hyper/docker-registry-web:latest
restart: always
ports:
- 5001:80
environment:
ENV_DOCKER_REGISTRY_HOST: devops-registry
ENV_DOCKER_REGISTRY_PORT: 5000
ENV_DOCKER_REGISTRY_USE_SSL: '1'
extra_hosts:
- devops-registry:172.20.6.188
–启动
docker-compose -f docker-ui.yml up -d
–使用172.20.6.188:5001
便可以打开页面,使用上面的用户名密码登录