专栏首页康怀帅的专栏Docker Registry v2 配置文件详解

Docker Registry v2 配置文件详解

/etc/docker/registry/config.yml 详解。

你可以在 docker run 时通过 -e 参数设置环境变量来配置。为了避免命令的繁杂,推荐大家通过挂载配置文件来进行配置。

storage:
  filesystem:
    rootdirectory: /var/lib/registry

对应着

REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/somewhere

通过挂载配置文件来修改配置

$ docker run -d \
    -p 5000:5000 \
    --restart=always \
    --name registry \
    -v `pwd`/config.yml:/etc/docker/registry/config.yml \
    registry

简单配置文件请查看:https://github.com/docker/distribution/blob/master/cmd/registry/config-example.yml

示例配置文件:https://docs.docker.com/registry/configuration/#list-of-configuration-options

version: 0.1
log:
  accesslog:
    disabled: true
  level: info | debug | error | warn
  formatter: text | json | logstash
  fields:
    service: registry
    environment: staging
  hooks:
    - type: mail
      disabled: true
      levels:
        - panic
      options:
        smtp:
          addr: smtp.exmail.qq.com:465
          username: docker@xc725.wang
          password: password
          insecure: true
        from: docker@xc725.wang
        to:
          - docker@khs1994.com
# loglevel: debug # deprecated: use "log" 已废弃
# 存储
storage:
  # 存入本地文件中
  filesystem:
    rootdirectory: /var/lib/registry
    maxthreads: 100
  # 存入 阿里云 OSS ,其他国外云服务这里不再列举  
  oss:
    accesskeyid: accesskeyid
    accesskeysecret: accesskeysecret
    region: OSS region name
    endpoint: optional endpoints
    internal: optional internal endpoint
    bucket: OSS bucket
    encrypt: optional data encryption setting
    secure: optional ssl setting
    chunksize: optional size valye
    rootdirectory: optional root directory
  inmemory:  # This driver takes no parameters
  delete:
    enabled: false
  redirect:
    disable: false
  cache:
    blobdescriptor: redis
  maintenance:
    uploadpurging:
      enabled: true
      age: 168h
      interval: 24h
      dryrun: false
    readonly:
      enabled: false
# 用户名 密码 验证功能,提供三种验证方式,我比较熟悉 htpasswd  
auth:
  silly:
    realm: silly-realm
    service: silly-service
  token:
    realm: token-realm
    service: token-service
    issuer: registry-token-issuer
    rootcertbundle: /root/certs/bundle
  htpasswd:
    realm: basic-realm
    path: /path/to/htpasswd
middleware:
  registry:
    - name: ARegistryMiddleware
      options:
        foo: bar
  repository:
    - name: ARepositoryMiddleware
      options:
        foo: bar
  storage:
    - name: cloudfront
      options:
        baseurl: https://my.cloudfronted.domain.com/
        privatekey: /path/to/pem
        keypairid: cloudfrontkeypairid
        duration: 3000s
  storage:
    - name: redirect
      options:
        baseurl: https://example.com/
reporting:
  bugsnag:
    apikey: bugsnagapikey
    releasestage: bugsnagreleasestage
    endpoint: bugsnagendpoint
  newrelic:
    licensekey: newreliclicensekey
    name: newrelicname
    verbose: true
http:
  addr: localhost:5000
  prefix: /my/nested/registry/
  host: https://myregistryaddress.org:5000
  secret: asecretforlocaldevelopment
  relativeurls: false
  tls:
    certificate: /path/to/x509/public
    key: /path/to/x509/private
    clientcas:
      - /path/to/ca.pem
      - /path/to/another/ca.pem
    letsencrypt:
      cachefile: /path/to/cache-file
      email: emailused@letsencrypt.com
  debug:
    addr: localhost:5001
  headers:
    X-Content-Type-Options: [nosniff]
  http2:
    disabled: false
# 类似 github webhooks ,给特定网址 post 一个 json 数据    
notifications:
  endpoints:
    - name: alistener
      disabled: false
      url: https://my.listener.com/event
      headers: <http.Header>
      timeout: 500
      threshold: 5
      backoff: 1000
      ignoredmediatypes:
        - application/octet-stream
#配置 Redis        
redis:
  addr: redis:6379
  # password: asecret
  db: 0
  dialtimeout: 10ms
  readtimeout: 10ms
  writetimeout: 10ms
  pool:
    maxidle: 16
    maxactive: 64
    idletimeout: 300s
# 健康检查    
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3
  file:
    - file: /path/to/checked/file
      interval: 10s
  http:
    - uri: http://server.to.check/must/return/200
      headers:
        Authorization: [Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==]
      statuscode: 200
      timeout: 3s
      interval: 10s
      threshold: 3
  tcp:
    - addr: redis-server.domain.com:6379
      timeout: 3s
      interval: 10s
      threshold: 3
# docker hub 镜像      
proxy:
  remoteurl: https://registry-1.docker.io
  username: [username]
  password: [password]
compatibility:
  schema1:
    signingkeyfile: /etc/registry/key.json
validation:
  enabled: true
  manifests:
    urls:
      allow:
        - ^https?://([^/]+\.)*example\.com/
      deny:
        - ^https?://www\.example\.com/

本文参与腾讯云自媒体分享计划,欢迎正在阅读的你也加入,一起分享。

我来说两句

0 条评论
登录 后参与评论

相关文章

  • Docker 私有仓库安装配置 (Registry v2)

    使用 Docker Compose + Docker machine 配置一个 Docker 私有仓库。

    康怀帅
  • Docker Swarm mode 详解

    使用 docker swarm Dcoker 内置的集群管理的工具,Docker CE 1.12+。注意与旧的 Docker Swarm 区分开来。 OS: C...

    康怀帅
  • Docker PHP 最佳实践

    参考示例配置文件在 config/nginx 新建 *.conf NGINX 配置文件

    康怀帅
  • tf.py_func

    封装一个python函数并将其用作TensorFlow op。给定一个python函数func,它以numpy数组作为参数并返回numpy数组作为输出,将这个函...

    于小勇
  • ChIP-seq 分析------原理

      之前一直在死磕ChIP-seq的实验,接下来要逐步过渡到ChIP-seq的上手分析了。在进行ChIP-seq在分析之前,明确一下几个问题:

    liu_ll
  • 爬虫实践--CBA历年比赛数据

    闲来无聊,刚好有个朋友来问爬虫的事情,说起来了CBA这两年的比赛数据,做个分析,再来个大数据啥的。来了兴趣,果然搞起来,下面分享一下爬虫的思路。

    FunTester
  • SAP CRM产品主数据ID的生成逻辑介绍

    You can choose to let the system determine the product ID automatically accordin...

    Jerry Wang
  • 【优秀题解】问题 1678: 算法2-18~2-19:双向循环链表

    第一步:(这一步千万不要倒过来 否则会出错)先把p->next元素(用x 元素代替),

    编程范 源代码公司
  • 给CVPR颁“金酸莓奖”,知乎网友热议最差论文,战火烧到Reddit论坛

    今年CVPR共有1200多篇论文被接收,官方评出了最佳论文,民间则评出了最差论文。

    量子位
  • 使用ant执行Java代码

    一个小陷阱:如果用tomcat manager应用,即html页面点击reload,发起的HTTP请求的url:http://localhost:9032/ma...

    Jerry Wang

扫码关注云+社区

领取腾讯云代金券