当前位置：首页 > news >正文

docker—私有仓库搭建

news 2025/7/21 16:14:54

docker—私有仓库搭建

HTTP

部署

docker run -d \-p 5000:5000 \--restart=always \--name registry \-v /opt/data/registry:/var/lib/registry \registry:2

使用官方的 registry 镜像来启动私有仓库。默认情况下，仓库会被创建在容器的 /var/lib/registry 目录下。你可以通过 -v 参数来将镜像文件存放在本地的指定路径，当然你也可以选择其它本地路径，上面的只是一个示例。

使用

配置非HTTPS方式推送镜像

cat <<EOF | tee /etc/docker/daemon.json
{"registry-mirrors": ["https://hub-mirror.c.163.com","https://mirror.baidubce.com"],"insecure-registries": ["your_ip_addr:5000"]
}
EOFsystemctl daemon-reload
systemctl restart docker

push and pull

docker tag $image $registry_host_address:5000/$image
docker push $registry_host_address:5000/$image
docker pull $registry_host_address:5000/$image

check images
```
curl your_ip_address:5000/v2/_catalog
```

HTTPS

部署

registry_name

export registry_name=registry.domain.local

生成证书

sudo -E mkdir -p /opt/registry/certs/
sudo -E openssl req \-newkey rsa:4096 -nodes -sha256 -keyout /opt/registry/certs/domain.key \-subj "/CN=${registry_name}" \-addext "subjectAltName = DNS:${registry_name}" \-x509 -days 365 -out /opt/registry/certs/domain.crt

deploy registry

docker run -d \--restart=always \--name registry \-v /opt/registry/certs:/certs \-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \-p 443:443 \registry:2

add certificate to host trust chain

任何需要访问registry的主机都需要配置
cat /etc/os-release

case "ubuntu"|"debian"

sudo cp /opt/registry/certs/domain.crt /usr/local/share/ca-certificates/$registry_name.crt
sudo update-ca-certificates

case "centos"|"fedora"|"alinux"

sudo cat /opt/registry/certs/domain.crt >> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
cp /opt/registry/certs/domain.crt /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust

case "rhel"

# https://access.redhat.com/solutions/3220561
sudo cp /opt/registry/certs/domain.crt /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust extract
cd /etc/pki/tls/certs/ && sudo openssl x509 -in ca-bundle.crt -text -noout

case others, Please manual add registry certificates to host trust chain.

Append the entry to allow ip-address resolved to the registry name

任何需要访问registry的主机都需要配置
```
registry_ip=`hostname -I | awk '{print $1}'`
echo "$registry_ip   $registry_name" | sudo tee -a /etc/hosts
```

Verifiy registry service works

export no_proxy=$no_proxy,$registry_name
if ! curl https://$registry_name/v2/_catalog ; thenif ! nc -zv $registry_name 443 ; thenecho "ERROR: failed to connect to 443 port "fiecho "ERROR: registry service is not ready"exit 1
fi

使用

push and pull

docker tag $image $registry_address/$image
docker push $registry_address/$image
docker pull $registry_address/$image

注意：

push的时候，需要把docker仓库设置成insecure-registries
pull时不需要设置

注意

镜像拉取

docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/registry:2
docker tag  swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/registry:2  docker.io/registry:2

查看全文

http://www.lryc.cn/news/504106.html