Docker创建私有仓库+SSL+AUTH+WEB

首先注册一个域名 如：docker.xx
首先去腾讯云注册一个域名的CA证书，然后放在/opt/registry/ssl目录下，两个文件docker.xx.crt docker.xx.key

创建WEB：

docker run -d -v /opt/registry/data:/var/lib/registry --restart=always --name registry_local registry:v2
docker run -d -e ENV_DOCKER_REGISTRY_HOST=docker.xx  -e ENV_DOCKER_REGISTRY_PORT=5000 -p 80:80 --link registry_local:docker.xx  konradkleine/docker-registry-frontend:v2

修改 Web容器中 /var/www/html/tag/cat tag-detail.html 的内容。

把80改成5000

这样在Web页面中显示每个容器的pull信息，不会有误。【原谅我是个处女座】

创建认证服务器 AUTH-SERVER

docker run -d --privileged --name docker_auth -p 5001:5001 -v /opt/registry/auth_server:/config:ro  -v /opt/registry/ssl/:/ssl cesanta/docker_auth /config/config.yml

config.yml
内容为：

# A simple example. See reference.yml for explanation for explanation of all options.
#
#  auth:
#    token:
#      realm: "https://127.0.0.1:5001/auth"
#      service: "Docker registry"
#      issuer: "Acme auth server"
#      rootcertbundle: "/path/to/server.pem"

server:
  addr: ":5001"
  certificate: "/ssl/docker.xx.crt"
  key: "/ssl/docker.xx.key"

token:
  issuer: "DOCKER AUTH SERVER"  # Must match issuer in the Registry config.
  expiration: 900

users:
  # Password is specified as a BCrypt hash. Use `htpasswd -nB USERNAME` to generate.
  "admin":
    password: "$2y$05$LO.vzwpWC5LZGqThvEfznu8qhb5SGqvBSWY1J3yZ4AxtMRZ3kN5jC"  # badmin


acl:
  - match: {account: "admin"}
    actions: ["*"]
    comment: "Admin has full access to everything."

  - match: {account: "/.+/", name: "${account}/*"}
    actions: ["*"]
    comment: "User has full access to his images"

  - match: {account: "/.+/"}
    actions: ["pull"]
    comment: "All users can pull everything."

  - match: {account: ""}
    actions: ["pull"]
    comment: "Not login user can pull everything."

  # Access is denied by default.

最后创建仓库容器

docker run -d -p 443:5000 -e REGISTRY_AUTH=token -e REGISTRY_AUTH_TOKEN_REALM=https://docker.xx:5001/auth -e REGISTRY_AUTH_TOKEN_SERVICE="Docker registry" -e REGISTRY_AUTH_TOKEN_ISSUER="DOCKER AUTH SERVER" -e REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/docker.xx.crt -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/docker.xx.crt -e REGISTRY_HTTP_TLS_KEY=/certs/docker.xx.key -v /opt/registry/ssl/:/certs -v /opt/registry:/var/lib/registry --restart=always --name registry_ssl  --privileged registry

OK
Docker login docker.xx
admin
badmin

Web界面是 http://docker.xx:5002
auth-server https://docker.xx:5001
registry https://docker.xx