搭建容器私有仓库服务
原创
搭建步骤:
1、启动registry服务
docker pull registry
mkdir /data/docker/registry
docker run -idt -v /data/docker/registry/:/var/lib/registry -p 5000:5000 --name registry --restart=always registry
- 参数说明
1)-itd:在容器中打开一个伪终端进行交互操作,并在后台运行;
2)-v:绑定宿主机的/docker/registry到容器/docker/registry目录(registry容器中存放镜像文件的目录),来实现数据的持久化;
3)-p:映射端口;访问宿主机的5000端口就访问到registry容器的服务了;
4)--restart=always:这是重启的策略,假如这个容器异常退出会自动重启容器;
5)--name registry:创建容器命名为registry,可自定义任何名称;
6)registry:latest:这个是刚才pull下来的镜像;- 验证:
docker tag hello-world localhost:5000/hello-world:v1
docker push localhost:5000/hello-world:v1
curl http://localhost:5000/v2/_catalog
{“repositories":["hello-world"]}
curl http://localhost:5000/v2/hello-world/tags/list
{"name":"hello-world","tags":["latest","v1"]}2、配置nginx反向代理
- 配置方法一:
server {
#listen 80;
listen 443;
server_name bksaas.com; #填写绑定证书的域名
ssl on;
ssl_certificate bksaas.crt;
ssl_certificate_key bksaas.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
ssl_prefer_server_ciphers on;
client_max_body_size 0;
chunked_transfer_encoding on;
location / {
proxy_pass http://127.0.0.1:5000;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// $scheme://;
}
}- 配置方法二(推荐):
upstream DOCKER_REGISTRY {
server localhost:5000;
}
server {
#listen 80;
listen 443;
server_name bksaas.com; #填写绑定证书的域名
ssl on;
ssl_certificate bksaas.crt;
ssl_certificate_key bksaas.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
ssl_prefer_server_ciphers on;
client_max_body_size 0;
chunked_transfer_encoding on;
location / {
proxy_pass http://DOCKER_REGISTRY;
# proxy_read_timeout 90;
# proxy_http_version 1.1;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# proxy_redirect http:// $scheme://;
}
}- 验证:
docker tag hello-world bksaas.com/hello-world:v1
docker push bksaas.com/hello-world:v1
curl https://bksaas.com/v2/_catalog
{“repositories":["hello-world"]}3、遇到的问题
http: server gave HTTP response to HTTPS client
root@miya sites-enabled# docker tag hello-world 172.19.0.13:5000/hello-world:v2
root@miya sites-enabled# docker push 172.19.0.13:5000/hello-world:v2
The push refers to repository 172.19.0.13:5000/hello-world Get https://172.19.0.13:5000/v2/:
http: server gave HTTP response to HTTPS client
通过内网IP来访问仓库时,需要配置客户端
vim /etc/docker/daemon.json
{
"registry-mirrors":["https://registry.docker-cn.com"],
"insecure-registries”:[“l172.19.0.13:5000”]
}systemctl restart docker
error parsing HTTP 400 response body: invalid character '<' looking for beginning of value
[root@miya sites-enabled]# docker push bksaas.com/nginx:v1
The push refers to repository [bksaas.com/nginx]
0b9e07febf57: Pushing 3.584kB
55028c39c191: Preparing
0a07e81f5da3: Pushing 55.3MB/55.3MB
error parsing HTTP 400 response body: invalid character '<' looking for beginning of value: "<html>\r\n<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>400 Bad Request</h1></center>\r\n<center>The plain HTTP request was sent to HTTPS port</center>\r\n<hr><center>openresty/1.13.6.2</center>\r\n</body>\r\n</html>\r\n"方式一(见Nginx配置方式一):proxy_redirect http:// $scheme://;
方式二(见Nginx配置方式二):proxy_set_header X-Forwarded-Proto $scheme;
13 Request Entity Too Large
[root@miya sites-enabled]# docker push bksaas.com/nginx:v1
The push refers to repository [bksaas.com/nginx]
0b9e07febf57: Pushed
55028c39c191: Pushing 53.97MB
0a07e81f5da3: Pushing 55.3MB/55.3MB
error parsing HTTP 413 response body: invalid character '<' looking for beginning of value: "<html>\r\n<head><title>413 Request Entity Too Large</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>413 Request Entity Too Large</h1></center>\r\n<hr><center>openresty/1.13.6.2</center>\r\n</body>\r\n</html>\r\n"增加Nignx配置,放开限制:
client_max_body_size 0;4、镜像仓库的维护
- 如何清空镜像? root@miya repositories# rm -rf /data/docker/registry/docker/registry/v2/repositories/* root@miya repositories# docker exec registry bin/registry garbage-collect /etc/docker/registry/config.yml
- 持续补充...
5、镜像操作的接口
- 查询镜像的版本列表
{
name: "hello-world",
tags: [
"v3",
"latest",
"v1",
"v2",
],
}[root@miya sites-enabled]# curl --header "Accept: application/vnd.docker.distribution.manifest.v2+json" -I -X GET https://registry.bksaas.com/v2/hello-world/manifests/v1
HTTP/1.1 200 OK
Server: openresty/1.13.6.2
Date: Sun, 03 Mar 2019 03:23:55 GMT
Content-Type: application/vnd.docker.distribution.manifest.v2+json
Content-Length: 524
Connection: keep-alive
Docker-Content-Digest: sha256:92c7f9c92844bbbb5d0a101b22f7c2a7949e40f8ea90c8b3bc396879d95e899a
Docker-Distribution-Api-Version: registry/2.0
Etag: "sha256:92c7f9c92844bbbb5d0a101b22f7c2a7949e40f8ea90c8b3bc396879d95e899a"
X-Content-Type-Options: nosniff$ curl -I -X DELETE <protocol>://<registry_host>/v2/<repo_name>/manifests/<digest_hash>参考:
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
评论
登录后参与评论
推荐阅读