Docker note 7: Registry

(See the first six:

Introduction to docker practice
Introduction to Docker Practice Ii
Introduction to docker Practice 3
Introduction to docker Practice 4
Introduction to Docker Practice five
Introduction to Docker Practice 6)

Self-built warehouse

As mentioned before, we can directly grab images made by others from DockerHub, or upload our own images to share.

But what if I wanted to make some of my own images? Then you need to create your own Registry.

The official Registry itself is made into an image, so it is very simple to install and use:

docker pull registry
docker run -d -p 5000:5000 --name registry registry:2
Copy the code

So you have a local registry of localhost:5000. If you want to open it to the outside world, you must use HTTPS. The simple way is to use Nginx as a reverse proxy layer with HTTPS support.

Upload an image
docker tag image_name localhost:5000/image_name
docker push localhost:5000/image_name
# drop down an image
docker pull localhost:5000/image_name
Copy the code

If the HTTPS proxy is used, change localhost:5000 to the corresponding domain name.

Add user permission control

The default Registry service is open for anyone to access, which is obviously not what you would normally want from a self-built repository, so you need to add user permission management.

A basic user system is similar to the Web Server’s Basic Auth.

Create a htpasswd file to record user information:

mkdir /var/auth
docker run --entrypoint htpasswd registry -Bbn <username> <password>  >> /var/auth/auth_reg
Copy the code

In the command, /var/auth/auth_reg is the file used to save user information.

and are the user names and passwords to create.

Then start Registry like this:

docker run -d -p 5000:5000 --restart=always -v /var/auth:/var/auth
    -e "REGISTRY_AUTH=htpasswd" \
    -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
    -e REGISTRY_AUTH_HTPASSWD_PATH=/var/auth/auth_reg \
    registry
Copy the code

Now you can’t push and pull directly, you need to log in first:

docker login localhost:5000
Copy the code

After you enter the user name and password, the login information will be saved in ~/.docker/config.json with a security warning. You are advised to use a more secure way to save the information, such as the Keychain of the Mac OS.

Since the login information is already saved, you can then push and pull directly.

Self-built warehouse

Add user permission control

Related Posts

How to solve the problem of lost screen in live broadcast?

Do you believe that one document can give you a salary increase of 10K? I bought it. You got it. You can do it

Inspire creation to enrich life, to become an interesting operation cute wow