🍁博主简介:
🏅云计算领域优质创作者
🏅CSDN新星计划python赛道第一名
🏅CSDN原力计划优质作者
🏅阿里云ACE认证高级工程师
🏅阿里云开发者社区专家博主
💊交流社区:CSDN云计算交流社区欢迎您的加入!
目录
1.Docker Registry v2的认证模式
2.配置Nginx代理
3.添加用户认证
4.用Compose启动Registry
👑👑👑结束语👑👑👑
1.Docker Registry v2的认证模式
2.配置Nginx代理
$ sudo apt-get -y install nginx
#本地的registry服务监听在15000端口upstream docker-registry {server localhost:5000;}#代理服务器监听在15000端口server {listen 15000;server_name private-registry-;add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always;# If you have SSL certification files, then can enable this section.ssl on;ssl_certificate /etc/ssl/certs/myrepo.crt;ssl_certificate_key /etc/ssl/private/myrepo.key;proxy_pass http://docker-registry;proxy_set_header Host \$http_host; # required for docker client's sakeproxy_set_header X-Real-IP \$remote_addr; # pass on real client's IPproxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto \$scheme;proxy_read_timeout 600;client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads# required to avoid HTTP 411: see Issue #1486 (/dotcloud/docker/issues/1486)chunked_transfer_encoding on;location /v2/ {#禁止旧版本Docker访问if (\$http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*\$" ) {return 404;}#配置转发访问请求到registry服务proxy_pass http://docker-registry;}}
$ sudo ln -s /etc/nginx/sites-available/docker-registry.conf /etc/nginx/sitesenabled/docker-registry.conf$ service nginx restart
$ docker tag ubuntu:14.04 127.0.0.1:15000/ubuntu:latest$ docker push 127.0.0.1:15000/ubuntu:latest
3.添加用户认证
...location / {# let Nginx know about our auth fileauth_basic "Please Input username/password";auth_basic_user_file docker-registry-htpasswd;proxy_pass http://docker-registry;}...
...user1:password1user2:password2...
$ sudo aptitude install apache2-utils -y
$ sudo htpasswd -c /etc/nginx/docker-registry-htpasswd user1$ New password:$ Re-type new password:$ Adding password for user user1
$ sudo service nginx restart
$ curl USERNAME:PASSWORD@127.0.0.1:15000/v2/
REGISTRY_AUTH: htpasswdREGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswdREGISTRY_AUTH_HTPASSWD_REALM: basic
4.用Compose启动Registry
registry:restart: alwaysimage: registry:2.1ports:- 5000:5000environment:REGISTRY_HTTP_TLS_CERTIFICATE: /certs/myrepo.crtREGISTRY_HTTP_TLS_KEY: /certs/myrepo.keyREGISTRY_AUTH: htpasswdREGISTRY_AUTH_HTPASSWD_PATH: /auth/docker-registry-htpasswdREGISTRY_AUTH_HTPASSWD_REALM: basicvolumes:- /path/to/data:/var/lib/registry- /path/to/certs:/certs- /path/to/auth:/auth
👑👑👑结束语👑👑👑
如果觉得《【云原生 | 44】Docker搭建Registry私有仓库之管理访问权限》对你有帮助,请点赞、收藏,并留下你的观点哦!