一、 registry 配置文件
PATH: /etc/docker/registry/config.yml
version: 0.1
log:
accesslog:
disabled: true
level: debug
formatter: text
fields:
service: registry
environment: staging
storage:
delete:
enabled: true
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
auth:
htpasswd:
realm: basic-realm
path: /etc/docker/registry/auth/nginx.htpasswd
http:
addr: :5000
host: https://docker.domain.com
headers:
X-Content-Type-Options: [nosniff]
http2:
disabled: false
tls:
certificate: /etc/docker/registry/ssl/docker.domain.com.crt
key: /etc/docker/registry/ssl/docker.domain.com.key
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
|
二、 registry docker-compose配置
PATH: /usr/local/docker/docker-compose/registry.yaml
version: "3"
services:
registry:
image: registry:latest
ports:
- "443:5000"
container_name: registry
restart: always
volumes:
- /etc/docker/registry:/etc/docker/registry
- /var/lib/registry:/var/lib/registry
networks:
- "my-network"
networks:
my-network:
driver: bridge
|
三、配置 http 认证文件
docker run --rm \
--entrypoint htpasswd \
httpd:alpine \
-Bbn $USERNAME $PASSWORD > /etc/docker/registry/auth/nginx.htpasswd
|
四、 https证书文件
自签https证书, 推荐ZeroSSL申请免费证书
公钥: /etc/docker/registry/ssl/docker.domain.com.crt
私钥: /etc/docker/registry/ssl/docker.domain.com.key
请求: /etc/docker/registry/ssl/docker.domain.com.csr
五、 完成部署
5.1 启动 registry
docker-compose -f /usr/local/docker/docker-compose/registry.yaml up -d
5.2 修改 hosts
vim /etc/hosts
127.0.0.1 docker.domain.com
5.3 测试 register
浏览器访问或者curl https://docker.domain.com
5.4 登录
