摘要:本文主要介绍如何在内网环境快速部署registry仓库,因为它没有安全认证且占用资源少,在内网中使用是非常方便的,是用于开发环境和边缘环境最佳实践。
部署
本文介绍的案例中,集成了一个
registry-ui,方便通过界面查询仓库中拥有的镜像。
registry-ui的htpasswd文件
对应的用户名和密码是
registry:ui
registry:$2y$11$1bmuJLK8HrQl5ACS/WeqRuJLUArUZfUcP2R23asmozEpfN76.pCHy
registry-ui的config.yml
配置文件
version: 0.1
log:
fields:
service: registry
storage:
delete:
enabled: true
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
Access-Control-Allow-Origin: ['*']
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
Access-Control-Allow-Headers: ['Authorization', 'Accept']
Access-Control-Max-Age: [1728000]
Access-Control-Allow-Credentials: [true]
Access-Control-Expose-Headers: ['Docker-Content-Digest']
auth:
htpasswd:
realm: basic-realm
path: /etc/docker/registry/htpasswd
docker-compose.yml
version: '3'
services:
registry:
image: registry:2
volumes:
- ./registry-data:/var/lib/registry
- ./config.yml:/etc/docker/registry/config.yml
- ./htpasswd:/etc/docker/registry/htpasswd
networks:
- default
ui:
image: joxit/docker-registry-ui:latest
ports:
- 5000:80
environment:
- REGISTRY_TITLE=My Private Docker Registry
- NGINX_PROXY_PASS_URL=http://registry:5000
- SINGLE_REGISTRY=true
depends_on:
- registry
networks:
- default
networks:
default:
external:
name: nisec
- 启动
docker-compose up -d
访问
http://localhost:5000;用户名registry,密码:ui
