搭建容器私有仓库服务

搭建步骤:

1、启动registry服务

docker pull registry

mkdir /data/docker/registry

docker run -idt -v /data/docker/registry/:/var/lib/registry -p 5000:5000 --name registry --restart=always registry

  • 参数说明
1)-itd:在容器中打开一个伪终端进行交互操作,并在后台运行; 
2)-v:绑定宿主机的/docker/registry到容器/docker/registry目录(registry容器中存放镜像文件的目录),来实现数据的持久化;
3)-p:映射端口;访问宿主机的5000端口就访问到registry容器的服务了; 
4)--restart=always:这是重启的策略,假如这个容器异常退出会自动重启容器; 
5)--name registry:创建容器命名为registry,可自定义任何名称; 
6)registry:latest:这个是刚才pull下来的镜像;
  • 验证:
docker tag hello-world localhost:5000/hello-world:v1
docker push localhost:5000/hello-world:v1

curl http://localhost:5000/v2/_catalog
{“repositories":["hello-world"]}

curl http://localhost:5000/v2/hello-world/tags/list
{"name":"hello-world","tags":["latest","v1"]}

2、配置nginx反向代理

  • 配置方法一:
server {
        #listen 80;
        listen 443;
        server_name bksaas.com; #填写绑定证书的域名
        ssl on;
        ssl_certificate bksaas.crt;
        ssl_certificate_key bksaas.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
        ssl_prefer_server_ciphers on;

        client_max_body_size 0;
        chunked_transfer_encoding on;

        location / {
            proxy_pass  http://127.0.0.1:5000;
            proxy_set_header    Host    $host:$server_port;
            proxy_set_header    X-Forwarded-For  $remote_addr;
            proxy_set_header    X-Real-IP      $remote_addr;
            proxy_set_header    X-Forwarded-Proto $scheme;
            proxy_redirect http:// $scheme://;
            
        }
    }
  • 配置方法二(推荐):
upstream DOCKER_REGISTRY {
        server localhost:5000;
}

server {
        #listen 80;
        listen 443;
        server_name bksaas.com; #填写绑定证书的域名
        ssl on;
        ssl_certificate bksaas.crt;
        ssl_certificate_key bksaas.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
        ssl_prefer_server_ciphers on;

        client_max_body_size 0;
        chunked_transfer_encoding on;

        location / {
            proxy_pass  http://DOCKER_REGISTRY;
            # proxy_read_timeout  90;
            # proxy_http_version 1.1;
            proxy_set_header  Host    $host:$server_port;
            proxy_set_header    X-Real-IP      $remote_addr;
            proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header    X-Forwarded-Proto $scheme;
            # proxy_redirect http:// $scheme://;
        }
    }
  • 验证:
docker tag hello-world bksaas.com/hello-world:v1
docker push bksaas.com/hello-world:v1
curl https://bksaas.com/v2/_catalog
{“repositories":["hello-world"]}

3、遇到的问题

  • http: server gave HTTP response to HTTPS client

root@miya sites-enabled# docker tag hello-world 172.19.0.13:5000/hello-world:v2

root@miya sites-enabled# docker push 172.19.0.13:5000/hello-world:v2

The push refers to repository 172.19.0.13:5000/hello-world Get https://172.19.0.13:5000/v2/: http: server gave HTTP response to HTTPS client

通过内网IP来访问仓库时,需要配置客户端

vim /etc/docker/daemon.json

{
"registry-mirrors":["https://registry.docker-cn.com"],
"insecure-registries”:[“l172.19.0.13:5000”]
}

systemctl restart docker

  • error parsing HTTP 400 response body: invalid character '<' looking for beginning of value
[root@miya sites-enabled]# docker push bksaas.com/nginx:v1
The push refers to repository [bksaas.com/nginx]
0b9e07febf57: Pushing  3.584kB
55028c39c191: Preparing 
0a07e81f5da3: Pushing   55.3MB/55.3MB
error parsing HTTP 400 response body: invalid character '<' looking for beginning of value: "<html>\r\n<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>400 Bad Request</h1></center>\r\n<center>The plain HTTP request was sent to HTTPS port</center>\r\n<hr><center>openresty/1.13.6.2</center>\r\n</body>\r\n</html>\r\n"

方式一(见Nginx配置方式一):proxy_redirect http:// $scheme://;

方式二(见Nginx配置方式二):proxy_set_header X-Forwarded-Proto $scheme;

  • 13 Request Entity Too Large
[root@miya sites-enabled]# docker push bksaas.com/nginx:v1
The push refers to repository [bksaas.com/nginx]
0b9e07febf57: Pushed 
55028c39c191: Pushing  53.97MB
0a07e81f5da3: Pushing   55.3MB/55.3MB
error parsing HTTP 413 response body: invalid character '<' looking for beginning of value: "<html>\r\n<head><title>413 Request Entity Too Large</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>413 Request Entity Too Large</h1></center>\r\n<hr><center>openresty/1.13.6.2</center>\r\n</body>\r\n</html>\r\n"

增加Nignx配置,放开限制:

client_max_body_size 0;

4、镜像仓库的维护

  1. 如何清空镜像?
root@miya repositories# rm -rf /data/docker/registry/docker/registry/v2/repositories/*
root@miya repositories# docker exec registry bin/registry garbage-collect /etc/docker/registry/config.yml
  2. 持续补充...

5、镜像操作的接口

  1. 查询镜像的版本列表

https://registry.bksaas.com/v2/hello-world/tags/list

{
name: "hello-world",
tags: [
"v3",
"latest",
"v1",
"v2",
],
}
  1. 查询具体版本的hashhttps://registry.bksaas.com/v2/hello-world/manifests/v1
[root@miya sites-enabled]# curl  --header "Accept: application/vnd.docker.distribution.manifest.v2+json" -I -X GET https://registry.bksaas.com/v2/hello-world/manifests/v1

HTTP/1.1 200 OK
Server: openresty/1.13.6.2
Date: Sun, 03 Mar 2019 03:23:55 GMT
Content-Type: application/vnd.docker.distribution.manifest.v2+json
Content-Length: 524
Connection: keep-alive
Docker-Content-Digest: sha256:92c7f9c92844bbbb5d0a101b22f7c2a7949e40f8ea90c8b3bc396879d95e899a
Docker-Distribution-Api-Version: registry/2.0
Etag: "sha256:92c7f9c92844bbbb5d0a101b22f7c2a7949e40f8ea90c8b3bc396879d95e899a"
X-Content-Type-Options: nosniff
  1. 删除对应的版本https://registry.bksaas.com/v2/hello-world/manifests/sha256:92c7f9c92844bbbb5d0a101b22f7c2a7949e40f8ea90c8b3bc396879d95e899a
$ curl -I -X DELETE <protocol>://<registry_host>/v2/<repo_name>/manifests/<digest_hash>

参考:

  1. https://docs.docker.com/registry/recipes/nginx/
  2. https://blog.csdn.net/l6807718/article/details/52886546

原创声明,本文系作者授权云+社区发表,未经许可,不得转载。

如有侵权,请联系 yunjia_community@tencent.com 删除。

发表于

我来说两句

0 条评论
登录 后参与评论

相关文章

来自专栏Java猫说

Redis | 001能做什么?

本系列整理出于《Redis深度历险:核心原理与应用实践》一书,摘抄整理读后感与总结。

12030
来自专栏热爱IT

Docker 从零开始制作基础镜像[centos]

http://www.oschina.net/news/62897/docker-hub-contains-high-risk-vulnerabilities ...

58120
来自专栏热爱IT

Centos7创建支持ssh服务器的docker容器

这样就会新建一个docker容器,并且进入容器的bash中  2、安装sshd:

18520
来自专栏热爱IT

在docker中使用mysql数据库,在局域网访问

注:本文所有内容均在CentOS Linux release 7.2.1511 (Core) 上测试完成

20430
来自专栏热爱IT

从 Docker 的新手村出发?那么你需要这11条守则

正因为这一特点,一些用户需要改变他们对容器的观念,为了更好的使用与发挥 Docker 容器的价值,有一些事情是绝对不应该做的:

7520
来自专栏DotNet程序园

Asp.NetCore轻松学-使用Docker进行容器化托管

没有 docker 部署的程序是不完整的,在写了 IIS/Centos/Supervisor 3篇托管介绍文章后,终于来到了容器化部署,博客园里面有关于 doc...

16740
来自专栏热爱IT

CentOS7安装Docker,运行Nginx镜像、Centos镜像

1、环境,CentOS7 Minimal 64位,Docker必须要64位的系统 2、通过yum命令直接安装,yum install docker ...

1.1K20
来自专栏云知识学习

在TKE集群中新建工作负载

需要明白的是 工作负载(workload)指的是Deployment、StatefulSet、DaemonSet、CronJob、Job。

16620
来自专栏亨利笔记

Docker, Container和PaaS的关系

近日技术圈流传着一张关于PaaS (Platform as a Service)和Container关系的图。该图来自Simon Wardley 在某404网站...

20730
来自专栏PHPer 进击

MySQL 复制 - 性能与扩展性的基石 2:部署及其配置

正所谓理论造航母,现实小帆船。单有理论,不动手实践,学到的知识犹如空中楼阁。接下来,我们一起来看下如何一步步进行 MySQL Replication 的配置。

8820

扫码关注云+社区

领取腾讯云代金券

年度创作总结 领取年终奖励