服務器端搭建
拉取docker
#registry server
docker pull registry
#registry web
docker pull hyper/docker-registry-web
生成SSH KEY,用於https訪問
mkdir conf
openssl req -new -newkey rsa:4096 -days 365 -subj "/CN=localhost" \
-nodes -x509 -keyout conf/auth.key -out conf/auth.cert
mkdir /etc/docker/conf/registry
mkdir /etc/docker/conf/registry-web
cp -a conf/auth.cert /etc/docker/conf/registry/
cp -a conf/auth.key /etc/docker/conf/registry-web/
配置文件
增加registry-server配置文件/etc/docker/conf/registry/config.yml,內容如下:
version: 0.1
storage:
filesystem:
rootdirectory: /var/lib/registry
http:
addr: 0.0.0.0:5000
auth:
token:
# external url to docker-web authentication endpoint
realm: http://localhost:8080/api/auth
# should be same as registry.name of registry-web
service: localhost:5000
# should be same as registry.auth.issuer of registry-web
issuer: 'my issuer'
# path to auth certificate
rootcertbundle: /etc/docker/registry/auth.cert
增加registry-web配置文件/etc/docker/conf/registry-web/config.yml,內容如下:
registry:
# Docker registry url
url: http://registry-srv:5000/v2
# Docker registry fqdn
name: localhost:5000
# To allow image delete, should be false
readonly: false
auth:
# Enable authentication
enabled: true
# Token issuer
# should equals to auth.token.issuer of docker registry
issuer: 'my issuer'
# Private key for token signing
# certificate used on auth.token.rootcertbundle should signed by this key
key: /conf/auth.key
啓動registry 服務
啓動registry-server服務
docker run -v /etc/docker/conf/registry:/etc/docker/registry:ro -p 5000:5000 --name registry-srv -d registry
啓動registry-web服務
docker run -v /etc/docker/conf/registry-web:/conf:ro -v /opt/data/registry/db:/data \
-it -p 8080:8080 --link registry-srv --name registry-web-self hyper/docker-registry-web
客戶端測試
docker login localhost:5000 #username:admin password:admin
docker pull hello-world
docker tag hello-world localhost:5000/hello-world:latest
docker push localhost:5000/hello-world:latest
docker rmi localhost:5000/hello-world:latest
docker run localhost:5000/hello-world:latest