🍁博主简介：

🏅云计算领域优质创作者

🏅CSDN新星计划python赛道第一名

🏅CSDN原力计划优质作者

🏅阿里云ACE认证高级工程师

🏅阿里云开发者社区专家博主

💊交流社区：CSDN云计算交流社区欢迎您的加入！

目录

1.Docker Registry v2的认证模式

2.配置Nginx代理

3.添加用户认证

4.用Compose启动Registry

👑👑👑结束语👑👑👑

1.Docker Registry v2的认证模式

2.配置Nginx代理

$ sudo apt-get -y install nginx

#本地的registry服务监听在15000端口upstream docker-registry {server localhost:5000;}#代理服务器监听在15000端口server {listen 15000;server_name private-registry-;add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always;# If you have SSL certification files, then can enable this section.ssl on;ssl_certificate /etc/ssl/certs/myrepo.crt;ssl_certificate_key /etc/ssl/private/myrepo.key;proxy_pass http://docker-registry;proxy_set_header Host \$http_host; # required for docker client's sakeproxy_set_header X-Real-IP \$remote_addr; # pass on real client's IPproxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto \$scheme;proxy_read_timeout 600;client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads# required to avoid HTTP 411: see Issue #1486 (/dotcloud/docker/issues/1486)chunked_transfer_encoding on;location /v2/ {#禁止旧版本Docker访问if (\$http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*\$" ) {return 404;}#配置转发访问请求到registry服务proxy_pass http://docker-registry;}}

$ sudo ln -s /etc/nginx/sites-available/docker-registry.conf /etc/nginx/sitesenabled/docker-registry.conf$ service nginx restart

$ docker tag ubuntu:14.04 127.0.0.1:15000/ubuntu:latest$ docker push 127.0.0.1:15000/ubuntu:latest

3.添加用户认证

...location / {# let Nginx know about our auth fileauth_basic "Please Input username/password";auth_basic_user_file docker-registry-htpasswd;proxy_pass http://docker-registry;}...

...user1:password1user2:password2...

$ sudo aptitude install apache2-utils -y

$ sudo htpasswd -c /etc/nginx/docker-registry-htpasswd user1$ New password:$ Re-type new password:$ Adding password for user user1

$ sudo service nginx restart

$ curl USERNAME:PASSWORD@127.0.0.1:15000/v2/

REGISTRY_AUTH: htpasswdREGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswdREGISTRY_AUTH_HTPASSWD_REALM: basic

4.用Compose启动Registry

registry:restart: alwaysimage: registry:2.1ports:- 5000:5000environment:REGISTRY_HTTP_TLS_CERTIFICATE: /certs/myrepo.crtREGISTRY_HTTP_TLS_KEY: /certs/myrepo.keyREGISTRY_AUTH: htpasswdREGISTRY_AUTH_HTPASSWD_PATH: /auth/docker-registry-htpasswdREGISTRY_AUTH_HTPASSWD_REALM: basicvolumes:- /path/to/data:/var/lib/registry- /path/to/certs:/certs- /path/to/auth:/auth

👑👑👑结束语👑👑👑

如果觉得《【云原生 | 44】Docker搭建Registry私有仓库之管理访问权限》对你有帮助，请点赞、收藏，并留下你的观点哦！