Docker : Use Registry2022/09/08 |
Install Docker-Registry to build Private Registry for Docker images.
|
|
[1] | Install Registry. |
root@dlp:~# apt -y install docker-registry
|
[2] | Configure Registry. This is the settings to use HTTP connection and no-authentication. |
root@dlp:~#
vi /etc/docker/registry/config.yml # comment out [auth] section like follows version: 0.1 log: fields: service: registry storage: cache: blobdescriptor: inmemory filesystem: rootdirectory: /var/lib/docker-registry delete: enabled: true http: addr: :5000 headers: X-Content-Type-Options: [nosniff] #auth: # htpasswd: # realm: basic-realm # path: /etc/docker/registry health: storagedriver: enabled: true interval: 10s threshold: 3
root@dlp:~#
systemctl restart docker-registry
# verify possible to access from any clients # for HTTP connection, it needs to add [insecure-registries] setting
root@dlp:~#
vi /etc/docker/daemon.json # create new # add hosts to allow HTTP connection { "insecure-registries": [ "docker.internal:5000", "dlp.srv.world:5000" ] }
root@dlp:~#
systemctl restart docker
# [push] from localhost root@dlp:~# docker images REPOSITORY TAG IMAGE ID CREATED SIZE srv.world/ubuntu-apache2 latest b7891f747bd5 18 hours ago 227MB srv.world/ubuntu-nginx latest 51f5190bb9d9 18 hours ago 170MB ubuntu latest 2dc39ba059dc 6 days ago 77.8MBroot@dlp:~# docker tag ubuntu dlp.srv.world:5000/ubuntu:my-registry root@dlp:~# docker push dlp.srv.world:5000/ubuntu:my-registry root@dlp:~# docker images REPOSITORY TAG IMAGE ID CREATED SIZE srv.world/ubuntu-apache2 latest b7891f747bd5 18 hours ago 227MB srv.world/ubuntu-nginx latest 51f5190bb9d9 18 hours ago 170MB dlp.srv.world:5000/ubuntu my-registry 2dc39ba059dc 6 days ago 77.8MB ubuntu latest 2dc39ba059dc 6 days ago 77.8MB # [pull] from another node root@node01:~# docker pull dlp.srv.world:5000/ubuntu:my-registry root@node01:~# docker images REPOSITORY TAG IMAGE ID CREATED SIZE dlp.srv.world:5000/ubuntu my-registry 2dc39ba059dc 6 days ago 77.8MB |
[3] | To enable Basic authentication, Configure like follows. |
root@dlp:~#
apt -y install apache2-utils
root@dlp:~#
vi /etc/docker/registry/config.yml # uncomment [auth] section and specify passwd file
.....
.....
auth:
htpasswd:
realm: basic-realm
path: /etc/docker/registry/.htpasswd
.....
.....
root@dlp:~#
systemctl restart docker-registry
# add users # add [-c] at initial file creation root@dlp:~# htpasswd -Bc /etc/docker/registry/.htpasswd ubuntu New password: Re-type new password: Adding password for user ubuntu # verify possible to access # an error is shown if access with no-authentication root@node01:~# docker pull dlp.srv.world:5000/ubuntu:my-registry Error response from daemon: Head http://dlp.srv.world:5000/v2/nginx/manifests/my-registry: no basic auth credentials # authenticate by a user added with [htpasswd] root@node01:~# docker login dlp.srv.world:5000
Username: ubuntu
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
root@node01:~# docker pull dlp.srv.world:5000/ubuntu:my-registry root@node01:~# docker images REPOSITORY TAG IMAGE ID CREATED SIZE dlp.srv.world:5000/ubuntu my-registry 2dc39ba059dc 6 days ago 77.8MB |
[4] | To access via HTTPS and use valid certificates like from Let's Encrypt and so on, Configure like follows. This example is based on the environment that certificates have been gotten under the [/etc/letsencrypt/live/dlp.srv.world]. |
root@dlp:~# mkdir /etc/docker/certs.d root@dlp:~# cp -p /etc/letsencrypt/live/dlp.srv.world/{fullchain,privkey}.pem /etc/docker/certs.d/ root@dlp:~# chown docker-registry /etc/docker/certs.d/{fullchain,privkey}.pem
root@dlp:~#
vi /etc/docker/registry/config.yml # add [tls] section under the [http] section like follows
.....
.....
http:
addr: :5000
tls:
certificate: /etc/docker/certs.d/fullchain.pem
key: /etc/docker/certs.d/privkey.pem
headers:
X-Content-Type-Options: [nosniff]
.....
.....
root@dlp:~#
systemctl restart docker-registry
# verify possible to access # on HTTPS connection, it does not need to add [insecure-registries] on Docker root@node01:~# docker pull dlp.srv.world:5000/ubuntu:my-registry root@node01:~# docker images REPOSITORY TAG IMAGE ID CREATED SIZE ubuntu latest 7e0aa2d69a15 2 weeks ago 72.7MB dlp.srv.world:5000/ubuntu my-registry 62d49f9bab67 4 weeks ago 133MB |
[5] | To access via HTTPS and use self signed certificates, Configure like follows. This example is based on the environment that certificates have been created under the [/etc/ssl/private]. |
root@dlp:~# mkdir -p /etc/docker/certs.d/dlp.srv.world:5000 root@dlp:~# cp -p /etc/ssl/private/server.{crt,key} /etc/docker/certs.d/dlp.srv.world:5000/ root@dlp:~# chown docker-registry /etc/docker/certs.d/dlp.srv.world:5000/server.{crt,key}
root@dlp:~#
vi /etc/docker/registry/config.yml # add [tls] section under the [http] section like follows
.....
.....
http:
addr: :5000
tls:
certificate: /etc/docker/certs.d/dlp.srv.world:5000/server.crt
key: /etc/docker/certs.d/dlp.srv.world:5000/server.key
headers:
X-Content-Type-Options: [nosniff]
.....
.....
root@dlp:~#
systemctl restart docker-registry
# verify possible to access # an error is shown because of self signed certificate root@node01:~# docker pull dlp.srv.world:5000/ubuntu:my-registry Error response from daemon: Get https://dlp.srv.world:5000/v2/: x509: certificate signed by unknown authority # copy certificate on registry server to client root@node01:~# mkdir -p /etc/docker/certs.d/dlp.srv.world:5000 root@node01:~# scp root@dlp.srv.world:"/etc/docker/certs.d/dlp.srv.world:5000/server.crt" /etc/docker/certs.d/dlp.srv.world:5000/ca.crt docker pull dlp.srv.world:5000/ubuntu:my-registry root@node01:~# docker images REPOSITORY TAG IMAGE ID CREATED SIZE ubuntu latest 7e0aa2d69a15 2 weeks ago 72.7MB dlp.srv.world:5000/ubuntu my-registry 62d49f9bab67 4 weeks ago 133MB |
Sponsored Link |