- 1运动状态识别(python转c)_py里判断是步行还是跑步
- 2Python3.7版---双人联机雷霆战机(2D特效+音效+道具+Linux系统)_雷霆战机联机版
- 3DoTween全解析(入门篇)
- 4【ChatGLM2-6B】Docker下部署及微调_基于docker快速部署chatglm2
- 5cv2.findContours()轮廓检测_cv2.findcontours(mask, cv2.retr_tree, cv2.chain_ap
- 6米拓网站搭建-第四步:网站备案_未备案网站 米拓
- 7CSS 小结笔记之em
- 8Unity+Vuforia+Hololens2 AR开发_unity3d ar眼镜开发
- 9频域滤波器与空域滤波器之间的联系_空域滤波阻带
- 10Vue-SplitPane可拖拽分隔面板(随意拖动div)_el-split-pane
docker registry web ui 及私有镜像仓库 安装配置记录_docker-registry-web
赞
踩
本次安装记录基于docker 安装,宿主机ip:192.168.5.16
1,创建宿主机目录(用于存放容器配置文件):
- /securitit/registry/certs/
- /securitit/registry/auth/
- /securitit/registry/conf/
- /securitit/registry/db/
- /securitit/registry/data/registry/
2,使用openssl生成证书和RSA私钥:
openssl req -new -newkey rsa:4096 -days 365 -subj "/CN=localhost" -nodes -x509 -keyout /securitit/registry/auth/auth.key -out /securitit/registry/auth/auth.cert
未安装openssl 需要先安装openssl再生成证书密钥:
- ubuntu: apt-get install -y openssl
- centos: yum install -y openssl
3,创建docker registry容器
创建配置文件:/securitit/registry/conf/registry-srv.yml
内容:
- version: 0.1
- log:
- fields:
- service: registry
- storage:
- delete:
- enabled: true
- cache:
- blobdescriptor: inmemory
- filesystem:
- rootdirectory: /var/lib/registry
-
- http:
- addr: 0.0.0.0:5000
- headers:
- X-Content-Type-Options: [nosniff]
- health:
- storagedriver:
- enabled: true
- interval: 10s
- threshold: 3
- auth:
- token:
- # registry-web的地址.
- realm: http://192.168.5.16:5050/api/auth
- # 私有仓库的配置地址.
- service: 192.168.5.16:5000
- # 需要与registry-web定义的名称一致.
- issuer: 'my issuer'
- # 容器内证书路径,容器启动时通过数据卷参数指定.
- rootcertbundle: /etc/docker/registry/auth.cert
拉取镜像:
docker pull registry创建容器:
- docker run -v /securitit/registry/conf/registry-srv.yml:/etc/docker/registry/config.yml \
- -v /securitit/registry/data/registry:/var/lib/registry -v /securitit/registry/auth/auth.cert:/etc/docker/registry/auth.cert -p 5000:5000 --name registry-srv -d registry
4,创建docker registry web ui容器
创建配置文件:/securitit/registry/conf/registry-web.yml
内容:
- registry:
- # 私有仓库地址.
- url: http://192.168.5.16:5000/v2
- # 私有仓库命名.
- name: 192.168.5.16:5000
- # 是否只读设置.
- readonly: false
- auth:
- # 是否进行鉴权处理.
- enabled: true
- # 需要与私有仓库定义的名称一致.
- issuer: 'my issuer'
- # 容器内私钥证书路径,容器启动时通过数据卷参数指定.
- key: /conf/auth.key
拉取镜像:
docker pull hyper/docker-registry-web创建容器:
- docker run -it -d -v /securitit/registry/conf/registry-web.yml:/conf/config.yml \
- -v /securitit/registry/auth/auth.key:/conf/auth.key -v /securitit/registry/db:/data \
- -p 5050:8080 --name registry-web hyper/docker-registry-web
5,访问 http://192.168.5.16:5050/ 默认用户名密码 admin/admin
docker-registry-web 角色管理:
默认用户admin/admin有如下角色: UI_ADMIN、UI_USER、UI_DELETE、read-all、write-all
可以删除或修改UI_ADMIN和UI_USER,这两个角色用来指定角色允许admin和user访问UI系统。
UI_USER角色允许查询镜像仓库。
UI_ADMIN角色相比UI_USER角色,允许创建、删除和修改镜像仓库。
UI_DELETE角色允许基于ACL策略删除镜像。
6,拉取私有仓库镜像:
编辑:/etc/docker/daemon.json 没有就创建一个
加入私服地址:"insecure-registries": ["192.168.5.16:5000"]
- {
- "registry-mirrors": ["https://registry.cn-hangzhou.aliyuncs.com"],
- "insecure-registries": ["192.168.5.16:5000"]
- }
重新加载:systemctl daemon-reload
重启docker:systemctl restart docker
7, 为registry 生成用户名和密码文件
执行:
docker run --entrypoint htpasswd registry -Bbn admin admin > /securitit/registry/auth/htpasswd报错解决:
安装依赖:
- yum -y install httpd
- htpasswd -Bbn admin admin > /securitit/registry/auth/htpasswd
删除并重启容器:
- docker run -d -p 5000:5000 --restart=always --name registry-srv \
- -v /securitit/registry/conf/registry-srv.yml:/etc/docker/registry/config.yml \
- -v /securitit/registry/data/registry:/var/lib/registry \
- -v /securitit/registry/auth/auth.cert:/etc/docker/registry/auth.cert \
- -e "REGISTRY_AUTH=htpasswd" \
- -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
- -e REGISTRY_AUTH_HTPASSWD_PATH=/securitit/registry/auth/htpasswd \
- registry
