Download registry image

docker-hub : registry

Download registry-web image

docker-hub : hyper/docker-registry-web

registry setting

create [registry-path]/config.yml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

version: 0.1
log:
  fields:
    service: registry
storage:
  delete:
    enabled: true     # open delete api
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3
auth:
  htpasswd:
    realm: basic-realm
    path: /auth/htpasswd    # use apache basic-auth

create htpasswd file

1

docker run --rm -ti xmartlabs/htpasswd <username> <password> > htpasswd

Run registry container

1

docker run -d -p 28009:5000 -v [registry-path]/images:/var/lib/registry -v [registry-path]/config/config.yml:/etc/docker/registry/config.yml -v [registry-path]/config/htpasswd:/auth/htpasswd --name registry registry:latest

registry-web setting

create [registry-web-path]/config.yml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

# Default values for yml config
registry:
  # Docker registry url
  url: 'http://[your_ip]:[your_port]/v2'
  # web registry context path
  # empty string for root context, /app to make web registry accessible on http://host/app                                 
  context_path: ''
  # Trust any SSL certificate when connecting to registry
  trust_any_ssl: false
  #  base64 encoded token for basic authentication, ex: base64encode('admin:1234')
  basic_auth: '[your_base64encode]'
  # To allow image delete, should be false
  readonly: false  
  # Docker registry fqdn
  name: '[your_full_dns]'
  # Authentication settings
  auth:
    # Enable authentication
    enabled: false
    # Allow registry anonymous access
    # allow_anonymous: true # not implemented
    # Token issuer
    # should equals to auth.token.issuer of docker registry
    issuer: 'test-issuer'
    # Private key for token signing
    # certificate used on auth.token.rootcertbundle should signed by this key
    key: /config/auth.key

Run registry-web container

1

docker run -d -p 28008:8080 --link registry:registry -v [registry-web-path]/config/config.yml:/conf/config.yml --name registry-web hyper/docker-registry-web:latest

備註

  1. 存取private registry前,需先執行docker login -u <username> -p <password> <registry.domain.com>
  2. 本章節的<registry.domain.com>使用synology reverse proxy方式完成,架構如圖
    如果不用reverse proxy方式的話,請參考registry-deploying-certificate
  3. 要注意yml的縮排格式
  4. docker --link 用法請參考
  5. 請自行將上述docker run command轉化成synology docker ui操作

Conclusion

hyper/docker-registry-web太吃CPU和MEM資源,不知道他java是怎麼寫的,而且操作介面有點陽春。之後打算自己寫一套Laravel version的registry-web。

Reference