论坛 › Docker › CentOS7基于Nginx和Registry2.0搭建Docker安全私有仓库

2饿1二 发表于 2015-12-29 08:45:57

CentOS7基于Nginx和Registry2.0搭建Docker安全私有仓库

作用：Nginx做反向代理，在访问私有仓库时加个密码验证，密码用htpasswd生成

IP：192.168.0.227
1.下载registry2.0镜像

1
docker pullregistry:2.1.1




2.安装Nginx

1
yum-y install nginx




3.创建docker仓库数据和配置目录

1
2
sudo mkdir -p /opt/docker/registry/data
sudo mkdir -p /opt/docker/registry/conf




4.运行docker仓库

1
docker run -d -p 5000:5000 -v /opt/docker/registry/data:/tmp/registry --name registry docker.io/registry:2.1.1




5.基于htpasswd创建访问仓库的账户密码

1
2
3
yum -y install httpd-tools#htpasswd是apache的工具
htpasswd -c /opt/docker/registry/conf/docker-registry.htpasswd jack第一次创建需要加-c
htpasswd    /opt/docker/registry/conf/docker-registry.htpasswd user2




6.配置Nginx

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
vim/etc/nginx/nginx.conf
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    log_formatmain'$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log/var/log/nginx/access.logmain;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type      application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    upstream webserver {                  #webserver为自定义，被下边调用
       server 192.168.0.227:5000;         #写要代理的IP:PORT

       }
    server {
            listen       8080 default_server; #这里定义访问端口：http://192.168.0.227:8080/v2
            location / {
            auth_basic"please input username/password sina";
            auth_basic_user_file/opt/docker/registry/conf/docker-registry.htpasswd;
            proxy_pass http://webserver;   #调用上边的webserver
       }
       }

    server {
      listen       80 default_server;
      listen       [::]:80 default_server;
      server_name_;
      root         /usr/share/nginx/html;

      # Load configuration files for the default server block.
      include /etc/nginx/default.d/*.conf;

      location / {
      }

      error_page 404 /404.html;
            location = /40x.html {
      }

      error_page 500 502 503 504 /50x.html;
            location = /50x.html {
      }
    }
}




7.测试：
输入http://192.168.0.227:8080/v2 #因为配置文件中定义了8080

查看完整版本: CentOS7基于Nginx和Registry2.0搭建Docker安全私有仓库