热门标签
热门文章
- 1fast.ai 深度学习笔记(二)
- 2python websocket客户端
- 3初识 Elasticsearch 应用知识,一文读懂 Elasticsearch 知识文集(1)
- 4窥探向量乘矩阵的存内计算原理—基于向量乘矩阵的存内计算
- 5python算法与数据结构(16)归并排序,分治法_分治算法例题及详解python
- 6UDP协议_udp不需要建立连接怎么理解
- 7Spring Security OAuth2使用步骤(一)_@enableauthorizationserver
- 8[车联网安全自学篇] Car Hacking之车联网安全学习路线图_车辆网信息安全学习路线
- 9(二)从零开始学人工智能—数学基础:线性代数_学ai 线性代数
- 10干货满满,30个Python源代码!
当前位置: article > 正文
搭建带web页面和访问认证的docker私有仓库_docker私有仓库网页登录
作者:你好赵伟 | 2024-02-16 17:44:48
赞
踩
docker私有仓库网页登录
创建证书文件夹
mkdir -p /opt/docker/registry/certs
创建registry登录用户配置文件文件夹
mkdir -p /opt/docker/registry/auth
生成ssl证书
openssl req -newkey rsa:4096 -nodes -sha256 \
-keyout /opt/docker/registry/certs/devops-registry.key \
-x509 -days 3650 \
-out /opt/docker/registry/certs/devops-registry.crt
- 1
- 2
- 3
- 4
创建私有仓库用户
admin admin123就是账号和密码了
docker run --entrypoint htpasswd registry:2 -Bbn admin admin123 > /opt/docker/registry/auth/htpasswd
- 1
启动私有仓库
- 使用
docker run启动私有仓库:
docker run -dit -p 5000:5000 --restart=always --name devops-registry \
-v /opt/docker/registry/auth:/auth \
-e REGISTRY_AUTH=htpasswd \
-e REGISTRY_AUTH_HTPASSWD_REALM="Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-e REGISTRY_STORAGE_DELETE_ENABLED="true" \
-v /opt/docker/registry/certs:/certs \
-v /opt/docker/registry/data:/var/lib/registry \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/devops-registry.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/devops-registry.key \
registry:2
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 或者使用docker-compose编排带web页面的私有仓库:
- 编辑docker-registry.yml:
version: '2' services: devops-registry: restart: always image: registry:2 ports: - 5000:5000 environment: REGISTRY_HTTP_TLS_CERTIFICATE: /certs/devops-registry.crt REGISTRY_HTTP_TLS_KEY: /certs/devops-registry.key REGISTRY_AUTH: htpasswd REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm REGISTRY_STORAGE_DELETE_ENABLED: "true" volumes: - /registry/data:/var/lib/registry - /opt/docker/registry/certs:/certs - /opt/docker/registry/auth:/auth networks: extnetwork: ipv4_address: 172.18.0.2 docker-ui: restart: always image: konradkleine/docker-registry-frontend:v2 ports: - 5001:80 depends_on: - devops-registry environment: ENV_DOCKER_REGISTRY_HOST: devops-registry ENV_DOCKER_REGISTRY_PORT: 5000 ENV_DOCKER_REGISTRY_USE_SSL: '1' networks: extnetwork: ipv4_address: 172.18.0.3 networks: extnetwork: ipam: config: - subnet: 172.18.0.0/16 gateway: 172.18.0.1
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 启动:
docker-compose -f docker-registry.yml up -d
测试私有仓库
-
docker客户机添加证书,在docker客户机上创建证书目录
mkdir -p /etc/docker/certs.d/devops-registry:5000 -
仓库服务器上生成的/opt/docker/registry/certs/devops-registry.crt复制到docker客户机上
cp /opt/docker/registry/certs/devops-registry.crt /etc/docker/certs.d/devops-registry:5000 -
编辑客户机的hosts文件,把仓库名和对应的ip地址加上
-
在docker客户机上登录私有仓库
docker login devops-registry:5000 -
测试推送和拉取镜像
docker tag busybox:latest devops-registry:5000/busybox:latest
docker push devops-registry:5000/busybox:latest
docker rmi devops-registry:5000/busybox:latest busybox:latest
docker pull devops-registry:5000/busybox:latest
- 1
- 2
- 3
- 4
- 使用
ip:5001便可以打开Docker registry frontend页面,使用上面的用户名密码登录
整合了两种web页面的私有仓库docker-compose.yaml
整合了docker-registry-frontend和docker-registry-web两种web页面,供参考,选择合适的即可:
version: '2' services: registry: restart: always image: registry:2 ports: - 5000:5000 environment: REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt REGISTRY_HTTP_TLS_KEY: /certs/domain.key REGISTRY_AUTH: htpasswd REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm REGISTRY_STORAGE_DELETE_ENABLED: "true" volumes: - /registry/data:/var/lib/registry - /opt/docker/registry/local/certs:/certs - /opt/docker/registry/local/auth:/auth networks: extnetwork: ipv4_address: 172.18.0.2 docker-ui: restart: always image: konradkleine/docker-registry-frontend:v2 ports: - 5001:80 depends_on: - registry environment: ENV_DOCKER_REGISTRY_HOST: k8s-registry.campusphere ENV_DOCKER_REGISTRY_PORT: 5000 ENV_DOCKER_REGISTRY_USE_SSL: '1' extra_hosts: - k8s-registry.campusphere:172.18.0.2 networks: extnetwork: ipv4_address: 172.18.0.3 docker-web: restart: always image: hyper/docker-registry-web:latest ports: - 5002:8080 depends_on: - registry environment: REGISTRY_BASIC_AUTH: "YWRtaW46YWRtaW4xMjM=" REGISTRY_TRUST_ANY_SSL: 1 REGISTRY_URL: https://registry:5000/v2/ REGISTRY_NAME: k8s-registry.campusphere:5000 networks: extnetwork: ipv4_address: 172.18.0.4 networks: extnetwork: ipam: config: - subnet: 172.18.0.0/16 gateway: 172.18.0.1
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
注:上面的services.docker-web.environment.REGISTRY_BASIC_AUTH字段是私有仓库账号:密码经过base64编码后的字符串,如账号和密码分别是admin和admin123,在bash环境下通过命令echo -n "admin:admin123" | base64即可获得。
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/你好赵伟/article/detail/95752
推荐阅读
相关标签
