[리눅스] docker registry 서버 구성

docker registry 서버 구성

- docker hub : https://hub.docker.com/_/registry

- github : https://github.com/distribution/distribution

SSL 인증서 생성(let's encrypt)

certbot.sh 스크립트 생성

vim certbot.sh

docker run -it --rm --name certbot \
  -v '/etc/letsencrypt:/etc/letsencrypt' \
  -v '/var/lib/letsencrypt:/var/lib/letsencrypt' \
  certbot/certbot certonly -d 'dockerhub.scbyun.com' \
  --manual --preferred-challenges dns \
  --server https://acme-v02.api.letsencrypt.org/directory

chmod +x certbot.sh

SSL 인증서 갱신(let's encrypt renewal)

certbot-renew.sh 스크립트 생성

vim certbot-renew.sh

docker run -it --rm --name certbot \
  -v '/etc/letsencrypt:/etc/letsencrypt' \
  -v '/var/lib/letsencrypt:/var/lib/letsencrypt' \
  certbot/certbot --renew-by-default certonly -d 'dockerhub.scbyun.com' \
  --manual --preferred-challenges dns \
  --server https://acme-v02.api.letsencrypt.org/directory

chmod +x certbot-renew.sh

.htpasswd 파일 생성

docker run --rm --entrypoint htpasswd registry:2.6.2 -Bbn admin admin > ./conf/registry/auth/registry.password

registry 컨테이너로 올리기

docker-compose.yml 파일 작성

version: '3.7'
services:
   registry:
      image: registry:2
      restart: unless-stopped
      container_name: registry
      # privileged: true
      environment:
         REGISTRY_HTTP_ADDR: 0.0.0.0:5000
         REGISTRY_HTTP_TLS_KEY: /etc/letsencrypt/live/dockerhub.scbyun.com/privkey.pem
         REGISTRY_HTTP_TLS_CERTIFICATE: /etc/letsencrypt/live/dockerhub.scbyun.com/fullchain.pem
         REGISTRY_AUTH: htpasswd
         REGISTRY_AUTH_HTPASSWD_REALM: "Registry Realm"
         REGISTRY_AUTH_HTPASSWD_PATH: /auth/registry.password
      volumes:
         - /etc/letsencrypt:/etc/letsencrypt:ro
         - ./registry:/var/lib/registry/docker/registry/v2
         - ./conf/registry/auth/registry.password:/auth/registry.password
      ports:
         - 5000:5000
      networks:
         - registry-net

docker-compose up -d

$ docker-compose ps
NAME                COMMAND                  SERVICE             STATUS              PORTS
registry            "/entrypoint.sh /etc…"   registry            running             0.0.0.0:5000->5000/tcp

---

private registry 이미지 업로드하기

private registry 로그인

docker login -u admin https://dockerhub.scbyun.com:5000

$ docker login -u admin https://dockerhub.scbyun.com:5000
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

이미지 태그 설정

docker image tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]

docker tag centos:7 dockerhub.scbyun.com:5000/centos:7

이미지 PUSH

docker image push [OPTIONS] NAME[:TAG]

docker push dockerhub.scbyun.com:5000/centos:7

private registry 이미지 확인

curl -XGET https://admin:admin@dockerhub.scbyun.com:5000/v2/_catalog

$ curl -XGET https://admin:admin@dockerhub.scbyun.com:5000/v2/_catalog
{"repositories":["centos","hello-world"]}

curl -XGET https://admin:admin@dockerhub.scbyun.com:5000/v2/centos/tags/list

$ curl -XGET https://admin:admin@dockerhub.scbyun.com:5000/v2/centos/tags/list
{"name":"centos","tags":["7"]}

이미지 PULL

docker image pull [OPTIONS] NAME[:TAG|@DIGEST]

docker pull dockerhub.scbyun.com:5000/centos:7

$ docker pull dockerhub.scbyun.com:5000/centos:7
7: Pulling from centos
2d473b07cdd5: Pull complete
Digest: sha256:dead07b4d8ed7e29e98de0f4504d87e8880d4347859d839686a31da35a3b532f
Status: Downloaded newer image for dockerhub.scbyun.com:5000/centos:7
dockerhub.scbyun.com:5000/centos:7