Docker : Use Registry2023/04/27 |
Install Docker-Registry to build Private Registry for Docker images.
|
|
[1] | Install Registry. |
root@dlp:~# apt -y install docker-registry
|
[2] | Configure Registry. This is the settings to use HTTP connection and no-authentication. |
root@dlp:~#
vi /etc/docker/registry/config.yml # comment out [auth] section like follows version: 0.1 log: fields: service: registry storage: cache: blobdescriptor: inmemory filesystem: rootdirectory: /var/lib/docker-registry delete: enabled: true http: addr: :5000 headers: X-Content-Type-Options: [nosniff] #auth: # htpasswd: # realm: basic-realm # path: /etc/docker/registry health: storagedriver: enabled: true interval: 10s threshold: 3
root@dlp:~#
systemctl restart docker-registry
# verify possible to access from any clients # for HTTP connection, it needs to add [insecure-registries] setting
root@dlp:~#
vi /etc/docker/daemon.json # create new # add hosts to allow HTTP connection { "insecure-registries": [ "docker.internal:5000", "dlp.srv.world:5000" ] }
root@dlp:~#
systemctl restart docker
# [push] from localhost root@dlp:~# docker images REPOSITORY TAG IMAGE ID CREATED SIZE root_web latest 75ab1e6bff3e 11 minutes ago 235MB srv.world/ubuntu-apache2 latest 886e2f7307a1 32 minutes ago 235MB srv.world/ubuntu-nginx latest df0287c5017d 37 minutes ago 177MB mariadb latest 4a632f970181 5 weeks ago 401MB ubuntu latest 08d22c0ceb15 7 weeks ago 77.8MBroot@dlp:~# docker tag ubuntu dlp.srv.world:5000/ubuntu:my-registry root@dlp:~# docker push dlp.srv.world:5000/ubuntu:my-registry root@dlp:~# docker images REPOSITORY TAG IMAGE ID CREATED SIZE root_web latest 75ab1e6bff3e 12 minutes ago 235MB srv.world/ubuntu-apache2 latest 886e2f7307a1 33 minutes ago 235MB srv.world/ubuntu-nginx latest df0287c5017d 38 minutes ago 177MB mariadb latest 4a632f970181 5 weeks ago 401MB dlp.srv.world:5000/ubuntu my-registry 08d22c0ceb15 7 weeks ago 77.8MB ubuntu latest 08d22c0ceb15 7 weeks ago 77.8MB # [pull] from another node root@node01:~# docker pull dlp.srv.world:5000/ubuntu:my-registry root@node01:~# docker images REPOSITORY TAG IMAGE ID CREATED SIZE dlp.srv.world:5000/ubuntu my-registry 08d22c0ceb15 7 weeks ago 77.8MB |
[3] | To enable Basic authentication, Configure like follows. |
root@dlp:~#
apt -y install apache2-utils
root@dlp:~#
vi /etc/docker/registry/config.yml # uncomment [auth] section and specify passwd file
.....
.....
auth:
htpasswd:
realm: basic-realm
path: /etc/docker/registry/.htpasswd
.....
.....
# add users # add [-c] at initial file creation root@dlp:~# htpasswd -Bc /etc/docker/registry/.htpasswd ubuntu New password: Re-type new password: Adding password for user ubuntu
root@dlp:~#
systemctl restart docker-registry
# verify possible to access # an error is shown if access with no-authentication root@node01:~# docker pull dlp.srv.world:5000/ubuntu:my-registry Error response from daemon: Head http://dlp.srv.world:5000/v2/nginx/manifests/my-registry: no basic auth credentials # authenticate by a user added with [htpasswd] root@node01:~# docker login dlp.srv.world:5000
Username: ubuntu
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
root@node01:~# docker pull dlp.srv.world:5000/ubuntu:my-registry root@node01:~# docker images REPOSITORY TAG IMAGE ID CREATED SIZE dlp.srv.world:5000/ubuntu my-registry 08d22c0ceb15 7 weeks ago 77.8MB |
[4] | To access via HTTPS and use valid certificates like from Let's Encrypt and so on, Configure like follows. This example is based on the environment that certificates have been gotten under the [/etc/letsencrypt/live/dlp.srv.world]. |
root@dlp:~# mkdir /etc/docker/certs.d root@dlp:~# cp -p /etc/letsencrypt/live/dlp.srv.world/{fullchain,privkey}.pem /etc/docker/certs.d/ root@dlp:~# chown docker-registry /etc/docker/certs.d/{fullchain,privkey}.pem
root@dlp:~#
vi /etc/docker/registry/config.yml # add [tls] section under the [http] section like follows
.....
.....
http:
addr: :5000
tls:
certificate: /etc/docker/certs.d/fullchain.pem
key: /etc/docker/certs.d/privkey.pem
headers:
X-Content-Type-Options: [nosniff]
.....
.....
root@dlp:~#
systemctl restart docker-registry
# verify possible to access # on HTTPS connection, it does not need to add [insecure-registries] on Docker root@node01:~# docker pull dlp.srv.world:5000/ubuntu:my-registry root@node01:~# docker images REPOSITORY TAG IMAGE ID CREATED SIZE ubuntu latest 7e0aa2d69a15 2 weeks ago 72.7MB dlp.srv.world:5000/ubuntu my-registry 62d49f9bab67 4 weeks ago 133MB |
[5] | To access via HTTPS and use self signed certificates, Configure like follows. This example is based on the environment that certificates have been created under the [/etc/ssl/private]. |
root@dlp:~# mkdir -p /etc/docker/certs.d/dlp.srv.world:5000 root@dlp:~# cp -p /etc/ssl/private/server.{crt,key} /etc/docker/certs.d/dlp.srv.world:5000/ root@dlp:~# chown docker-registry /etc/docker/certs.d/dlp.srv.world:5000/server.{crt,key}
root@dlp:~#
vi /etc/docker/registry/config.yml # add [tls] section under the [http] section like follows
.....
.....
http:
addr: :5000
tls:
certificate: /etc/docker/certs.d/dlp.srv.world:5000/server.crt
key: /etc/docker/certs.d/dlp.srv.world:5000/server.key
headers:
X-Content-Type-Options: [nosniff]
.....
.....
root@dlp:~#
systemctl restart docker-registry
# verify possible to access # an error is shown because of self signed certificate root@node01:~# docker pull dlp.srv.world:5000/ubuntu:my-registry Error response from daemon: Get https://dlp.srv.world:5000/v2/: x509: certificate signed by unknown authority # copy certtificate on registry server to client root@node01:~# mkdir -p /etc/docker/certs.d/dlp.srv.world:5000 root@node01:~# scp root@dlp.srv.world:"/etc/docker/certs.d/dlp.srv.world:5000/server.crt" /etc/docker/certs.d/dlp.srv.world:5000/ca.crt docker pull dlp.srv.world:5000/ubuntu:my-registry root@node01:~# docker images REPOSITORY TAG IMAGE ID CREATED SIZE ubuntu latest 7e0aa2d69a15 2 weeks ago 72.7MB dlp.srv.world:5000/ubuntu my-registry 62d49f9bab67 4 weeks ago 133MB |
Sponsored Link |
|