mirror of https://github.com/vimagick/dockerfiles
27e423fa9d
|
||
|---|---|---|
| .. | ||
| README.md | ||
| docker-compose.oss.yml | ||
| docker-compose.yml | ||
registry
Registry is the Docker toolset to pack, ship, store, and deliver content.
docker-compose.yml
version: "3.8"
services:
registry:
image: registry:2
ports:
- "5000:5000"
volumes:
- /etc/docker/registry
- ./data:/var/lib/registry
- ./certs:/certs
- ./auth:/auth
environment:
- REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt
- REGISTRY_HTTP_TLS_KEY=/certs/domain.key
- REGISTRY_AUTH=htpasswd
- REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm
- REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
restart: unless-stopped
webui:
image: joxit/docker-registry-ui:2
ports:
- "5080:80"
environment:
- NGINX_PROXY_PASS_URL=http://registry:5000
- REGISTRY_TITLE=EasyPi Docker Registry
- DELETE_IMAGES=true
depends_on:
- registry
restart: unless-stopped
Server Setup
$ mkdir -p ~/fig/registry/{auth,certs}
$ cd ~/fig/registry
$ openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt
$ docker-compose up -d
$ docker-compose exec registry sh
>>> htpasswd -Bbn username password >> /auth/htpasswd
>>> cat >> /etc/docker/registry/config.yml
proxy:
remoteurl: https://registry-1.docker.io
username: username
password: password
^D
>>> exit
$ docker-compose restart
⚠️ You cannot use it as registry+mirror at the same time.
Client Setup
$ scp registry.easypi.pro:fig/registry/certs/domain.crt \
/etc/docker/certs.d/registry.easypi.pro:5000/ca.crt
$ vim /etc/docker/daemon.json
{
"registry-mirrors": [
"https://registry.easypi.pro:5000"
],
"insecure-registries": [
"registry.easypi.pro"
],
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "3"
}
}
$ systemctl reload docker
$ docker info
$ docker pull alpine
$ docker tag alpine registry.easypi.pro:5000/alpine
$ docker login -u username -p password easypi.pro:5000
$ docker push registry.easypi.pro:5000/alpine
$ docker rmi registry.easypi.pro:5000/alpine
$ docker pull registry.easypi.pro:5000/alpine
$ curl -k -u username:password https://registry.easypi.pro:5000/v2/_catalog
$ curl -k -u username:password https://registry.easypi.pro:5000/v2/alpine/tags/list
⚠️ Docker will connect insecure-registries via HTTPS first (ignore TLS error), then try HTTP.
Cleanup Outdated Images
Read More
- https://github.com/docker/distribution/blob/master/docs/deploying.md
- https://github.com/docker/distribution/blob/master/docs/insecure.md
- https://serversforhackers.com/tcp-load-balancing-with-nginx-ssl-pass-thru
- https://github.com/docker/distribution/blob/master/docs/recipes/mirror.md
- https://docs.docker.com/registry/spec/api/