部署 Docker Registry 服务

部署 Docker Registry 服务

六月 09, 2016

生成SSL证书

1
$ mkdir -p certs && openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt
1
2
3
4
5
6
7
Country Name (2 letter code) [XX]:CN  // 国家代码
State or Province Name (full name) []:Guangdong // 省
Locality Name (eg, city) [Default City]:Guangzhou // 城市
Organization Name (eg, company) [Default Company Ltd]:dinghz // 组织或公司名
Organizational Unit Name (eg, section) []: // 不填
Common Name (eg, your name or your server’s hostname) []:docker.dinghz.com // 此处演示是通配符域名
Email Address []:admin@dinghz.com // 邮箱地址

配置身份验证

用户名:testuser 密码:testpassword

1
2
$ mkdir auth
$ docker run --entrypoint htpasswd registry:2 -Bbn testuser testpassword > auth/htpasswd

启动容器

1
2
3
4
5
6
7
8
9
$ docker run -d -p 5000:5000 --restart=always --name registry \
-v `pwd`/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-v `pwd`/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
registry:2

本地登录认证

1
$ docker login docker.dinghz.com:5000

测试

1
2
3
$ docker pull hello-world:latest
$ docker tag hello-world:latest docker.dinghz.com:5000/hello-world:latest
$ docker push docker.dinghz.com:5000/hello-world:latest