docker private registry

centos 7 설치

도커 설치

폴더 생성

mkdir -p /data/docker/auth
cd /data/docker

lets encrypt ssl 발급받기

sudo bash
sudo curl -L "https://github.com/docker/compose/releases/download/1.23.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
sudo yum update
sudo yum install epel-release git -y
sudo yum install python-pip -y
sudo yum install python-virtualenv -y

sudo pip install requests urllib3 pyOpenSSL --force --upgrade

cd /tmp
git clone https://github.com/certbot/certbot.git 
cd certbot

./certbot-auto certonly \
--manual \
--preferred-challenges=dns \
--email teamsmiley@gmail.com \
--server https://acme-v02.api.letsencrypt.org/directory \
--agree-tos \
--debug \
--no-bootstrap \
-d registry.publishapi.com

_acme-challenge.registry txt 도메인에 등록하라고 나옴

Please deploy a DNS TXT record under the name
_acme-challenge.UR-DOMAIN.COM with the following value:

h1vJeUEv6AYJu5stnwlLy-xxx

Before continuing, verify the record is deployed.

도메인에 txt 레코드 등록하고 조금기다려서 dns가 업데이트가 되고 나면 엔터

Press Enter to Continue
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/UR-DOMAIN.COM/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/UR-DOMAIN.COM/privkey.pem
   Your cert will expire on 2019-03-23. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

발급 됬음

아이디 비번 발급

docker run \
  --entrypoint htpasswd \
  registry -Bbn USERNAME PASSWORD > /data/docker/auth/htpasswd

도커 실행

cd /data/docker/registry/ vi docker-compose.yml

---
version: "3.3"
services:
  registry:
    container_name: 'registry'
    restart: always
    image: registry
    privileged: true
    ports:
      - 5000:5000
    environment:
      TZ: "America/Los_Angeles"
      REGISTRY_AUTH: htpasswd
      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
      REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
      REGISTRY_STORAGE_DELETE_ENABLED: "true"
      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data/registry
      REGISTRY_HTTP_TLS_CERTIFICATE: /etc/letsencrypt/live/UR_DOMAIN/fullchain.pem
      REGISTRY_HTTP_TLS_KEY: /etc/letsencrypt/live/UR_DOMAIN/privkey.pem
    volumes:
      - /data/registry:/data/registry/docker/registry
      - /etc/letsencrypt:/etc/letsencrypt
      - ./auth:/auth

cd /data/docker/
docker-compose up -d

확인

docker login UR_DOMAIN:5000

이걸 안하면 spinnaker에서 docker image list를 못가져온다.

teamsmiley's profile image

teamsmiley

2018-12-22 00:00

Read more posts by this author