docker私服搭建，配置域名访问，设置访问密码

启动registry

docker run -d \
    -p 5000:5000 \
    -v /opt/data/registry:/var/lib/registry \
    registry

docker pull  hello-world
docker tag hello-world 127.0.0.1:5000/hello-world
docker push 127.0.0.1:5000/hello-world

查询镜像

curl 192.168.171.146:5000/v2/_catalog

#先删除本地镜像
docker pull 192.168.171.146:5000/hello-world

本机pull正常，如果要从其他机器通过ip:port pull，需要在其他机器配置docker

vim /etc/docker/daemon.json


{
    "insecure-registries": [
        "192.168.171.146:5000"
    ]
}


systemctl daemon-reload 
systemctl restart docker

配置域名访问 HTTPS | HTTP

server {
    listen 443 ssl;
    ssl_certificate             /opt/ssl/stationdm.com.pem;
    ssl_certificate_key         /opt/ssl/stationdm.com.key;
    ssl_protocols               TLSv1.2 TLSv1.3;
    ssl_ciphers                 ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
    ssl_prefer_server_ciphers   on;
    server_name                 docker-wang.stationdm.com;
    location / {                
        proxy_pass http://127.0.0.1:5000;
    }
}


server {
    listen 80;        #监听80端口
    server_name  docker-wang.stationdm.com; #监听的域名
    location / {                #转发或处理
        proxy_pass http://127.0.0.1:5000;
    }
}

修改配置文件

vi /etc/nginx/nginx.conf

在http配置项增加以下配置

http {


        ##省略其他配置##
        client_max_body_size 4096M;
        ##省略其他配置##


}

Nginx无法访问到服务

curl docker-wang.stationdm.com/v2/_catalog
[root@localhost docker]# curl docker-wang.stationdm.com/v2/_catalog
<html>
<head><title>502 Bad Gateway</title></head>
<body>
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.20.1</center>
</body>
</html>

问题解决

setsebool -P httpd_can_network_connect 1

测试

docker pull hello-world
docker tag hello-world docker-wang.stationdm.com/hello-world
docker push docker-wang.stationdm.com/hello-world

curl docker-wang.stationdm.com/v2/_catalog

docker pull docker-wang.stationdm.com/hello-world

创建密码

mkdir -p /etc/docker/registry
htpasswd -Bbn admin 123 > /etc/docker/registry/htpasswd
cat /etc/docker/registry/htpasswd

添加配置

sudo vim /etc/docker/registry/config.yml

version: 0.1
log:
  fields:
    service: registry
storage:
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3
auth:
  htpasswd:
    realm: basic-realm
    path: /etc/docker/registry/htpasswd
    

删除容器，重启registry

docker run -d \
-p 5000:5000 \
-v /opt/data/registry:/var/lib/registry \
-v /etc/docker/registry/htpasswd:/etc/docker/registry/htpasswd \
-v /etc/docker/registry/config.yml:/etc/docker/registry/config.yml \
--restart=always \
--name registry \
registry

测试

docker pull docker-wang.stationdm.com/hello-world

登陆

docker login docker-wang.stationdm.com
admin
123