$ sudo docker run -d -p 5000:5000 -v /data/registry:/tmp/registry registry
使用docker tag标记一个镜像,格式为 docker tag IMAGE[:TAG] [REGISTRYHOST/][USERNAME/]NAME[:TAG]
# docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE dockerui/dockerui latest 95c8b9dc91e0 3 months ago 6.13 MB registry latest 07d93e41c370 3 months ago 422.9 MB # docker tag 95c8 127.0.0.1:5000/test # docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE 127.0.0.1:5000/test latest 95c8b9dc91e0 3 months ago 6.13 MB dockerui/dockerui latest 95c8b9dc91e0 3 months ago 6.13 MB registry latest 07d93e41c370 3 months ago 422.9 MB
上传镜像、查看镜像、下载镜像从私有仓库
#docker push 127.0.0.1:5000/test push到私有仓库 Pushing repository 127.0.0.1:5000/test (1 tags) 706db4235055: Image successfully pushed 84f978a622ba: Image successfully pushed 95c8b9dc91e0: Image successfully pushed Pushing tag for rev [95c8b9dc91e0] on {http://127.0.0.1:5000/v1/repositories/test/tags/latest} # curl http://127.0.0.1:5000/v1/search 用 curl 查看仓库中的镜像 {"num_results": 2, "query": "", "results": [{"description": "", "name": "library/test"}, {"description": "", "name": "library/test1"}]} # docker pull 127.0.0.1:5000/test 从私有仓库pull到本地 Pulling repository 127.0.0.1:5000/test 95c8b9dc91e0: Download complete 95c8b9dc91e0: Pulling image (latest) from 127.0.0.1:5000/test 706db4235055: Download complete Status: Image is up to date for 127.0.0.1:5000/test:latest
用本机ip或域名上传镜像失败
# docker push 192.168.1.7:5000/test Error response from daemon: invalid registry endpoint https://192.168.1.7:5000/v0/: unable to ping registry endpoint https://192.168.1.7:5000/v0/ v2 ping attempt failed with error: Get https://192.168.1.7:5000/v2/: EOF v1 ping attempt failed with error: Get https://192.168.1.7:5000/v1/_ping: EOF. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry 192.168.1.7:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/192.168.1.7:5000/ca.crt
# disable any limits to avoid HTTP 413 for large image uploads client_max_body_size 0;
# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486) chunked_transfer_encoding on;
location /v2/ { # Do not allow connections from docker 1.5 and earlier # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) { return 404; }
# To add basic authentication to v2 use auth_basic setting plus add_header # auth_basic "registry.localhost"; # auth_basic_user_file /etc/nginx/conf.d/registry.password; # add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always;
proxy_pass http://docker-registry; proxy_set_header Host $http_host; # required for docker client's sake proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 900; } }
$ cd ~/docker-registry/nginx $ htpasswd -c registry.password USERNAME #创建一个认证文件增加用户设置密码 $ vim ~/docker-registry/nginx/registry.conf #修改nginx配置文件,把下面三行注释去掉 # To add basic authentication to v2 use auth_basic setting plus add_header auth_basic "registry.localhost"; auth_basic_user_file /etc/nginx/conf.d/registry.password; add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always; $ cd ~/docker-registry $ docker-compose up
重启docker测试sslservice docker restart 通过curl https://USERNAME:PASSWORD@[YOUR-DOMAIN]:5043/v2/命令访问报错 curl: (60) Peer certificate cannot be authenticated with known CA certificates 正确的访问方式是curl加入-k选项不校验,例 curl -k https://USERNAME:PASSWORD@[YOUR-DOMAIN]:5043/v2/