docker-registry-ui 管理镜像
概要: docker-registry-ui是当前为数不多的轻量级WEB端管理docker镜像的工具,此篇内容介绍其基本使用方法。
创建时间: 2023.08.03 00:06:41
更新时间: 2023.08.03 00:20:25
部署docker-registry-ui
此处直接使用了作者提供的独立UI部署方式,配合http的basic验证方式,其配置参考如下
准备工作
| Bash |
|---|
| mkdir -p /var/docker-registry/registry-config
|
准备docker-compose文件
| YAML |
|---|
| version: '2.0'
services:
registry:
image: registry:2.7
ports:
- 5000:5000
volumes:
- ./registry-data:/var/lib/registry
- ./registry-config/credentials.yml:/etc/docker/registry/config.yml
- ./registry-config/htpasswd:/etc/docker/registry/htpasswd
ui:
image: joxit/docker-registry-ui:latest
ports:
- 80:80
environment:
- REGISTRY_TITLE=LZWANG Docker # 自定义主页显示的Registry名称
- REGISTRY_URL=http://192.168.2.241:5000 # 改成自己的IP,不建议使用localhost代替
- SINGLE_REGISTRY=true
depends_on:
- registry
|
准备registry配置文件
| YAML |
|---|
| version: 0.1
log:
fields:
service: registry
storage:
delete:
enabled: true
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
Access-Control-Allow-Origin: ['http://192.168.2.241'] # 改成自己的IP,不建议使用localhost代替
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
Access-Control-Allow-Headers: ['Authorization', 'Accept']
Access-Control-Max-Age: [1728000]
Access-Control-Allow-Credentials: [true]
Access-Control-Expose-Headers: ['Docker-Content-Digest']
auth:
htpasswd:
realm: basic-realm
path: /var/docker-registry/registry-config/htpasswd # 密码文件放置
|
准备账号密码
docker-registry-ui默认使用bcrypt进行加密,其管理账号密码的命令如下:
| Bash |
|---|
| # 生成新的密码文件,-c参数即创建文件, -B参数使用bcrypt对文件进行加密
htpasswd -B -c ${htpasswd_file_path} ${user_name_1}
# 在已有的密码文件中追加新的用户密码
htpasswd -B ${htpasswd_file_path} ${user_name_2}
# 删除已有用户
htpasswd -D ${htpasswd_file_path} ${user_name_2}
|
检查配置
| Bash |
|---|
| cd /var/docker-registry
tree
|
| Text Only |
|---|
| .
├── docker-compose.yaml
└── registry-config
├── credentials.yml
└── htpasswd
|
部署docker-registry-ui
| Bash |
|---|
| cd /var/docker-registry
docker-compose up -d
|
部署基于 S3 存储的 registry
配置 docker-compose.yaml
| YAML |
|---|
| # https://github.com/Joxit/docker-registry-ui/tree/main/examples/issue-75
version: "3"
services:
dev-docker-registry-server:
image: registry:2
container_name: dev_docker_registry_server
restart: always
hostname: docker_registry_server
networks:
- docker_registry_net
volumes:
- ./config.yml:/etc/docker/registry/config.yml
environment:
- UID=$(id -u)
- GID=$(id -g)
dev-docker-registry-ui: # https://github.com/Joxit/docker-registry-ui
image: joxit/docker-registry-ui:main
restart: always
container_name: dev_docker_registry_ui
hostname: docker_registry_ui
ports:
- "58000:80"
networks:
- docker_registry_net
environment:
- UID=$(id -u)
- GID=$(id -g)
- SINGLE_REGISTRY=true
- REGISTRY_TITLE=Docker Registry Home
- DELETE_IMAGES=false
- SHOW_CONTENT_DIGEST=true
- NGINX_PROXY_PASS_URL=http://dev-docker-registry-server:5000
- SHOW_CATALOG_NB_TAGS=true
- CATALOG_MIN_BRANCHES=1
- CATALOG_MAX_BRANCHES=1
- TAGLIST_PAGE_SIZE=100
- REGISTRY_SECURED=false
- CATALOG_ELEMENTS_LIMIT=1000
networks:
docker_registry_net:
name: docker_registry_net
driver: bridge
|
配置 config.yml
此文件映射到上面docker-compose.yaml中的 ./config.yml:/etc/docker/registry/config.yml,注意更改下面的S3相关配置,此配置没有启用SSL
| YAML |
|---|
| version: 0.1
log:
level: debug
formatter: text
fields:
service: registry
environment: staging
loglevel: debug
storage:
s3:
accesskey: your_s3_access_key
secretkey: your_s3_secret_key
region: cn-xa
regionendpoint: http://192.168.2.149:9000
# Make sure you've created the following bucket.
bucket: docker-registry
encrypt: false
secure: false
v4auth: true
chunksize: 5242880
rootdirectory: /
delete:
enabled: true
maintenance:
uploadpurging:
enabled: true
age: 168h
interval: 24h
dryrun: false
readonly:
enabled: false
http:
addr: :5000
|
使用
配置docker服务
编辑本地的docker配置文件/etc/docker/daemon.json
| JSON |
|---|
| {
"insecure-registries": [
"192.168.2.145:58000"
]
}
|
然后重启Docker相关服务
| Bash |
|---|
| sudo systemctl daemon-reload
sudo systemctl restart docker
|
登录
| Bash |
|---|
| docker login http://192.168.2.145:58000
|
其中用户名为S3的accesskey,密码为secretkey
打标签
| Bash |
|---|
| docker tag a81165a2b318 192.168.2.145:58000/portainer/agent:latest
|
推送镜像
| Bash |
|---|
| docker push 192.168.2.145:58000/portainer/agent:latest
|
参考