docker-registry安装

1,docker pull registry 将registry image下载下来

docker run -dit -e STORAGE_PATH=/var/lib/registry -v /opt/registry/:/var/lib/registry -p 127.0.0.1:5000:5000 --name Registry --restart=always registry

2,修改主机的主机名以便在push image时直接指定主机名进行

3,安装nginx 使用rpm包进行安装

安装后nginx.conf

user  nginx;
worker_processes  4;
worker_rlimit_nofile 65000;
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;
events {
    use epoll;
    multi_accept on;
    worker_connections  1500;
}
http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    proxy_cache_path /var/cache/nginx/ keys_zone=cache_zone:10m;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile        on;
    #tcp_nopush     on;
    server_tokens   off;
    keepalive_timeout  65;
    client_header_timeout 10;
    client_body_timeout 10;
    client_max_body_size 1024M;
    reset_timedout_connection on;
    send_timeout 10;
    gzip  on;
    gzip_disable "msie6";
    gzip_http_version 1.1;
    gzip_vary on;
    # gzip_static on; 
    gzip_proxied any;
    gzip_min_length 1k;
    gzip_comp_level 4;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
    fastcgi_cache_path /tmp/fastcgi_cache levels=1:2 keys_zone=TEST:10m inactive=5m;
    fastcgi_cache_key "$request_method://$host$request_uri";
    #uppstream loadbalance
    upstream docker {
    server 127.0.0.1:5000 weight=1 max_fails=3 fail_timeout=20s;
    }
    include /etc/nginx/conf.d/*.conf;
}

在conf.d下建立docker.conf的配置文件

server {
    listen       443 ssl;
    server_name  docker.zz.com;
    ssl_certificate      /etc/nginx/ca/docker.zz.com.crt;
    ssl_certificate_key  /etc/nginx/ca/docker.zz.com.key;
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  5m;
#    ssl_ciphers  HIGH:!aNULL:!MD5;
#    ssl_prefer_server_ciphers   on;
    location / {
        auth_basic "registry";
        auth_basic_user_file /etc/nginx/.htpasswd;
        proxy_pass http://docker;
        proxy_set_header  Host           $http_host;
        proxy_set_header  X-Real-IP      $remote_addr;
        proxy_set_header  Authorization  "";
#       client_body_buffer_size     128k;
#        proxy_connect_timeout       90;
        proxy_send_timeout          90;
        proxy_read_timeout          90;
#        proxy_buffer_size           8k;
#        proxy_buffers               4 32k;
#        proxy_busy_buffers_size     64k;
#        proxy_temp_file_write_size  64k;
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
    location /_ping {
        auth_basic off;
        proxy_pass http://docker;
    }
    location /v1/_ping {
        auth_basic off;
        proxy_pass http://docker;
    }
}

4,建立认证用户名和密码

htpasswd -c /etc/nginx/.htpasswd admin

5,使用ssl.ca-0.1.tar.gz建立服务器证书

6,将生成证书的ca根证书加入到服务器的信任文件中

cat ~/ssl.ca-0.1/ca.crt >> /etc/pki/tls/certs/ca-bundle.crt

7,将nginx服务器证书添加到此文件中

/etc/docker/certs.d/docker.zz.com/ca.crt

8,使用命令将需要push的镜像标记

docker tag 07d93e41c370 docker.zz.com/registry
docker push docker.zz.com/registry
docker pull docker.zz.com/registry

9,查看上传的image是否成功

curl https://admin:[email protected]/v1/search