Docker Registry用户授权、可视化及HTTPS安装

Docker Registry用户授权、可视化及HTTPS安装

从容器运行Registry
$ docker run -d -p 5000:5000 -v path:/var/lib/registry --restart=always --name regis registry:2
将镜像上传到Registry
# 使用新Registry为镜像打标签
$ docker tag IMAGE_ID IP:PORT/USER/IMAGE_NAME:VERSION
# ps: docker tag 1b73ec918f67 10.10.10.30:5000/test/apache2
$ docker push IP:PORT/USER/IMAGE_NAME:VERSION
将镜像上传至Registry报HTTPS错误解决办法
# 在/etc/docker下新建一个daemon.json文件
$ vim /etc/docker/daemon.json
{ "insecure-registries":["IP:5000"] }
# 重启docker
$ systemctl restart docker
# 检查并启动Registry
$ docker start regis
# 重新上传镜像即可
配置https版本Registry
# 先在阿里云或腾讯云等处申请对应域名的免费证书(先设置docker registry域名)
# 将.pem后缀改为.crt
# 将申请的证书用ftp工具上传至服务器
$ mkdir -p CERT_PATH #创建存放证书的目录
$ docker run -d -p 5000:5000 \ 
         -v CERT_PATH:/certs \ 
         -v path:/var/lib/registry \ 
         -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/server.crt \ 
         -e REGISTRY_HTTP_TLS_KEY=/certs/server.key \ 
         --restart=always --name registry registry:2
# 配置nginx代理
$ cat registry.conf
server {
    listen 80;
    server_name registry域名;
    rewrite ^(.*)$ https://$host$1 permanent;
}
server {
    listen 443;
    server_name registry域名;
    access_log /var/log/nginx/registry_access.log;
    error_log /var/log/nginx/registry_error.log;
    
    ... ...
    proxy_pass https://registry:5000;
}

# 非nginx启动registry https
$ docker run -d -p 443:443 \ 
         -v CERT_PATH:/certs \ 
         -v path:/var/lib/registry \ 
         -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \ 
         -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/server.crt \ 
         -e REGISTRY_HTTP_TLS_KEY=/certs/server.key \ 
         --restart=always --name registry registry:2
registry用户授权管理
# 创建registry授权用户
$ mkdir PASS_PATH
$ docker run --entrypoint htpasswd registry:2 -Bbn USER PASSWORD >> PASS_PATH/htpasswd
# 停止正在运行的registry
$ docker container stop registry
# 重新运行registry
$ docker run -d \
  -p 5000:5000 \
  --restart=always \
  --name registry \
  -v path/auth:/auth \
  -v path:/var/lib/registry \
  -e REGISTRY_AUTH=htpasswd \
  -e REGISTRY_AUTH_HTPASSWD_REALM=Registry_Realm \
  -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
  -v CERT_PATH:/certs:/certs \
  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/server.crt \
  -e REGISTRY_HTTP_TLS_KEY=/certs/server.key \
  registry:2
安装docker registry可视化界面
# 安装使用docker-registry-frontend作为WEB_UI
# docker未使用ssl
$ docker run -d -p 8080:8080 \
       --name registry-web \
       --link registry \
       -e REGISTRY_URL=http://registry:5000/v2 \
       -e REGISTRY_NAME=localhost:5000 hyper/docker-registry-web
       
# docker使用用户授权及ssl
# REGISTRY_BASIC_AUTH可以使用命令docker login登录后在/root/.docker/config.json中找到
$ docker run -d -p 8080:8080 --name registry-web --link registry \
       -e REGISTRY_URL=https://registry:5000/v2 \
       -e REGISTRY_TRUST_ANY_SSL=true \
       -e REGISTRY_BASIC_AUTH="YWRtaW46Y2hhbmdlbWU=" \
       -e REGISTRY_NAME=localhost:5000 hyper/docker-registry-web

你可能感兴趣的:(Docker)