registry 用来保存docker镜像
包括镜像的层次结构和元数据
用户可自建registry,也可使用官方的docker hub
分类
sponsor registry 第三方的registry,供客户和docker社区使用
mirror registry 第三方的registry,供客户使用
vendor registry 由发布docker镜像的供应商提供的registry
private registry 通过设有防火墙和额外的安全层的私有实体提供的registry
docker 提供的
registry:托管镜像,运行在容器中,
保存着很多镜像,
如果容器删除了?那些镜像? ---->存储卷(最好使用网络存储,不存在本地)
[root@localhost vagrant]# yum -y install docker-registry
[root@localhost vagrant]# rpm -ql docker-distribution
/etc/docker-distribution/registry/config.yml
/usr/bin/registry
/usr/lib/systemd/system/docker-distribution.service
/usr/share/doc/docker-distribution-2.6.2
/usr/share/doc/docker-distribution-2.6.2/AUTHORS
/usr/share/doc/docker-distribution-2.6.2/CONTRIBUTING.md
/usr/share/doc/docker-distribution-2.6.2/LICENSE
/usr/share/doc/docker-distribution-2.6.2/MAINTAINERS
/usr/share/doc/docker-distribution-2.6.2/README.md
/var/lib/registry # 应该放一个很大的路径
[root@localhost vagrant]# vim /etc/docker-distribution/registry/config.yml
[root@localhost vagrant]# systemctl start docker-distribution
[root@localhost xxxxxxx]# docker tag myweb:v0.3 ip:5000/myweb:v0.3
[root@localhost xxxxxxx]# docker push ip:5000/myweb:v0.3
# 会报错
# docker push默认是使用https协议
# docker端
# 需标记为非加密、非安全的registry # insecure-registry :[]
# 在daemon.json 中添加insecure-registry :["ip:5000"]
# systemctl restart docker
# [root@localhost xxxxxxx]# docker push ip:5000/myweb:v0.3
Docker private Registry的Nginx反代配置方式:
client_max_body_size 0;
location / {
proxy_pass http://registrysrvs;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
auth_basic "Docker Registry Service";
auth_basic_user_file "/etc/nginx/.ngxpasswd";
}
浙公网安备 33010602011771号