docker registry and ui

主要是基于docker的镜像完成服务

[安装docker服务]

1
apt-get install docker-engin

[开始启动registry 镜像, 这里需要配置s3]

1
2
3
4
5
6
7
8
9
10
docker run -d \
-e SETTINGS_FLAVOR=s3 \
-e AWS_REGION=us-west-2 \
-e AWS_BUCKET=docker-registrys \
-e STORAGE_PATH=/registry \
-e AWS_KEY=************ \
-e AWS_SECRET=*************** \
-e SEARCH_BACKEND=sqlalchemy \
-p 5000:5000 \
registry:latest

[debug 方式]

1
docker logs con-id

[开始启动UI 镜像]

1
docker run -d -p 8080:8080 -it -e APP_CONTEXT=ui -e REG1=https://xxxxx/v1/ atcol/docker-registry-ui

[配置nginx]

1
apt-get install nginx
  1. 首先是docker registry 的nginx 配置文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# For nginx < 1.3.9
# FYI: Chunking requires nginx-extras package on Debian Wheezy and some Ubuntu versions
# See chunking http://wiki.nginx.org/HttpChunkinModule
# Replace with appropriate values where necessary
upstream docker-registry {
server localhost:5000;
}
# uncomment if you want a 301 redirect for users attempting to connect
# on port 80
# NOTE: docker client will still fail. This is just for convenience
# server {
# listen *:80;
# server_name my.docker.registry.com;
# return 301 https://$server_name$request_uri;
# }
server {
listen 443;
server_name xxxxx.org;
ssl on;
ssl_certificate /etc/nginx/ssl/xxxx.org.crt;
ssl_certificate_key /etc/nginx/ssl/xxx.org.key;
client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads
# required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
#chunkin on;
location / {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/docker-registry.htpasswd;
include /etc/nginx/docker-registry.conf;
}
location /_ping {
auth_basic off;
include /etc/nginx/docker-registry.conf;
}
location /v1/_ping {
auth_basic off;
include /etc/nginx/docker-registry.conf;
}
}
  1. 然后是ui 的nginx 配置文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# For nginx < 1.3.9
# FYI: Chunking requires nginx-extras package on Debian Wheezy and some Ubuntu versions
# See chunking http://wiki.nginx.org/HttpChunkinModule
# Replace with appropriate values where necessary
upstream docker-ui {
server 127.0.0.1:8080;
}
# uncomment if you want a 301 redirect for users attempting to connect
# on port 80
# NOTE: docker client will still fail. This is just for convenience
# server {
# listen *:80;
# server_name my.docker.registry.com;
# return 301 https://$server_name$request_uri;
# }
server {
listen 443;
server_name docker-ui.xxxxx.org;
ssl on;
ssl_certificate /etc/nginx/ssl/xxxx.org.crt;
ssl_certificate_key /etc/nginx/ssl/xxxx.org.key;
# required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
#chunkin on;
location /ui {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/docker-registry.htpasswd;
include /etc/nginx/docker-ui.conf;
}
}
  1. 配置代理文件 docker-registry
1
2
3
4
5
proxy_pass http://docker-registry;
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header Authorization ""; # see https://github.com/dotcloud/docker-registry/issues/170
proxy_read_timeout 900;
  1. 配置代理文件docker-ui

    1
    2
    3
    4
    5
    proxy_pass http://docker-ui;
    proxy_set_header Host $http_host; # required for docker client's sake
    proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
    proxy_set_header Authorization ""; # see https://github.com/dotcloud/docker-registry/issues/170
    proxy_read_timeout 900;
  2. 密码文件

1
htpasswd -c /etc/nginx/nginx.htpasswd docker001
  1. 开启网页和docker login 测试