# 1. 搭建本地仓库 镜像的结构 `${registry_name}/${repository_name}/${image_name}:${tag_name}` 仓库名（ip:port）/个人仓库名/镜像名:标签 **1.拉取镜像:** ~~~ docker pull registry ~~~ ``` [root@bogon html]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE registry latest 1fd8e1b0bb7e 2 weeks ago 26.2MB ``` **2.创建宿主机储存目录【/opt/data/registry】:** ``` mkdir -p /opt/data/registry ``` **3. 创建本地仓库容器：** ``` docker run -d -p 5000:5000 -v /opt/data/registry:/var/lib/registry --name private_registry registry ``` **4.配置https权限支持：** `vim /etc/docker/daemon.json` 　内容：　 ``` {  "insecure-registries":["192.168.56.10:5000"] } ``` 指定主机的ip端口或者域名 **4.重启docker服务,重启registry服务** ``` //重启容器 systemctl  restart docker ``` **5. 上传镜像** ``` docker tag nginx 192.168.56.10:5000/tuna/nginx:v1 docker push 192.168.56.10:5000/tuna/nginx:v1 ``` **6. 拉取镜像** ``` [root@bogon html]# docker pull 192.168.56.10:5000/tuna/nginx:v1 v1: Pulling from tuna/nginx Digest: sha256:42bba58a1c5a6e2039af02302ba06ee66c446e9547cbfb0da33f4267638cdb53 Status: Image is up to date for 192.168.56.10:5000/tuna/nginx:v1 192.168.56.10:5000/tuna/nginx:v1 [root@bogon html]# [root@bogon html]# [root@bogon html]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE registry latest 1fd8e1b0bb7e 2 weeks ago 26.2MB 192.168.56.10:5000/tuna/nginx v1 62d49f9bab67 2 weeks ago 133MB nginx latest 62d49f9bab67 2 weeks ago 133MB ``` 查询镜像列表 ``` curl http://192.168.56.10:5000/v2/_catalog {"repositories":["tuna/nginx"]} curl http://192.168.56.10:5000/v2/tuna/nginx/tags/list {"name":"tuna/nginx","tags":["v1"]} ``` 仓库认证 ## 设置私有仓库的用户认证 > 私有仓库搭建以后其他所有客户端均可以push、pull， docker官方提供认证方法对docker仓库进行权限保护 删除原启动的docker容器 1. 创建保存账号密码的文件 ~~~ mkdir /opt/data/auth docker run --entrypoint htpasswd registry -Bbn username userpasswd > auth/htpasswd ~~~ 重新启动容器 ~~~ docker run -d -p 5000:5000 --restart=always --name docker-hub \ -v /opt/data/registry:/var/lib/registry \ -v /opt/data/auth:/auth \ -e "REGISTRY_AUTH=htpasswd" \ -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \ -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \ registry ~~~ 现在客户端再pull、push会提示报错，无法提交。需要登录私有仓库 登录：docker login -u username -p userpasswd 172.16.77.71:5000 退出：docker logout 172.16.77.71:5000 认证以后无法直接在服务器查看 curl 172.16.77.71:5000/v2/\_catalog仓库的镜像，会出现报错，但是可以用浏览器访问（界面不友好，能看到信息很少） # 2. 搭建web界面 ``` docker pull hyper/docker-registry-web ``` vim web-config.yml ``` registry: # Docker registry url url: 'http://192.168.56.10:5000/v2' # web registry context path # empty string for root context, /app to make web registry accessible on http://host/app context_path: '' # Trust any SSL certificate when connecting to registry trust_any_ssl: false # base64 encoded token for basic authentication basic_auth: '' # To allow image delete, should be false readonly: true # Docker registry fqdn name: 'localhost:5000' # Authentication settings auth: # Enable authentication enabled: false ``` 启动 ``` docker run -d --name registry-web3 --restart=always -p 8000:8080 -v /root/config.yml:/conf/config.yml hyper/docker-registry-web ```