一、创建Docker Registry服务器

[root@localhost ~]# docker run -d -p 5000:5000 --restart=always --name registry -v /opt/data/registry:/var/lib/registry registry:2
Unable to find image 'registry:2' locally
2: Pulling from library/registry
cbdbe7a5bc2a: Pull complete
47112e65547d: Pull complete
46bcb632e506: Pull complete
c1cc712bcecd: Pull complete
3db6272dcbfa: Pull complete
Digest: sha256:8be26f81ffea54106bae012c6f349df70f4d5e7e2ec01b143c46e2c03b9e551d
Status: Downloaded newer image for registry:2
9f41b7101b2a0b3e5a32edfc13ad6877a7db6821a4ccc639ddfbc8e2ef819b21
[root@localhost ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
registry            2                   2d4f4b5309b1        2 months ago        26.2MB
[root@localhost ~]# docker ps
CONTAINER ID        IMAGE                    COMMAND                  CREATED             STATUS              PORTS                              NAMES
9f41b7101b2a        registry:2               "/entrypoint.sh /etc…"   58 seconds ago      Up 57 seconds       0.0.0.0:5000->5000/tcp             registry
[root@localhost ~]# docker tag apache2.4.25:centos7.8 192.168.146.199:5000/images/apache2.4.25:centos7.8
[root@localhost ~]# docker images
REPOSITORY                                 TAG                 IMAGE ID            CREATED             SIZE
192.168.146.199:5000/images/apache2.4.25   centos7.8           1c65ef06567d        11 days ago         362MB
apache2.4.25                               centos7.8           1c65ef06567d        11 days ago         362MB
registry                                   2                   2d4f4b5309b1        2 months ago        26.2MB
[root@localhost ~]# docker push 192.168.146.199:5000/images/apache2.4.25:centos7.8
The push refers to repository [192.168.146.199:5000/images/apache2.4.25]
Get https://192.168.146.199:5000/v2/: http: server gave HTTP response to HTTPS client
docker registry交互默认使用的是HTTPS,但是搭建私有镜像默认使用的是HTTP服务,所以与私有镜像交时出现以上错误。
从错误信息来看,client与Registry交互,默认将采用https访问,但我们在install Registry时并未配置指定任何tls相关的key和crt文件,https访问定然失败。要想弄清这个问题,只能查看Registry Manual。



二、Insecure Registry

不建议使用这种方式,不安全,而且这种方式每个docker daemon都需要配置
[root@localhost ~]# cat /etc/docker/daemon.json
{
    "registry-mirrors": ["https://rmjzc498.mirror.aliyuncs.com"],
    "insecure-registries": ["192.168.146.199:5000"]
}

[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl restart docker.service

访问出现{}正常
[root@localhost ~]# curl http://192.168.146.199:5000/v2/
{}[root@mydockerhub ~]#

访问:http://192.168.146.199:5000/v2/

[root@mydockerhub ~]# docker info
Insecure Registries:
  192.168.146.199:5000
  127.0.0.0/8
  
[root@localhost ~]# docker push 192.168.146.199:5000/images/apache2.4.25:centos7.8
The push refers to repository [192.168.146.199:5000/images/apache2.4.25]
f12518ead8c9: Pushed
585d052d1d0b: Pushed
613be09ab3c0: Pushed
centos7.8: digest: sha256:a65eec8cd9ba043f6b327b7e1163055ed6e4e85afe8249e40150de0bb8c1653f size: 953

查看全部镜像
[root@mydockerhub ~]# curl -XGET http://192.168.146.199:5000/v2/_catalog

查看指定镜像
[root@mydockerhub ~]# curl -XGET http://192.168.146.199:5000/v2/images/apache2.4.25/tags/list
{"name":"images/apache2.4.25","tags":["centos7.8"]}

测试拉取
[root@mydockerhub ~]# docker rmi ubuntu:latest
Untagged: ubuntu:latest
Untagged: ubuntu@sha256:31dfb10d52ce76c5ca0aa19d10b3e6424b830729e32a89a7c6eee2cda2be67a5
Deleted: sha256:4e2eef94cd6b93dd4d794c18b45c763f72edc22858e0da5b6e63a4566a54c03c
Deleted: sha256:160004bdd9a2800d0085be0315b769a9ce04c07ca175ecae89593eeee9aeb944
Deleted: sha256:9ed638911072c3379e75d2eaf7c2502220d6757446325c8d96236410b0729268
Deleted: sha256:ce7da152e578608030e9a05f9f5259b329fe5dcc5bf48b9f544e48bd69a5f630
Deleted: sha256:2ce3c188c38d7ad46d2df5e6af7e7aed846bc3321bdd89706d5262fefd6a3390
[root@mydockerhub ~]# docker images
[root@mydockerhub ~]# docker pull 192.168.146.199:5000/ubuntu:latest
latest: Pulling from ubuntu
54ee1f796a1e: Pull complete
f7bfea53ad12: Pull complete
46d371e02073: Pull complete
b66c17bbf772: Pull complete
Digest: sha256:6f2fb2f9fb5582f8b587837afd6ea8f37d8d1d9e41168c90f410a6ef15fa8ce5
Status: Downloaded newer image for 192.168.146.199:5000/ubuntu:latest
192.168.146.199:5000/ubuntu:latest
[root@mydockerhub ~]# docker images
REPOSITORY                                 TAG                 IMAGE ID            CREATED             SIZE
192.168.146.199:5000/ubuntu                latest              4e2eef94cd6b        2 weeks ago         73.9MB



三、registry实现WebUI(docker-registry-frontend)

ENV_DOCKER_REGISTRY_HOST不能填宿主机IP(否则报503 service unavailable错误),要填registry容器的172.17.0.2 IP地址。
[root@mydockerhub ~]# docker run -d --restart=always -e ENV_DOCKER_REGISTRY_HOST=172.17.0.2 -e ENV_DOCKER_REGISTRY_PORT=5000 -p 8080:80 konradkleine/docker-registry-frontend:v2
82ee9bb3372cc272c9b89dd31361155a853067f42ebbb29eb65fe8da5d3cfece

[root@mydockerhub ~]# docker ps -a
CONTAINER ID        IMAGE                                      COMMAND                  CREATED             STATUS                   PORTS                              NAMES
eecba665dfcc        konradkleine/docker-registry-frontend:v2   "/bin/sh -c $START_S…"   18 seconds ago      Up 16 seconds            443/tcp, 0.0.0.0:8080->80/tcp      root_frontend_1

如果registry启用https访问,则容器启动命令为:
[root@mydockerhub ~]# docker run -d --restart=always -e ENV_DOCKER_REGISTRY_HOST=172.17.0.2 -e ENV_DOCKER_REGISTRY_PORT=5000 -e ENV_DOCKER_REGISTRY_USE_SSL=1 -p 8080:80 konradkleine/docker-registry-frontend:v2

如果registry启用https访问,并且docker-registry-frontend:v2启用web https访问,则容器启动命令为:
[root@mydockerhub ~]# docker run -d --restart=always -e ENV_DOCKER_REGISTRY_HOST=172.17.0.2 -e ENV_DOCKER_REGISTRY_PORT=5000 -e ENV_DOCKER_REGISTRY_USE_SSL=1 -e ENV_USE_SSL=yes -v /opt/certs/domain.crt:/etc/apache2/server.crt:ro  -v /opt/certs/domain.key:/etc/apache2/server.key:ro -p 443:443 konradkleine/docker-registry-frontend:v2

访问: http://192.168.146.199:8080/

registry实现WebUI(docker-registry-frontend)_registryregistry实现WebUI(docker-registry-frontend)_registry_02

备注:F12查看加载url,最主要是这个 http://192.168.146.199:8080/v2/_catalog?n=20&last=。。

宿主机8080会重定向到docker-registry-frontend容器内apache80端口,容器内80端口会转换到5000端口,由于registry是在容器内提供服务的,所以docker-registry-frontend指向的registry IP需要填registry容器的。


参考:https://github.com/kwk/docker-registry-frontend