.jpg)
安装服务端
创建一个文件夹作为仓库容器文件夹
创建 htpasswd 账号密码
启动一个一次性容器用于创建账号密码.密码文件路径以/vol2/1000/docker-registry/htpasswd为例,账号密码以admin和12345678为例.
docker run --rm --entrypoint \
htpasswd httpd:2 -Bbn \
admin 12345678 > /vol2/1000/docker-registry/htpasswd
创建docker项目路径选择这个文件夹
docker-compose.yml
services:
registry:
image: registry
container_name: docker-registry
volumes:
- ./config.yml:/etc/docker/registry/config.yml
- ./htpasswd:/auth/htpasswd
- ./registry:/var/lib/registry
- /etc/localtime:/etc/localtime
ports:
- 5009:5000
environment:
- REGISTRY_AUTH=htpasswd
- REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
- REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm
- REGISTRY_STORAGE_DELETE_ENABLED=true
networks:
- reg_net
restart: always
registry-ui:
container_name: registry-ui
restart: always
image: joxit/docker-registry-ui:1.5-static
ports:
- 8050:80
networks:
- reg_net
environment:
- REGISTRY_TITLE=家里云私有仓库
- REGISTRY_URL=http://registry:5000
- CATALOG_ELEMENTS_LIMIT="1000"
depends_on:
- registry
networks:
reg_net:
driver: bridge
配置域名
由于Registry在公网访问默认需使用HTTPS协议,博主使用nginx配置反向代理和证书,当然https的访问也可以不使用443端口,参见给家庭宽带的域名申请SSL证书,具体配置文件参考如下:
server {
listen 443 ssl http2;
listen [::]:443 http2;
ssl_certificate /path/fullchain.pem;
ssl_certificate_key /path/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;
server_name 你的域名;
index index.html index.htm;
# 无brotli可以删掉下面brotli相关
brotli on; #启用
brotli_comp_level 6; #压缩等级,默认6,最高11,太高的压缩水平可能需要更多的CPU
brotli_buffers 16 8k; #请求缓冲区的数量和大小
brotli_min_length 20; #指定压缩数据的最小长度,只有大于或等于最小长度才会对其压缩。这里指定20字节
brotli_static always; #是否允许查找预处理好的、以.br结尾的压缩文件,可选值为on、off、always
brotli_window 512k; #窗口值,默认值为512k
# Config for 0-RTT in TLSv1.3
ssl_early_data on;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000";
location /
{
proxy_redirect off;
proxy_read_timeout 1200s;
proxy_pass http://nas的内网地址:5009;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
client_max_body_size 10240m;
client_body_buffer_size 128k;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
# Config for 0-RTT in TLSv1.3
proxy_set_header Early-Data $ssl_early_data;
}
}
server {
listen 80;
listen [::]:80;
server_name 你的域名;
return 301 https://你的域名$request_uri;
}
使用
登录
docker login registry.yourdomain.com
# 使用上文创建的账号密码 admin 12345678 登录
登出
docker logout registry.yourdomain.com
Push
将现有镜像tag为私有仓库镜像名
docker images
# 获取现有镜像的 IMAGE ID
docker tag 102816b1ee7d registry.yourdomain.com/mysql:8.4.4
Push 至私有镜像仓库
docker push registry.yourdomain.com/mysql:8.4.4
Pull
docker pull registry.yourdomain.com/mysql:8.4.4
管理
这里主要需要知道如何删除不需要镜像
获取镜像 digest hash
内网登录registry-ui,手动复制digest hash值
删除
curl -u admin:12345678 -I -X DELETE https://registry.yourdomain.com/v2/mysql/manifests/sha256:45a2a291xxx223123fc03d9be551e362b460exxs56787736919baa
Q.E.D.