- 浏览: 2486731 次
- 性别:
- 来自: 成都
文章分类
最新评论
-
nation:
你好,在部署Mesos+Spark的运行环境时,出现一个现象, ...
Spark(4)Deal with Mesos -
sillycat:
AMAZON Relatedhttps://www.godad ...
AMAZON API Gateway(2)Client Side SSL with NGINX -
sillycat:
sudo usermod -aG docker ec2-use ...
Docker and VirtualBox(1)Set up Shared Disk for Virtual Box -
sillycat:
Every Half an Hour30 * * * * /u ...
Build Home NAS(3)Data Redundancy -
sillycat:
3 List the Cron Job I Have>c ...
Build Home NAS(3)Data Redundancy
Private Registry 2020(1)No auth in registry Nginx AUTH for UI
Deploy basic registry server
> docker run -d -p 5000:5000 --name registry registry:2
Have it running
> docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5676dd2a19e0 registry:2 "/entrypoint.sh /etc…" 12 seconds ago Up 11 seconds 0.0.0.0:5000->5000/tcp registry
It is running basic config, verify that
> docker pull ubuntu:16.04
Tag the ubuntu to point to our own registry
> docker tag ubuntu:16.04 localhost:5000/c-ubuntu
Push to localhost
> docker push localhost:5000/c-ubuntu
Remove local images
> docker image remove ubuntu:16.04
> docker rmi localhost:5000/c-ubuntu
Finally, we can pull from the remote
> docker pull localhost:5000/c-ubuntu
We can enable the UI https://github.com/Joxit/docker-registry-ui
Run the Docker UI
> docker run -d -p 80:80 -e URL=http://localhost:5000 -e DELETE_IMAGES=true joxit/docker-registry-ui
It will not work because I run 2 docker and use localhost, they can not find each other. Try on my rancher-home virtual box.
>docker run -d -p 5000:5000 --name registry registry:2
>docker run -d -p 80:80 -e URL=http://rancher-home:5000 -e DELETE_IMAGES=true joxit/docker-registry-ui
It is not working because of the CORS. Try add settings for registry
Prepare the Password configuration
> docker run --entrypoint htpasswd registry:2 -Bbn sillycat ‘password' > conf/htpasswd
Try this
> docker run -d -p 80:80 -e REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin="*" -e URL=http://rancher-home:5000 -e DELETE_IMAGES=true joxit/docker-registry-ui
Visit page with username and password is working fine
http://admin:admin~!%40@rancher-home:5000/v2/_catalog?n=100000
Try this
> docker tag ubuntu:16.04 192.168.56.110:5000/a-ubuntu
> docker push 192.168.56.110:5000/a-ubuntu
The push refers to repository [192.168.56.110:5000/a-ubuntu]
Get https://192.168.56.110:5000/v2/: http: server gave HTTP response to HTTPS client
Solution:
https://github.com/docker/distribution/issues/1874
Check this file and add our website there
> cat /etc/docker/daemon.json
{
"insecure-registries": [
"192.168.56.110:8088",
"192.168.56.111:8088",
"192.168.56.112:8088",
"rancher-worker1:8088",
"rancher-worker2:8088",
"rancher-home:8088",
"159.89.253.84:80",
"10.132.242.85:8088"
]
}
Restart the service
> sudo systemctl restart docker.service
It works pretty well now
> docker tag ubuntu:16.04 rancher-home:5000/b-ubuntu
> docker push rancher-home:5000/b-ubuntu
Make it working with Nginx Authentication
>docker run -d -p 5001:80 -e REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin="*" -e URL=http://rancher-home:5000 -e DELETE_IMAGES=true joxit/docker-registry-ui
> docker run -d -p 5001:80 -e REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin="*" -e URL=http://rancher-home:5000 -e REGISTRY_URL=http://rancher-home:5000 -e NGINX_PROXY_HEADER_X_Forwarded_For=$$proxy_add_x_forwarded_for -e DELETE_IMAGES=true joxit/docker-registry-ui
NGINX_PROXY_HEADER_Authorization=Basic cmVnaXN0cnk6dWk=
We can try this as well.
upstream registry {
server localhost:5001;
}
location /registry/ {
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_pass http://registry/;
}
Working Makefile for registry
PORT=5000
IMAGE=registry
TAG=2
NAME=docker-registry-$(PORT)
#-v $(shell pwd)/conf/htpasswd:/etc/docker/registry/htpasswd \
run:
docker run \
-d \
-p $(PORT):5000 \
-v $(shell pwd)/registry:/var/lib/registry \
-v $(shell pwd)/conf/config.yml:/etc/docker/registry/config.yml \
--name $(NAME) \
$(IMAGE):$(TAG)
clean:
docker stop ${NAME}
docker rm ${NAME}
Configuration for no auth registry in conf/config.yml
version: 0.1
log:
fields:
service: registry
storage:
delete:
enabled: true
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
Access-Control-Allow-Origin: ['*']
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
Access-Control-Expose-Headers: ['Docker-Content-Digest']
#Access-Control-Allow-Origin: ['http://rancher-home']
#Access-Control-Allow-Headers: ['Authorization']
#Access-Control-Max-Age: [1728000]
#Access-Control-Allow-Credentials: [true]
#auth:
# htpasswd:
# realm: basic-realm
# path: /etc/docker/registry/htpasswd
References:
https://docs.docker.com/registry/deploying/
https://github.com/Quiq/docker-registry-ui
https://github.com/mkuchin/docker-registry-web
https://github.com/Joxit/docker-registry-ui
https://github.com/Joxit/docker-registry-ui/blob/master/examples/proxy-headers/docker-compose.yml
Deploy basic registry server
> docker run -d -p 5000:5000 --name registry registry:2
Have it running
> docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5676dd2a19e0 registry:2 "/entrypoint.sh /etc…" 12 seconds ago Up 11 seconds 0.0.0.0:5000->5000/tcp registry
It is running basic config, verify that
> docker pull ubuntu:16.04
Tag the ubuntu to point to our own registry
> docker tag ubuntu:16.04 localhost:5000/c-ubuntu
Push to localhost
> docker push localhost:5000/c-ubuntu
Remove local images
> docker image remove ubuntu:16.04
> docker rmi localhost:5000/c-ubuntu
Finally, we can pull from the remote
> docker pull localhost:5000/c-ubuntu
We can enable the UI https://github.com/Joxit/docker-registry-ui
Run the Docker UI
> docker run -d -p 80:80 -e URL=http://localhost:5000 -e DELETE_IMAGES=true joxit/docker-registry-ui
It will not work because I run 2 docker and use localhost, they can not find each other. Try on my rancher-home virtual box.
>docker run -d -p 5000:5000 --name registry registry:2
>docker run -d -p 80:80 -e URL=http://rancher-home:5000 -e DELETE_IMAGES=true joxit/docker-registry-ui
It is not working because of the CORS. Try add settings for registry
Prepare the Password configuration
> docker run --entrypoint htpasswd registry:2 -Bbn sillycat ‘password' > conf/htpasswd
Try this
> docker run -d -p 80:80 -e REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin="*" -e URL=http://rancher-home:5000 -e DELETE_IMAGES=true joxit/docker-registry-ui
Visit page with username and password is working fine
http://admin:admin~!%40@rancher-home:5000/v2/_catalog?n=100000
Try this
> docker tag ubuntu:16.04 192.168.56.110:5000/a-ubuntu
> docker push 192.168.56.110:5000/a-ubuntu
The push refers to repository [192.168.56.110:5000/a-ubuntu]
Get https://192.168.56.110:5000/v2/: http: server gave HTTP response to HTTPS client
Solution:
https://github.com/docker/distribution/issues/1874
Check this file and add our website there
> cat /etc/docker/daemon.json
{
"insecure-registries": [
"192.168.56.110:8088",
"192.168.56.111:8088",
"192.168.56.112:8088",
"rancher-worker1:8088",
"rancher-worker2:8088",
"rancher-home:8088",
"159.89.253.84:80",
"10.132.242.85:8088"
]
}
Restart the service
> sudo systemctl restart docker.service
It works pretty well now
> docker tag ubuntu:16.04 rancher-home:5000/b-ubuntu
> docker push rancher-home:5000/b-ubuntu
Make it working with Nginx Authentication
>docker run -d -p 5001:80 -e REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin="*" -e URL=http://rancher-home:5000 -e DELETE_IMAGES=true joxit/docker-registry-ui
> docker run -d -p 5001:80 -e REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin="*" -e URL=http://rancher-home:5000 -e REGISTRY_URL=http://rancher-home:5000 -e NGINX_PROXY_HEADER_X_Forwarded_For=$$proxy_add_x_forwarded_for -e DELETE_IMAGES=true joxit/docker-registry-ui
NGINX_PROXY_HEADER_Authorization=Basic cmVnaXN0cnk6dWk=
We can try this as well.
upstream registry {
server localhost:5001;
}
location /registry/ {
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_pass http://registry/;
}
Working Makefile for registry
PORT=5000
IMAGE=registry
TAG=2
NAME=docker-registry-$(PORT)
#-v $(shell pwd)/conf/htpasswd:/etc/docker/registry/htpasswd \
run:
docker run \
-d \
-p $(PORT):5000 \
-v $(shell pwd)/registry:/var/lib/registry \
-v $(shell pwd)/conf/config.yml:/etc/docker/registry/config.yml \
--name $(NAME) \
$(IMAGE):$(TAG)
clean:
docker stop ${NAME}
docker rm ${NAME}
Configuration for no auth registry in conf/config.yml
version: 0.1
log:
fields:
service: registry
storage:
delete:
enabled: true
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
Access-Control-Allow-Origin: ['*']
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
Access-Control-Expose-Headers: ['Docker-Content-Digest']
#Access-Control-Allow-Origin: ['http://rancher-home']
#Access-Control-Allow-Headers: ['Authorization']
#Access-Control-Max-Age: [1728000]
#Access-Control-Allow-Credentials: [true]
#auth:
# htpasswd:
# realm: basic-realm
# path: /etc/docker/registry/htpasswd
References:
https://docs.docker.com/registry/deploying/
https://github.com/Quiq/docker-registry-ui
https://github.com/mkuchin/docker-registry-web
https://github.com/Joxit/docker-registry-ui
https://github.com/Joxit/docker-registry-ui/blob/master/examples/proxy-headers/docker-compose.yml
发表评论
-
Update Site will come soon
2021-06-02 04:10 1609I am still keep notes my tech n ... -
Stop Update Here
2020-04-28 09:00 260I will stop update here, and mo ... -
NodeJS12 and Zlib
2020-04-01 07:44 430NodeJS12 and Zlib It works as ... -
Docker Swarm 2020(2)Docker Swarm and Portainer
2020-03-31 23:18 310Docker Swarm 2020(2)Docker Swar ... -
Docker Swarm 2020(1)Simply Install and Use Swarm
2020-03-31 07:58 321Docker Swarm 2020(1)Simply Inst ... -
Traefik 2020(1)Introduction and Installation
2020-03-29 13:52 291Traefik 2020(1)Introduction and ... -
Portainer 2020(4)Deploy Nginx and Others
2020-03-20 12:06 378Portainer 2020(4)Deploy Nginx a ... -
Docker Compose 2020(1)Installation and Basic
2020-03-15 08:10 327Docker Compose 2020(1)Installat ... -
VPN Server 2020(2)Docker on CentOS in Ubuntu
2020-03-02 08:04 397VPN Server 2020(2)Docker on Cen ... -
Buffer in NodeJS 12 and NodeJS 8
2020-02-25 06:43 334Buffer in NodeJS 12 and NodeJS ... -
NodeJS ENV Similar to JENV and PyENV
2020-02-25 05:14 415NodeJS ENV Similar to JENV and ... -
Prometheus HA 2020(3)AlertManager Cluster
2020-02-24 01:47 359Prometheus HA 2020(3)AlertManag ... -
Serverless with NodeJS and TencentCloud 2020(5)CRON and Settings
2020-02-24 01:46 292Serverless with NodeJS and Tenc ... -
GraphQL 2019(3)Connect to MySQL
2020-02-24 01:48 208GraphQL 2019(3)Connect to MySQL ... -
GraphQL 2019(2)GraphQL and Deploy to Tencent Cloud
2020-02-24 01:48 390GraphQL 2019(2)GraphQL and Depl ... -
GraphQL 2019(1)Apollo Basic
2020-02-19 01:36 275GraphQL 2019(1)Apollo Basic Cl ... -
Serverless with NodeJS and TencentCloud 2020(4)Multiple Handlers and Running wit
2020-02-19 01:19 264Serverless with NodeJS and Tenc ... -
Serverless with NodeJS and TencentCloud 2020(3)Build Tree and Traverse Tree
2020-02-19 01:19 259Serverless with NodeJS and Tenc ... -
Serverless with NodeJS and TencentCloud 2020(2)Trigger SCF in SCF
2020-02-19 01:18 252Serverless with NodeJS and Tenc ... -
Serverless with NodeJS and TencentCloud 2020(1)Running with Component
2020-02-19 01:17 235Serverless with NodeJS and Tenc ...
相关推荐
docker-nginx-auth-registry通过nginx对私有仓库的安全认证1.在宿主机上用htpasswd生成用户名和密码,作为nginx basic auth 的用户名和密码htpasswd -b -c -d docker-registry.htpasswd kiss test2.在宿主机上做好...
基于linux操作系统一键式安装部署Docker镜像私库registry®istry-ui
带有UI的Docker Registry v2 它是什么? 这是一个由docker-compose组成的安装程序,在端口443上运行v2注册表,在端口80上运行nginx,为列出存储库及其标签的最小UI提供服务。 您可以使用docker-compose up -d来启动...
将 Docker Private Registry Web UI 作为容器运行 要求 >= v4.3.18 >= v1.6.5 启动 Docker 私有注册表 + 镜像 $ git clone https://github.com/YungSang/docker-registry-mirror.git $ cd docker-registry-mirror...
Files contained in registry-3.1.3.jar: META-INF/MANIFEST.MF com.ice.jni.registry.RegMultiStringValue.class com.ice.jni.registry.RegBinaryValue.class com.ice.jni.registry.RegistryException.class ...
您可以在两个版本之间进行选择,即标准接口( joxit/docker-registry-ui:latest )和静态接口( joxit/docker-registry-ui:static )。 在标准界面中,没有默认注册表,您需要在UI中添加自己的注册表。 使用此版本...
api-ms-win-core-registry-l1-1-0.dll适用于window10 、windows server2012 64位系统
Could not resolve dependencies for project org.apache.flink:flink-avro-confluent-registry:jar:1.15.3: Could not find artifact io.confluent:kafka-schema-registry-client:jar:6.2.2 in maven 安装本地...
讲述了如何部署registry、registry-web的部署,以及registry-web如何管理registry私库的镜像上传、下载的授权、镜像删除、用户管理
META-INF/MANIFEST.MF com.ice.jni.registry.HexNumberFormat.class com.ice.jni.registry.NoSuchKeyException.class com.ice.jni.registry.NoSuchValueException.class com.ice.jni.registry.RegBinaryValue.class ...
解决docker报错dial tcp lookup registry-1.docker.io
Tools and techniques for post mortem analysis are discussed at length to take users beyond the current use of viewers and into real analysis of data contained in the Registry. This second edition ...
TCP/IP Registry Values for Microsoft Windows Vista and Windows Server 2008
Registry.Workshop.v4.5.0 + 注册机
您可以在两个版本之间进行选择,即标准接口( joxit/docker-registry-ui:latest )和静态接口( joxit/docker-registry-ui:static )。 在标准界面中,没有默认注册表,您需要在UI中添加自己的注册表。 使用此版本...
docker官方镜像仓库registry离线包,使用docker load -i registry.tar
registry.properties access.control.allow.methods=GET,POST,PUT,OPTIONSaccess.control.allow.origin=*然后重新启动[schema-registry]服务在本地进行设置我们还提供了schema-registry和schema-registry-ui,作为...
赠送jar包:micrometer-registry-prometheus-1.8.2.jar 赠送原API文档:micrometer-registry-prometheus-1.8.2-javadoc.jar 赠送源代码:micrometer-registry-prometheus-1.8.2-sources.jar 包含翻译后的API文档...
docker容器化+图形界面portainer+镜像私有仓库registry+docker-registry-ui+以及springboot+vue部署示例,安装文档自己部署了好几次,绝对可执行!!!
docker-registry-nginx 使用docker-compose在nginx反向代理后面设置 v2的简单方法。为什么? 我想用我已经知道的工具来保护我的docker注册表,例如nginx,它提供IP限制,基本访问身份验证和TLS。其他选择您可以按照...