Implementation of Docker private warehouse registry deployment

As more and more Docker images are used, there needs to be a place to store the images, which is the warehouse. There are currently two types of warehouses commonly used: public warehouses and private warehouses. The most convenient way is to use public repositories to upload and download. You do not need to register to download images from public repositories, but you do need to register when uploading.

The most commonly used private warehouses are Registry and Harbor. Next, I will introduce in detail how to build a registry private warehouse. Harbor will be deployed in the next blog post.

1. Deploy Registry private warehouse

Case Description

Two CentOS7.4 machines, one for the Docker private repository and the other for the Docker client for testing;

Both servers need to install Docker service, please refer to the blog post: Install Docker.v19 version

1. Configure the registry private warehouse

[root@centos01 ~]# echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf  
    <!--Enable routing function on docker host-->
[root@centos01 ~]# sysctl -p <!--Refresh configuration-->
net.ipv4.ip_forward = 1
[root@centos01 ~]# vim /etc/docker/daemon.json <!--Configure image acceleration-->
{"registry-mirrors":["https://6kx4zyno.mirror.aliyuncs.com"]} <!--Add Alibaba Cloud Acceleration-->
[root@centos01 ~]# systemctl reload docker <!--Restart the docker service-->
[root@centos01 ~]# docker search registry <!--Search for registry image-->
<!--Registry image can be directly pulled down, or not downloaded, depending on your own situation-->
[root@centos01 ~]# docker run -d -p 5000:5000 --name registry --restart=always -v /opt/registry:/var/lib/registry registry
 <!--Run the registry container and run the registry service to store its own image-->
 <!--"--restart=always" parameter means that this container starts following the docker service startup-->
[root@centos01 ~]# docker ps <!--View the container running by docker-->
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a7773d77b8a3 registry "/entrypoint.sh /etc…" 50 seconds ago Up 46 seconds 0.0.0.0:5000->5000/tcp registry
[root@centos01 ~]# docker images <!--View all docker images-->
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest 708bc6af7e5e 3 months ago 25.8MB
tomcat latest 1b6b1fe7261e 5 days ago 647MB
hub.c.163.com/public/centos 6.7-tools b2ab0ed558bb 3 years ago 602MB
[root@centos01 ~]# vim /etc/docker/daemon.json <!--Configure docker service to support registry service-->
{"registry-mirrors":["https://6kx4zyno.mirror.aliyuncs.com"],
"insecure-registries":["192.168.100.10:5000"] <!--Add this line-->
}
[root@centos01 ~]# systemctl reload docker <!--Restart the docker service-->

2. Upload the image to the registry private warehouse

[root@centos01 ~]# docker tag hub.c.163.com/public/centos:6.7-tools 192.168.100.10:5000/image/centos:6.7  
    <!--Modify the image tag-->
[root@centos01 ~]# docker push 192.168.100.10:5000/image/centos:6.7 <!--Upload the image to the registry private warehouse-->

2. Configure the Docker client to access the private repository

<!--Install Docker service on the client and configure image acceleration-->
[root@centos02 ~]# vim /etc/docker/daemon.json <!--Configure docker to support registry service-->
{"registry-mirrors":["https://6kx4zyno.mirror.aliyuncs.com"],
"insecure-registries":["192.168.100.10:5000"] <!--Add this line-->
}
[root@centos02 ~]# systemctl restart docker <!--Restart docker service-->
[root@centos02 ~]# docker pull 192.168.100.10:5000/image/centos:6.7 
         <!--The client downloads the image in the private warehouse-->
[root@centos02 ~]# docker images <!--Check whether the image is downloaded successfully-->
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.100.10:5000/image/centos 6.7 b2ab0ed558bb 3 years ago 602MB

At this point, the registry private warehouse has been built, but there is a problem now. If this is also deployed, all personnel within the enterprise can access our private warehouse. For security reasons, we will add an authentication for the registry. Only after passing the authentication can you upload or download the image in the private warehouse.

3. Configure registry to load authentication

[root@centos01 ~]# yum -y install httpd-tools <!--Install encryption tool httpd-tools-->
[root@centos01 ~]# mkdir /opt/registry-auth <!--Create a directory to store verification keys-->
[root@centos01 ~]# htpasswd -Bbn bob pwd@123 > /opt/registry-auth/htpasswd
 <!--Configure the registry authentication database-->
<!--"-Bbn" parameter explanation: B forces password encryption; b enters the password in the command and does not prompt for the password; n does not update the key file -->

<!--Delete all containers on this server, and then regenerate a private warehouse container that requires authentication-->
[root@centos01 ~]# docker run -d -p 5000:5000 --restart=always \
-v /opt/registry-auth/:/auth/ \
-v /opt/registry:/var/lib/registry --name registry-auth -e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" registry 
 <!--Re-run a registry private image repository container that supports authentication-->
[root@centos01 ~]# docker tag tomcat:latest 192.168.100.10:5000/image/tomcat:1.0 
    <!--Mirror modification tag-->
[root@centos01 ~]# docker push 192.168.100.10:5000/image/tomcat:1.0 
<!--Test whether you can upload an image to a private repository without identity authentication-->
no basic auth credentials
<!--Prompts that there is no identity verification and the upload cannot be made-->
[root@centos01 ~]# docker login 192.168.100.10:5000 
    <!--Log in to the private image repository and upload after passing the identity authentication-->
Username: bob <!--Enter bob-->
Password: <!--Enter password-->
……………… <!--Some content is omitted here-->
Login Succeeded <!--Passed authentication, now you can upload the image to the private warehouse-->
[root@centos01 ~]# docker push 192.168.100.10:5000/image/tomcat:1.0 <!--Upload the image to the private warehouse again-->
The push refers to repository [192.168.100.10:5000/image/tomcat]
b0ac242ce8d3: Pushed
5e71d8e4cd3d: Pushed
eb4497d7dab7: Pushed
bfbfe00b44fc: Pushed
d39111fb2602: Pushed
155d997ed77c: Pushed
88cfc2fcd059: Pushed
760e8d95cf58: Pushed
7cc1c2d7e744: Pushed
8c02234b8605: Pushed
1.0: digest: sha256:55b41e0290d32d6888aee2e9a15f03cc88d2f49d5ad68892c54b9527d0ed181c size: 2421
[root@centos02 ~]# docker pull 192.168.100.10:5000/image/tomcat:1.0 
 <!--The docker client is directly rejected when downloading images from private repositories without authentication-->
Error response from daemon: Get http://192.168.100.10:5000/v2/image/tomcat/manifests/1.0: no basic auth credentials
[root@centos02 ~]# docker login 192.168.100.10:5000 
    <!--Log in to the private warehouse and pass the identity authentication-->
Username: bob <!--Enter bob-->
Password: <!--Enter password-->
Login Succeeded <!--Passed authentication-->
[root@centos02 ~]# docker pull 192.168.100.10:5000/image/tomcat:1.0 <!--Download the image in the private warehouse-->
1.0: Pulling from image/tomcat
376057ac6fa1: Pull complete
5a63a0a859d8: Pull complete
496548a8c952: Pull complete
2adae3950d4d: Pull complete
0a297eafb9ac: Pull complete
09a4142c5c9d: Pull complete
9e78d9befa39: Pull complete
18f492f90b9c: Pull complete
7834493ec6cd: Pull complete
216b2be21722: Pull complete
Digest: sha256:55b41e0290d32d6888aee2e9a15f03cc88d2f49d5ad68892c54b9527d0ed181c
Status: Downloaded newer image for 192.168.100.10:5000/image/tomcat:1.0
192.168.100.10:5000/image/tomcat:1.0
[root@centos02 ~]# docker images <!--View docker client image-->
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.100.10:5000/image/tomcat 1.0 1b6b1fe7261e 5 days ago 647MB
192.168.100.10:5000/image/centos 6.7 b2ab0ed558bb 3 years ago 602MB

This is the end of this article about the implementation of Docker private warehouse registry deployment. For more relevant Docker private warehouse registry content, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future!

You may also be interested in:

The process of building a docker registry private warehouse
How to implement Docker Registry to build a private image warehouse
Docker builds a private warehouse (registry, harbor)
Detailed explanation of the construction and verification of Docker private warehouse Registry
How to create a private repository using a Docker registry image
Detailed explanation of Docker Registry image deletion and garbage collection
Docker registry private image warehouse service deployment case demonstration

<<: How to manage large file uploads and breakpoint resume based on js

>>: Summary of methods for querying MySQL user permissions