Docker仓库管理
目录
之前写过一篇文章《如何搭建私有的docker registry 》记录如何部署私有 docker 仓库,时隔已久,今天我们重新找了一些新的开源工具,以便更加方便地进行管理。
Docker Registry
首先,我们依旧需要进行docker仓库的搭建,参考官方文档,同时我们还使用 htpasswd 来进行简单的认证:
#!/bin/bash set -ex docker run -d --rm -p 5000:5000 --name docker-registry \ -v /home/ubuntu/vhost/docker:/var/lib/registry \ -v /home/ubuntu/vhost/docker/auth:/auth \ -e REGISTRY_AUTH=htpasswd \ -e REGISTRY_AUTH_HTPASSWD_REALM=RegistryRealm \ -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \ -e REGISTRY_STORAGE_DELETE_ENABLED=true \ registry:2
Registry UI
之前我们使用 docker-frontend 来作为 web 界面,不过其实并不是太好用,它只支持DOCKER REGISTRY V2,而且有些功能也不完善。
因此这一次我们将改用 craneoperator :
#!/bin/bash set -ex docker run -d --rm -p 5002:80 \ -e REGISTRY_HOST=192.168.0.1 \ -e REGISTRY_PORT=5000 \ -e REGISTRY_PROTOCOL=http \ -e SSL_VERIFY=false \ -e REGISTRY_PUBLIC_URL=docker.chenjiehua.me \ -e ALLOW_REGISTRY_LOGIN=true \ -e REGISTRY_ALLOW_DELETE=true \ -e TITLE="Docker Registry" \ parabuzzle/craneoperator:latest
Portaniner
最后,我们使用 portainer 来管理我们的 docker 实例:
#!/bin/bash set -ex docker run -d --rm -p 5001:9000 \ --name portainer \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /home/ubuntu/vhost/docker/portainer:/data \ portainer/portainer
Nginx配置
我们使用 nginx 来做web server,配置docker https 访问:
# docker
server {
listen 80;
server_name docker.chenjiehua.me;
return 301 https://$host$request_uri$is_args$args;
}
server {
listen 443 ssl;
index index.html index.htm;
server_name docker.chenjiehua.me;
root /var/www;
ssl on;
ssl_certificate /etc/letsencrypt/live/docker.chenjiehua.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/docker.chenjiehua.me/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
access_log /home/ubuntu/log/nginx/docker.log main;
error_log /home/ubuntu/log/nginx/docker-err.log;
client_max_body_size 512M;
# docker webui
location / {
proxy_pass http://127.0.0.1:5002;
include proxy_params;
}
# docker registry
location /v2 {
proxy_pass http://127.0.0.1:5000;
include proxy_params;
}
# docker portainer
location /web/ {
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_pass http://127.0.0.1:5001/;
}
location /web/api/websocket/ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:5001/api/websocket/;
}
location /.well-known/acme-challenge/ {
root /var/www;
}
}这样子,我们就可以正常通过浏览器访问 docker 啦。
参考:
码字很辛苦,转载请注明来自ChenJiehua的《Docker仓库管理》
2020-04-06 2020-04-06 docker
评论