环境配置
- 系统信息: #1 SMP PREEMPT_DYNAMIC Debian 6.1.66-1 (2023-12-09) x86_64
- docker 版本:Docker Engine 24.0.7
- docker compose 版本:v2.21.0
背景简介
自搭建 Docker 私有镜像服务,用于管理自己的私有 Docker 镜像。
详细步骤
创建一个标准用户认证文件
$ sudo htpasswd -cB data/auth/basicauth myusername
New password:
Re-type new password:
Adding password for user myusername
- 创建一个新的文件:-c
- 强制加密密码:-B
- 文件名地址:data/auth/basicauth
- 用户名:myusername
界面上会提示输入两次密码,输入后即可添加完成。
配置 docker compose 文件
version: '3.8'
services:
dcr-registry-ui:
image: joxit/docker-registry-ui:main
container_name: dcr-registry-ui
restart: always
ports:
- 20706:80
environment:
- SINGLE_REGISTRY=true
- REGISTRY_TITLE=Docker Registry UI
- DELETE_IMAGES=true
- SHOW_CONTENT_DIGEST=true
- NGINX_PROXY_PASS_URL=http://dcr-registry-server:5000
- SHOW_CATALOG_NB_TAGS=true
- CATALOG_MIN_BRANCHES=1
- CATALOG_MAX_BRANCHES=1
- TAGLIST_PAGE_SIZE=100
- REGISTRY_SECURED=true
- CATALOG_ELEMENTS_LIMIT=1000
networks:
- other
dcr-registry-server:
image: registry:2.8.2
container_name: dcr-registry-server
restart: always
environment:
REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin: '[https://repo.sample.com]'
REGISTRY_HTTP_HEADERS_Access-Control-Allow-Methods: '[HEAD,GET,OPTIONS,DELETE]'
REGISTRY_HTTP_HEADERS_Access-Control-Allow-Credentials: '[true]'
REGISTRY_HTTP_HEADERS_Access-Control-Allow-Headers: '[Authorization,Accept,Cache-Control]'
REGISTRY_HTTP_HEADERS_Access-Control-Expose-Headers: '[Docker-Content-Digest]'
REGISTRY_STORAGE_DELETE_ENABLED: 'true'
REGISTRY_AUTH: 'htpasswd'
REGISTRY_AUTH_HTPASSWD_REALM: 'Registry Realm'
REGISTRY_AUTH_HTPASSWD_PATH: '/auth/basicauth'
volumes:
- ./data/var/lib/registry:/var/lib/registry
- ./data/auth:/auth
networks:
- other
networks:
other:
name: other
external: true
- 版本信息:version ‘3.8’
- docker compose 服务根节点:services
- UI 服务配置
- 服务名:dcr-registry-ui
- 镜像:joxit/docker-registry-ui:main
- 容器名:dcr-registry-ui
- 重启机制:restart: always
- 端口暴露:ports
- 环境变量配置:environment
- 设置为单个服务:SINGLE_REGISTRY=true
- UI主页标题:REGISTRY_TITLE=Docker Registry UI
- 删除权限:DELETE_IMAGES=true
- 未知:SHOW_CONTENT_DIGEST=true
- 镜像服务地址:NGINX_PROXY_PASS_URL=http://dcr-registry-server:5000
- 未知:SHOW_CATALOG_NB_TAGS=true
- 未知:CATALOG_MIN_BRANCHES=1
- 未知:CATALOG_MAX_BRANCHES=1
- 未知:TAGLIST_PAGE_SIZE=100
- 镜像服务是否启用安全认证:REGISTRY_SECURED=true
- 未知:CATALOG_ELEMENTS_LIMIT=1000
- 网络配置:networks:
- 网络名称- other
- 镜像服务配置
- 服务名:dcr-registry-server
- 镜像版本:image: registry:2.8.2
- 容器名称:container_name: dcr-registry-server
- 重启规则:restart: always
- 环境变量:environment:
- 可访问的镜像服务URL:REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin: ‘[https://repo.sample.com]’
- 访问方法:REGISTRY_HTTP_HEADERS_Access-Control-Allow-Methods: ‘[HEAD,GET,OPTIONS,DELETE]’
- 访问认证:REGISTRY_HTTP_HEADERS_Access-Control-Allow-Credentials: ‘[true]’
- Allow Header:REGISTRY_HTTP_HEADERS_Access-Control-Allow-Headers: ‘[Authorization,Accept,Cache-Control]’
- Expose Header:REGISTRY_HTTP_HEADERS_Access-Control-Expose-Headers: ‘[Docker-Content-Digest]’
- 删除权限:REGISTRY_STORAGE_DELETE_ENABLED: ‘true’
- 认证方式:REGISTRY_AUTH: ‘htpasswd’
- 认证方式:REGISTRY_AUTH_HTPASSWD_REALM: ‘Registry Realm’
- 认证文件路径:REGISTRY_AUTH_HTPASSWD_PATH: ‘/auth/basicauth’
- 挂载卷:volumes:
- 镜像数据:- ./data/var/lib/registry:/var/lib/registry
- 认证路径:- ./data/auth:/auth
- 网络配置:networks:
- 网络名:- other
- 网络定义:networks:
- 网络别名:other:
- 网络名:name: other
- 是否外部网络:external: true
- 网络别名:other:
本地登录镜像服务
$ sudo docker login 127.0.0.1:20706
Username: myusername
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
至此,自搭建私有镜像服务已完成!