自建Docker仓库
docker-compose.yaml
services:
registry:
image: registry:2
container_name: docker-registry
restart: always
ports:
- "5006:5000"
environment:
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /var/lib/registry
# 基本认证配置
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
volumes:
- ./registry-data:/var/lib/registry
- ./auth:/auth
networks:
- registry-net
# Web UI (可选)
registry-ui:
image: joxit/docker-registry-ui:latest
container_name: registry-ui
restart: always
ports:
- "8080:80"
environment:
- REGISTRY_TITLE=Private Docker Registry
- REGISTRY_URL=http://docker-registry:5000
- SINGLE_REGISTRY=true
depends_on:
- registry
networks:
- registry-net
networks:
registry-net:
driver: bridge
设置密码
在服务端创建认证文件
mkdir auth
docker run --entrypoint htpasswd httpd:2 -Bbn admin password > auth/htpasswd
设置 Nginx 反代
location /
{
proxy_pass http://127.0.0.1:5006;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
客户端设置
vi /etc/docker/daemon.json
{
"registry-mirrors": [
"http://registry.wpcio.com"
]
}
systemctl daemon-reload && systemctl restart docker
登录
docker login registry.wpcio.com
推送
# 标记测试镜像
docker tag nginx:latest registry.wpcio.com/nginx:latest
# 推送镜像
docker push registry.wpcio.com/nginx:latest
使用 docker-compose 拉取镜像创建服务
services:
app:
image: 'registry.wpcio.com/screenshot-service:latest'
ports:
- "5006:5005"
volumes:
- ./screenshots:/app/screenshots
restart: unless-stopped
deploy:
resources:
limits:
memory: 2G
reservations:
memory: 1G
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"