搭建步骤:
1, 启动 registry 服务
- docker pull registry
- mkdir /data/docker/registry
- docker run -idt -v /data/docker/registry/:/var/lib/registry -p 5000:5000 --name registry --restart=always registry
参数说明
)-itd: 在容器中打开一个伪终端进行交互操作, 并在后台运行;
)-v: 绑定宿主机的 / docker/registry 到容器 / docker/registry 目录 (registry 容器中存放镜像文件的目录), 来实现数据的持久化;
)-p: 映射端口; 访问宿主机的 5000 端口就访问到 registry 容器的服务了;
)--restart=always: 这是重启的策略, 假如这个容器异常退出会自动重启容器;
)--name registry: 创建容器命名为 registry, 可自定义任何名称;
)registry:latest: 这个是刚才 pull 下来的镜像;
验证:
- docker tag hello-world localhost:5000/hello-world:v1
- docker push localhost:5000/hello-world:v1
- curl http://localhost:5000/v2/_catalog
- {
- "repositories":["hello-world"]
- }
- curl http://localhost:5000/v2/hello-world/tags/list
- {
- "name":"hello-world","tags":["latest","v1"]
- }
2, 配置 nginx 反向代理
配置方法一:
- server {
- #listen 80;
- listen 443;
- server_name bksaas.com; #填写绑定证书的域名
- ssl on;
- ssl_certificate bksaas.crt;
- ssl_certificate_key bksaas.key;
- ssl_session_timeout 5m;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
- ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;# 按照这个套件配置
- ssl_prefer_server_ciphers on;
- client_max_body_size 0;
- chunked_transfer_encoding on;
- location / {
- proxy_pass http://127.0.0.1:5000;
- proxy_set_header Host $host:$server_port;
- proxy_set_header X-Forwarded-For $remote_addr;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_redirect http:// $scheme://;
- }
- }
配置方法二 (推荐):
- upstream DOCKER_REGISTRY {
- server localhost:5000;
- }
- server {
- #listen 80;
- listen 443;
- server_name bksaas.com; #填写绑定证书的域名
- ssl on;
- ssl_certificate bksaas.crt;
- ssl_certificate_key bksaas.key;
- ssl_session_timeout 5m;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
- ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;# 按照这个套件配置
- ssl_prefer_server_ciphers on;
- client_max_body_size 0;
- chunked_transfer_encoding on;
- location / {
- proxy_pass http://DOCKER_REGISTRY;
- # proxy_read_timeout 90;
- # proxy_http_version 1.1;
- proxy_set_header Host $host:$server_port;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- # proxy_redirect http:// $scheme://;
- }
- }
验证:
- docker tag hello-world bksaas.com/hello-world:v1
- docker push bksaas.com/hello-world:v1
- curl https://bksaas.com/v2/_catalog
- {
- "repositories":["hello-world"]
- }
3, 遇到的问题
- http: server gave HTTP response to HTTPS client
- root@miya sites-enabled# docker tag hello-world 172.19.0.13:5000/hello-world:v2
- root@miya sites-enabled# docker push 172.19.0.13:5000/hello-world:v2
- The push refers to repository 172.19.0.13:5000/hello-world
- Get https://172.19.0.13:5000/v2/: http: server gave HTTP response to HTTPS client
通过内网 IP 来访问仓库时, 需要配置客户端
- VIM /etc/docker/daemon.JSON
- {
- "registry-mirrors":["https://registry.docker-cn.com"],
- "insecure-registries":["l172.19.0.13:5000"]
- }
- systemctl restart docker
- error parsing HTTP 400 response body: invalid character '<' looking for beginning of value
- [root@miya sites-enabled]# docker push bksaas.com/nginx:v1
- The push refers to repository [bksaas.com/nginx]
- 0b9e07febf57: Pushing 3.584kB
- 55028c39c191: Preparing
- 0a07e81f5da3: Pushing 55.3MB/55.3MB
- error parsing HTTP 400 response body: invalid character '<' looking for beginning of value: "<html>\r\n<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>400 Bad Request</h1></center>\r\n<center>The plain HTTP request was sent to HTTPS port</center>\r\n<hr><center>openresty/1.13.6.2</center>\r\n</body>\r\n</html>\r\n"
方式一 (见 Nginx 配置方式一):proxy_redirect http:// $scheme://;
方式二 (见 Nginx 配置方式二):proxy_set_header X-Forwarded-Proto $scheme;
- 13 Request Entity Too Large
- [root@miya sites-enabled]# docker push bksaas.com/nginx:v1
- The push refers to repository [bksaas.com/nginx]
- 0b9e07febf57: Pushed
- 55028c39c191: Pushing 53.97MB
- 0a07e81f5da3: Pushing 55.3MB/55.3MB
- error parsing HTTP 413 response body: invalid character '<' looking for beginning of value: "<html>\r\n<head><title>413 Request Entity Too Large</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>413 Request Entity Too Large</h1></center>\r\n<hr><center>openresty/1.13.6.2</center>\r\n</body>\r\n</html>\r\n"
增加 Nignx 配置, 放开限制:
client_max_body_size 0;
4, 镜像仓库的维护
如何清空镜像?root@miya repositories# rm -rf /data/docker/registry/docker/registry/v2/repositories/*root@miya repositories# docker exec registry bin/registry garbage-collect /etc/docker/registry/config.YAML
持续补充...
5, 镜像操作的接口
查询镜像的版本列表
- {
- name: "hello-world",
- tags: [
- "v3",
- "latest",
- "v1",
- "v2",
- ],
- }
查询具体版本的 hash
- [root@miya sites-enabled]# curl --header "Accept: application/vnd.docker.distribution.manifest.v2+json" -I -X GET https://registry.bksaas.com/v2/hello-world/manifests/v1
- HTTP/1.1 200 OK
- Server: openresty/1.13.6.2
- Date: Sun, 03 Mar 2019 03:23:55 GMT
- Content-Type: application/vnd.docker.distribution.manifest.v2+JSON
- Content-Length: 524
- Connection: keep-alive
- Docker-Content-Digest: sha256:92c7f9c92844bbbb5d0a101b22f7c2a7949e40f8ea90c8b3bc396879d95e899a
- Docker-Distribution-API-Version: registry/2.0
- Etag: "sha256:92c7f9c92844bbbb5d0a101b22f7c2a7949e40f8ea90c8b3bc396879d95e899a"
- X-Content-Type-Options: nosniff
删除对应的版本
$ curl -I -X DELETE <protocol>://<registry_host>/v2/<repo_name>/manifests/<digest_hash>
参考:
https://docs.docker.com/registry/recipes/nginx/
来源: https://www.qcloud.com/developer/article/1421535