CentOS7基于Nginx和Registry2.0搭建Docker安全私有仓库

2饿1二

作用：Nginx做反向代理，在访问私有仓库时加个密码验证，密码用htpasswd生成

IP：192.168.0.227
1.下载registry2.0镜像

1	docker pull  registry:2.1.1

2.安装Nginx

1	yum  -y install nginx

3.创建docker仓库数据和配置目录

1 2	sudo mkdir -p /opt/docker/registry/data sudo mkdir -p /opt/docker/registry/conf

4.运行docker仓库

1	docker run -d -p 5000:5000 -v /opt/docker/registry/data:/tmp/registry --name registry docker.io/registry:2.1.1

5.基于htpasswd创建访问仓库的账户密码

1 2 3

yum -y install httpd-tools  #htpasswd是apache的工具 htpasswd -c /opt/docker/registry/conf/docker-registry.htpasswd jack  第一次创建需要加-c htpasswd    /opt/docker/registry/conf/docker-registry.htpasswd user2

6.配置Nginx

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69

vim  /etc/nginx/nginx.conf # For more information on configuration, see: #   * Official English Documentation: http://nginx.org/en/docs/ #   * Official Russian Documentation: http://nginx.org/ru/docs/ user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; events {     worker_connections 1024; } http {     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '                       '$status $body_bytes_sent "$http_referer" '                       '"$http_user_agent" "$http_x_forwarded_for"';     access_log  /var/log/nginx/access.log  main;     sendfile            on;     tcp_nopush          on;     tcp_nodelay         on;     keepalive_timeout   65;     types_hash_max_size 2048;     include             /etc/nginx/mime.types;     default_type        application/octet-stream;     # Load modular configuration files from the /etc/nginx/conf.d directory.     # See http://nginx.org/en/docs/ngx_core_module.html#include     # for more information.     include /etc/nginx/conf.d/*.conf;     upstream webserver {                  #webserver为自定义，被下边调用        server 192.168.0.227:5000;         #写要代理的IP:PORT        }     server {             listen       8080 default_server; #这里定义访问端口：http://192.168.0.227:8080/v2             location / {             auth_basic  "please input username/password sina";             auth_basic_user_file  /opt/docker/registry/conf/docker-registry.htpasswd;             proxy_pass http://webserver;   #调用上边的webserver        }        }     server {         listen       80 default_server;         listen       [::]:80 default_server;         server_name  _;         root         /usr/share/nginx/html;         # Load configuration files for the default server block.         include /etc/nginx/default.d/*.conf;         location / {         }         error_page 404 /404.html;             location = /40x.html {         }         error_page 500 502 503 504 /50x.html;             location = /50x.html {         }     } }

7.测试：
输入http://192.168.0.227:8080/v2 #因为配置文件中定义了8080