Docker : Use Registry2022/07/29 |
|
Install Docker-Registry to build Private Registry for Docker images.
|
|
| [1] | Pull the Registry image and run it. Container Images are located under [/var/lib/regstry] on Registry v2 Container, so map to mount [/var/lib/docker/registry] on parent Host for Registry Container to use as Persistent Storage. |
|
[root@dlp ~]# docker pull registry:2 [root@dlp ~]# mkdir /var/lib/docker/registry [root@dlp ~]# docker run -d -p 5000:5000 \
-v /var/lib/docker/registry:/var/lib/registry \ registry:2 d063116f072ca8c107a0f4467b15cfcfc546ea155ae8a258e7348e77a796ebe0[root@dlp ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d063116f072c registry:2 "/entrypoint.sh /etc…" 11 seconds ago Up 10 seconds 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp festive_bohr # if Firewalld is running, allow ports [root@dlp ~]# firewall-cmd --add-port=5000/tcp [root@dlp ~]# firewall-cmd --runtime-to-permanent
# to use the Registry from Docker Client Hosts, set like follows [root@client ~]# vi /etc/docker/daemon.json # create new or add # add Hosts you allow HTTP connection (default is HTTPS)
{
"insecure-registries":
[
"docker.internal:5000",
"dlp.srv.world:5000"
]
}
[root@client ~]#
[root@client ~]# systemctl restart docker
docker images REPOSITORY TAG IMAGE ID CREATED SIZE quay.io/centos/centos stream9 61674c24ebbf 31 hours ago 152MB registry 2 d1fe2eaf6101 10 days ago 24.1MB[root@client ~]# docker tag quay.io/centos/centos:stream9 dlp.srv.world:5000/centos:stream9 [root@client ~]# docker push dlp.srv.world:5000/centos:stream9 [root@client ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE dlp.srv.world:5000/centos stream9 61674c24ebbf 31 hours ago 152MB quay.io/centos/centos stream9 61674c24ebbf 31 hours ago 152MB registry 2 d1fe2eaf6101 10 days ago 24.1MB |
| [2] | This is for the case you set self-signed certificate and enable HTTPS connection. This example is based on that certificate were created under the [/etc/pki/tls/certs] directory. |
|
[root@dlp ~]# docker run -d -p 5000:5000 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/server.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/server.key \ -v /etc/pki/tls/certs:/certs \ -v /var/lib/docker/registry:/var/lib/registry \ registry:2 213fca43b7b889fc82ee2cd31742b75b700f22d003ec6e76e9ec5b38f3e1f403 # to use the Registry from other Docker Client Hosts, set like follows # it's not need to add [insecure-registries] but # need to locate server's certificate on the client side like follows
[root@client ~]#
[root@client ~]# mkdir -p /etc/docker/certs.d/dlp.srv.world:5000 [root@client ~]# scp dlp.srv.world:/etc/pki/tls/certs/server.crt /etc/docker/certs.d/dlp.srv.world:5000/ca.crt
docker tag centos dlp.srv.world:5000/centos:my-registry [root@client ~]# docker push dlp.srv.world:5000/centos:my-registry [root@client ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest 670dcc86b69d 9 days ago 142MB dlp.srv.world:5000/nginx my-registry 670dcc86b69d 9 days ago 142MB |
| [3] | This is for the case you set valid certificate like Let's Encrypt and enable HTTPS connection. This example is based on that certificate were created under the [/etc/letsencrypt] directory. |
|
[root@dlp ~]# docker run -d -p 5000:5000 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/fullchain.pem \ -e REGISTRY_HTTP_TLS_KEY=/certs/privkey.pem \ -v /etc/letsencrypt/live/dlp.srv.world:/certs \ -v /var/lib/docker/registry:/var/lib/registry \ registry:2 28512a4b96d93172b7af66f6b7263fdbff8d729a76659c8b955c60800b557f4f # to use the Registry from other Docker Client Hosts, set like follows # it's not need to change any specific settings, it can use with default [root@client ~]# docker tag centos dlp.srv.world:5000/centos:my-registry [root@client ~]# docker push dlp.srv.world:5000/centos:my-registry [root@client ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest 670dcc86b69d 9 days ago 142MB dlp.srv.world:5000/nginx my-registry 670dcc86b69d 9 days ago 142MB |
| Sponsored Link |