docker-registry安装
1,docker pull registry 将registry image下载下来
docker run -dit -e STORAGE_PATH=/var/lib/registry -v /opt/registry/:/var/lib/registry -p 127.0.0.1:5000:5000 --name Registry --restart=always registry
2,修改主机的主机名以便在push image时直接指定主机名进行
3,安装nginx 使用rpm包进行安装
安装后nginx.conf
user nginx;
worker_processes 4;
worker_rlimit_nofile 65000;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
use epoll;
multi_accept on;
worker_connections 1500;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
proxy_cache_path /var/cache/nginx/ keys_zone=cache_zone:10m;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
server_tokens off;
keepalive_timeout 65;
client_header_timeout 10;
client_body_timeout 10;
client_max_body_size 1024M;
reset_timedout_connection on;
send_timeout 10;
gzip on;
gzip_disable "msie6";
gzip_http_version 1.1;
gzip_vary on;
# gzip_static on;
gzip_proxied any;
gzip_min_length 1k;
gzip_comp_level 4;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
fastcgi_cache_path /tmp/fastcgi_cache levels=1:2 keys_zone=TEST:10m inactive=5m;
fastcgi_cache_key "$request_method://$host$request_uri";
#uppstream loadbalance
upstream docker {
server 127.0.0.1:5000 weight=1 max_fails=3 fail_timeout=20s;
}
include /etc/nginx/conf.d/*.conf;
}
在conf.d下建立docker.conf的配置文件
server {
listen 443 ssl;
server_name docker.zz.com;
ssl_certificate /etc/nginx/ca/docker.zz.com.crt;
ssl_certificate_key /etc/nginx/ca/docker.zz.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
location / {
auth_basic "registry";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass http://docker;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Authorization "";
# client_body_buffer_size 128k;
# proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
# proxy_buffer_size 8k;
# proxy_buffers 4 32k;
# proxy_busy_buffers_size 64k;
# proxy_temp_file_write_size 64k;
root /usr/share/nginx/html;
index index.html index.htm;
}
location /_ping {
auth_basic off;
proxy_pass http://docker;
}
location /v1/_ping {
auth_basic off;
proxy_pass http://docker;
}
}
4,建立认证用户名和密码
htpasswd -c /etc/nginx/.htpasswd admin
5,使用ssl.ca-0.1.tar.gz建立服务器证书
6,将生成证书的ca根证书加入到服务器的信任文件中
cat ~/ssl.ca-0.1/ca.crt >> /etc/pki/tls/certs/ca-bundle.crt
7,将nginx服务器证书添加到此文件中
/etc/docker/certs.d/docker.zz.com/ca.crt
8,使用命令将需要push的镜像标记
docker tag 07d93e41c370 docker.zz.com/registry docker push docker.zz.com/registry docker pull docker.zz.com/registry
9,查看上传的image是否成功
curl https://admin:admin@docker.zz.com/v1/search