首先正确安装docker, 以下说明建立在此之上.
注: 此示例并没有使用nginx服务器和SSL加密.

use iptables

Centos 7 默认使用firewalld 而不是iptables管理防火墙, 如已使用iptables管理防火墙, 请跳过此步骤.

install docker-compose

https://docs.docker.com/compose/reference/up/

1
$ pip2 install docker-compose

docker run registry and registry-web

https://github.com/mkuchin/docker-registry-web/tree/master/examples/auth-enabled

1. download examples files

1
2
$ curl -Ls https://github.com/mkuchin/docker-registry-web/releases/download/v0.1.2/examples.tar.gz | tar -xzv
$ cd examples/auth-enabled/

2. exec generate-keys.sh

1
$ ./generate-keys.sh

3. modify config file

  • docker-compose.yml
    1
    $ vim docker-compose.yml


1
registry:2.4.1 => registry:latest // latest 将image版本切换到最新版

  • 修改 auth.token.realm
    1
    $ vim conf/registry/config.yml


1
realm: http://localhost:8080/api/auth => realm: http://(ip/hostname):8080/api/auth

4. Start containers with docker-compose

1
$ docker-compose up -d

注: -d 后台运行, examples 默认采用-it 交互式运行方式, 关掉终端后, 进程将关闭

It will run docker registry (ip/hostname):5000 and web ui on http://(ip/hostname):8080/

可以通过配置docker-compose.yml 文件设置一些启动参数如: restart: always(docker重启后自动运行)

check if it working:

Login into http://(ip/hostname):8080/ with admin/admin username/password

Create test user and grant ‘write-all’ role to that user.

  • local check:

    1
    2
    3
    4
    5
    6
    docker login localhost:5000
    docker pull hello-world
    docker tag hello-world localhost:5000/hello-world:latest
    docker push localhost:5000/hello-world:latest
    docker rmi localhost:5000/hello-world:latest
    docker run localhost:5000/hello-world:latest
  • remote check:

    1
    2
    3
    4
    5
    6
    docker login (ip/hostname):5000
    docker pull hello-world
    docker tag hello-world (ip/hostname):5000/hello-world:latest
    docker push (ip/hostname):5000/hello-world:latest
    docker rmi (ip/hostname):5000/hello-world:latest
    docker run (ip/hostname):5000/hello-world:latest

问题

1. iptables 报 No chain/target/match by that name

参见: http://blog.jobbole.com/98869/
关闭docker, 重启iptables, 再启动docker, 简单说就是docker应该在iptables之后启动

2. 登录远程私有仓库时 http: server gave HTTP response to HTTPS client

1
Error response from daemon: Get https://(ip/hostname)rs/: http: server gave HTTP response to HTTPS client

本地设置 DOCKER_OPTS=”–insecure-registry myregistrydomain.com:5000” in docker config.

本人 Mac使用的是 Docker

添加 insecure registry 然后重启docker服务

3. getsockopt: connection refused

1
Error while pulling image: Get http://localhost:5000/v1/repositories/apiserver/images: dial tcp [::1]:5000: getsockopt: connection refused

参见: https://github.com/mkuchin/docker-registry-web/issues/48
替换realm.token.auth 的ip或是域名, 上面已经操作过了.

4. 自行修改防火墙端口访问(5000, 8080)

5. mac docker 添加国内源


apply and restart