小鹏linux

小鹏linux

关注
发信
关注(28)粉丝(399)

【云原生 | 44】Docker搭建Registry私有仓库之管理访问权限

目录

1. Docker Registry v2的认证模式

2.配置Nginx代理 

3.添加用户认证 

4.用Compose启动Registry 

 👑👑👑结束语👑👑👑

1. Docker Registry v2的认证模式

【云原生 | 44】Docker搭建Registry私有仓库之管理访问权限-LMLPHP

2.配置Nginx代理 

$ sudo apt-get -y install nginx
#本地的registry服务监听在15000端口
upstream docker-registry {
    server localhost:5000;
}

#代理服务器监听在15000端口
server {
listen 15000;
    server_name private-registry-server.com;
    add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always;
    # If you have SSL certification files, then can enable this section.
    ssl on;
    ssl_certificate /etc/ssl/certs/myrepo.crt;
    ssl_certificate_key /etc/ssl/private/myrepo.key;
    proxy_pass http://docker-registry;
    proxy_set_header Host \$http_host; # required for docker client's sake
    proxy_set_header X-Real-IP \$remote_addr; # pass on real client's IP
    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto \$scheme;
    proxy_read_timeout 600;
    client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads
    # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
    chunked_transfer_encoding on;
    location /v2/ {
        #禁止旧版本Docker访问
        if (\$http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*\$" ) {
            return 404;
        }
        #配置转发访问请求到registry服务
        proxy_pass http://docker-registry;
    }
}
$ sudo ln -s /etc/nginx/sites-available/docker-registry.conf /etc/nginx/sitesenabled/docker-registry.conf
$ service nginx restart
$ docker tag ubuntu:14.04 127.0.0.1:15000/ubuntu:latest
$ docker push 127.0.0.1:15000/ubuntu:latest

3.添加用户认证 

...
location / {
    # let Nginx know about our auth file
    auth_basic "Please Input username/password";
    auth_basic_user_file docker-registry-htpasswd;
    proxy_pass http://docker-registry;
}
...
...
user1:password1
user2:password2
...
$ sudo aptitude install apache2-utils -y
$ sudo htpasswd -c /etc/nginx/docker-registry-htpasswd user1
$ New password:
$ Re-type new password:
$ Adding password for user user1
$ sudo service nginx restart
$ curl USERNAME:PASSWORD@127.0.0.1:15000/v2/
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: basic

4.用Compose启动Registry 

registry:
    restart: always
    image: registry:2.1
    ports:
        - 5000:5000
    environment:
        REGISTRY_HTTP_TLS_CERTIFICATE: /certs/myrepo.crt
        REGISTRY_HTTP_TLS_KEY: /certs/myrepo.key
        REGISTRY_AUTH: htpasswd
        REGISTRY_AUTH_HTPASSWD_PATH: /auth/docker-registry-htpasswd
        REGISTRY_AUTH_HTPASSWD_REALM: basic
    volumes:
        - /path/to/data:/var/lib/registry
        - /path/to/certs:/certs
        - /path/to/auth:/auth

 👑👑👑结束语👑👑👑

【云原生 | 44】Docker搭建Registry私有仓库之管理访问权限-LMLPHP

11-18 06:52
Powered by LMLPHP ©2024 小鹏linux 0.005197