Implementation of Docker private warehouse registry deployment
|
As more and more Docker images are used, there needs to be a place to store the images, which is the warehouse. There are currently two types of warehouses commonly used: public warehouses and private warehouses. The most convenient way is to use public repositories to upload and download. You do not need to register to download images from public repositories, but you do need to register when uploading. The most commonly used private warehouses are Registry and Harbor. Next, I will introduce in detail how to build a registry private warehouse. Harbor will be deployed in the next blog post. 1. Deploy Registry private warehouse Case Description Two CentOS7.4 machines, one for the Docker private repository and the other for the Docker client for testing; Both servers need to install Docker service, please refer to the blog post: Install Docker.v19 version 1. Configure the registry private warehouse
[root@centos01 ~]# echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
<!--Enable routing function on docker host-->
[root@centos01 ~]# sysctl -p <!--Refresh configuration-->
net.ipv4.ip_forward = 1
[root@centos01 ~]# vim /etc/docker/daemon.json <!--Configure image acceleration-->
{"registry-mirrors":["https://6kx4zyno.mirror.aliyuncs.com"]} <!--Add Alibaba Cloud Acceleration-->
[root@centos01 ~]# systemctl reload docker <!--Restart the docker service-->
[root@centos01 ~]# docker search registry <!--Search for registry image-->
<!--Registry image can be directly pulled down, or not downloaded, depending on your own situation-->
[root@centos01 ~]# docker run -d -p 5000:5000 --name registry --restart=always -v /opt/registry:/var/lib/registry registry
<!--Run the registry container and run the registry service to store its own image-->
<!--"--restart=always" parameter means that this container starts following the docker service startup-->
[root@centos01 ~]# docker ps <!--View the container running by docker-->
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a7773d77b8a3 registry "/entrypoint.sh /etc…" 50 seconds ago Up 46 seconds 0.0.0.0:5000->5000/tcp registry
[root@centos01 ~]# docker images <!--View all docker images-->
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest 708bc6af7e5e 3 months ago 25.8MB
tomcat latest 1b6b1fe7261e 5 days ago 647MB
hub.c.163.com/public/centos 6.7-tools b2ab0ed558bb 3 years ago 602MB
[root@centos01 ~]# vim /etc/docker/daemon.json <!--Configure docker service to support registry service-->
{"registry-mirrors":["https://6kx4zyno.mirror.aliyuncs.com"],
"insecure-registries":["192.168.100.10:5000"] <!--Add this line-->
}
[root@centos01 ~]# systemctl reload docker <!--Restart the docker service--> 2. Upload the image to the registry private warehouse
[root@centos01 ~]# docker tag hub.c.163.com/public/centos:6.7-tools 192.168.100.10:5000/image/centos:6.7
<!--Modify the image tag-->
[root@centos01 ~]# docker push 192.168.100.10:5000/image/centos:6.7 <!--Upload the image to the registry private warehouse-->
2. Configure the Docker client to access the private repository
<!--Install Docker service on the client and configure image acceleration-->
[root@centos02 ~]# vim /etc/docker/daemon.json <!--Configure docker to support registry service-->
{"registry-mirrors":["https://6kx4zyno.mirror.aliyuncs.com"],
"insecure-registries":["192.168.100.10:5000"] <!--Add this line-->
}
[root@centos02 ~]# systemctl restart docker <!--Restart docker service-->
[root@centos02 ~]# docker pull 192.168.100.10:5000/image/centos:6.7
<!--The client downloads the image in the private warehouse-->
[root@centos02 ~]# docker images <!--Check whether the image is downloaded successfully-->
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.100.10:5000/image/centos 6.7 b2ab0ed558bb 3 years ago 602MBAt this point, the registry private warehouse has been built, but there is a problem now. If this is also deployed, all personnel within the enterprise can access our private warehouse. For security reasons, we will add an authentication for the registry. Only after passing the authentication can you upload or download the image in the private warehouse. 3. Configure registry to load authentication
[root@centos01 ~]# yum -y install httpd-tools <!--Install encryption tool httpd-tools-->
[root@centos01 ~]# mkdir /opt/registry-auth <!--Create a directory to store verification keys-->
[root@centos01 ~]# htpasswd -Bbn bob pwd@123 > /opt/registry-auth/htpasswd
<!--Configure the registry authentication database-->
<!--"-Bbn" parameter explanation: B forces password encryption; b enters the password in the command and does not prompt for the password; n does not update the key file -->
<!--Delete all containers on this server, and then regenerate a private warehouse container that requires authentication-->
[root@centos01 ~]# docker run -d -p 5000:5000 --restart=always \
-v /opt/registry-auth/:/auth/ \
-v /opt/registry:/var/lib/registry --name registry-auth -e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" registry
<!--Re-run a registry private image repository container that supports authentication-->
[root@centos01 ~]# docker tag tomcat:latest 192.168.100.10:5000/image/tomcat:1.0
<!--Mirror modification tag-->
[root@centos01 ~]# docker push 192.168.100.10:5000/image/tomcat:1.0
<!--Test whether you can upload an image to a private repository without identity authentication-->
no basic auth credentials
<!--Prompts that there is no identity verification and the upload cannot be made-->
[root@centos01 ~]# docker login 192.168.100.10:5000
<!--Log in to the private image repository and upload after passing the identity authentication-->
Username: bob <!--Enter bob-->
Password: <!--Enter password-->
……………… <!--Some content is omitted here-->
Login Succeeded <!--Passed authentication, now you can upload the image to the private warehouse-->
[root@centos01 ~]# docker push 192.168.100.10:5000/image/tomcat:1.0 <!--Upload the image to the private warehouse again-->
The push refers to repository [192.168.100.10:5000/image/tomcat]
b0ac242ce8d3: Pushed
5e71d8e4cd3d: Pushed
eb4497d7dab7: Pushed
bfbfe00b44fc: Pushed
d39111fb2602: Pushed
155d997ed77c: Pushed
88cfc2fcd059: Pushed
760e8d95cf58: Pushed
7cc1c2d7e744: Pushed
8c02234b8605: Pushed
1.0: digest: sha256:55b41e0290d32d6888aee2e9a15f03cc88d2f49d5ad68892c54b9527d0ed181c size: 2421
[root@centos02 ~]# docker pull 192.168.100.10:5000/image/tomcat:1.0
<!--The docker client is directly rejected when downloading images from private repositories without authentication-->
Error response from daemon: Get http://192.168.100.10:5000/v2/image/tomcat/manifests/1.0: no basic auth credentials
[root@centos02 ~]# docker login 192.168.100.10:5000
<!--Log in to the private warehouse and pass the identity authentication-->
Username: bob <!--Enter bob-->
Password: <!--Enter password-->
Login Succeeded <!--Passed authentication-->
[root@centos02 ~]# docker pull 192.168.100.10:5000/image/tomcat:1.0 <!--Download the image in the private warehouse-->
1.0: Pulling from image/tomcat
376057ac6fa1: Pull complete
5a63a0a859d8: Pull complete
496548a8c952: Pull complete
2adae3950d4d: Pull complete
0a297eafb9ac: Pull complete
09a4142c5c9d: Pull complete
9e78d9befa39: Pull complete
18f492f90b9c: Pull complete
7834493ec6cd: Pull complete
216b2be21722: Pull complete
Digest: sha256:55b41e0290d32d6888aee2e9a15f03cc88d2f49d5ad68892c54b9527d0ed181c
Status: Downloaded newer image for 192.168.100.10:5000/image/tomcat:1.0
192.168.100.10:5000/image/tomcat:1.0
[root@centos02 ~]# docker images <!--View docker client image-->
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.100.10:5000/image/tomcat 1.0 1b6b1fe7261e 5 days ago 647MB
192.168.100.10:5000/image/centos 6.7 b2ab0ed558bb 3 years ago 602MB
This is the end of this article about the implementation of Docker private warehouse registry deployment. For more relevant Docker private warehouse registry content, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future! You may also be interested in:
|
<<: How to manage large file uploads and breakpoint resume based on js
>>: Summary of methods for querying MySQL user permissions
Recommend
Combining XML and CSS styles
student.xml <?xml version="1.0" enco...
Some tips on deep optimization to improve website access speed
<br />The website access speed can directly ...
How to modify port 3389 of Windows server 2008 R2 remote desktop
The default port number of the Windows server rem...
How to set up Spring Boot using Docker layered packaging
The Spring Boot project uses docker containers, j...
Implementation of Docker data volume operations
Getting Started with Data Volumes In the previous...
How to limit access frequency, download rate and number of concurrent connections in Nginx
1. Overview of modules and instructions used to l...
Data Structure - Tree (III): Multi-way Search Tree B-tree, B+ tree
Multi-way search tree Height of a complete binary...
Detailed explanation of the principles and usage of MySQL data types and field attributes
This article describes the MySQL data types and f...
WeChat Mini Program Basic Tutorial: Use of Echart
Preface Let’s take a look at the final effect fir...
Keepalived+Nginx+Tomcat sample code to implement high-availability Web cluster
Keepalived+Nginx+Tomcat to achieve high availabil...
The pitfall record of the rubber rebound effect of iOS WeChat H5 page
Business requirements One of the projects I have ...
Detailed explanation of Frp forced redirection to https configuration under Nginx
Because the router at home forced to reduce the b...
Node+socket realizes simple chat room function
This article shares the specific code of node+soc...
Using shadowsocks to build a LAN transparent gateway
Table of contents Install and configure dnsmasq I...
Solve the problem of VScode configuration remote debugging Linux program
Let's take a look at the problem of VScode re...