I don’t know if anyone using docker has encountered the same problem as me. I want to make a private docker image server, but:
1. The official registry only supports command line and API interaction, and the cost of image management and permission management is relatively high
2. The relatively mature Harbor, I personally feel that the design is too heavy and requires a lot of components, so I dismissed it after just one glance**
I just want something as simple as maven private server nexus! ! !
Then open github and search as usual. I believe I am not the only one who has this idea. Sure enough, I found an open source project that looks quite reliable.
zebox/registry-admin : https://github.com/zebox/registry-admin/tree/master/app/server
github address
First of all, I would like to thank this author for sharing. When I first saw the screenshot of ReadMe, I felt that this was what I was looking for. ,
After reading the introduction, I just need to do a simple configuration and then start it through docker-compose. There are only 2 images in total.
1.Official registry:2
2.registry-admin:master
It’s very simple, isn’t it? Function support: user management, rights management, image retrieval, viewing, management is enough to meet our daily use.
The next step is to read the official documents and deploy them all the way. I will introduce my practical process in detail here. Some details are missing in the official documents and you need to solve them by yourself.
The mode I use is based on http basic-auth for simple permission control. In this mode, it can support management of which accounts are allowed to access private servers, but it cannot be as detailed as the permission control for specific images, so refer to: https: //github.com/zebox/registry-admin/tree/master/_examples/basic_auth
ps: The author reminds you to authorize the relevant files needed to run registry-admin to the account you use to run the docker container.
https://github.com/zebox/registry-admin/tree/master/app/server
Here, the first thing you see is docker-compose.yml. This is the docker-compose configuration file used to start the docker service. The details of docker-compose will not be expanded.
registry-admin has a total of 4 key configuration files
1.docker-compose.yml #docker container startup configuration file
2.basic-ra-config.yml #registry-admin run configuration file
3.registry-config.yml #registry running configuration file
4…htpasswd #basic-auth encrypted account file
Among them, basic-ra-config.yml and registry-config.yml are in the /config directory. htpasswd needs to be created by yourself. I will tell you one by one.
1.docker-compose.yml container startup configuration file
Open the file and you can see the content. There are some places that need to be adjusted. I marked them.
version: '3' #This should be changed from 2.1 to 3
services:
registry-admin:
container_name: registry-admin #The fixed container name I added
restart: unless-stopped
image: zebox/registry-admin:master
ports:
- 8080:80 #The host port 8080 here can be modified as needed
environment:
- RA_CONFIG_FILE=/app/config/basic-ra-config.yml #This is the key configuration file for registry-admin operation
#Mapping of container directory and host directory
volumes:
- ./certs:/certs
- ./config:/app/config
- ./access:/app/access
- ./data:/app/data
- ./log:/app/log #I added a log file storage directory
#The original work does not have it. The specified container I added is added to the mynetwork custom network, and the IP is fixed. The IP can be adjusted, but it must adapt to the network segment of the custom network configuration.
networks:
mynetwork:
ipv4_address: 172.20.0.3
registry:
container_name: registry #The fixed container name I added
restart: unless-stopped
image: registry:2
ports:
- 50554:5000
volumes:
- ./data:/var/lib/registry
- ./certs:/certs
- ./config/registry-config.yml:/etc/docker/registry/config.yml #This is the key configuration file for registry operation
- ./access:/etc/docker/registry/access
depends_on:
-registry-admin
#The original work does not have it. The specified container I added is added to the mynetwork custom network, and the IP is fixed. The IP can be adjusted, but it must adapt to the network segment of the custom network configuration.
networks:
mynetwork:
ipv4_address: 172.20.0.3
#The original work does not have it, I added the custom network configuration
networks:
mynetwork: #Through docker network create --subnet=172.20.0.0/24 mynetwork
external: true
Here I added the creation of a custom network and set up 2 containers to join the network and fixed the IP (this step is very critical)
The main purpose is to join containers in the same custom network. The networks are interconnected, and more importantly, the http url provided by the target container can be directly accessed through http://container_name/. To put it simply, it is similar to configuring hosts, so There is no need to hardcode the IP address in the service configuration of basic-ra-config.yml and registry-config.yml. The reason for fixing the IP is because I don’t want the container IP to jump back and forth to facilitate future management.
2.basic-ra-config.yml
hostname: 127.0.0.1
registry:
host: http://registry #According to the custom network configuration I just made, this URL can only be accessed after the container is started.
port: 5000
auth_type: basic
htpasswd: /app/access/.htpasswd #This file needs to be generated with apache2-utils
login:admin
password: super-secret # This is the administrator's default password and can be modified, but synchronization requires modifying the corresponding configuration in registry-config.yml
#I added about the log configuration and other configurations. You can check the official website of the project by yourself.
logger:
enabled: true
filename: /app/log/access.log
max_size: 20M
max-backups: 3
store:
type: embedded
admin_password: super-secret # This is the password for the registry-admin embedded database. It can be modified and does not have to be consistent with the above.
embed:
path: /app/data/store.db
3.registry-config.yml
version: 0.1
log:
accesslog:
disabled: false
level: info #I changed debug to info
formatter: text
fields:
service: registry
storage:
filesystem:
rootdirectory: /var/lib/registry
maxthreads: 100
delete:
enabled: true
http:
addr: ":5000"
net: tcp
auth:
htpasswd:
realm: basic-realm
path: /etc/docker/registry/access/.htpasswd #This file can use the same file as basic-ra-config.yml
notifications:
events:
includereferences: true
endpoints:
- name: ra-listener
disabled: false
url: http://registry-admin/api/v1/registry/events #According to the custom network configuration I just made, this url can only be accessed after the container is started.
headers:
# 'admin:super-secret' base64 encode string If you change the default password of admin in basic-ra-config.yml, you need to regenerate "admin:${new password}" and modify the configuration.
Authorization: [Basic YWRtaW46c3VwZXItc2VjcmV0]
timeout: 1s
threshold: 5
backoff: 3s
ignoredmediatypes:
-application/octet-stream
ignore:
mediatypes:
-application/octet-stream
4.htpasswd
#Install Apache’s htpasswd tool to generate account configuration files
sudo apt-get install apache2-utils
#generate file
htpasswd -Bc /path/to/htpasswd $username $password #You can initialize an account at will
During the deployment process, create the directory structure as follows
/registry-admin Docker-compose.yml is stored in this directory
/certs
/config This directory stores basic-ra-config.yml and registry-config.yml
/access generates .htpasswd file in this directory
/data
/log
Adjust the configuration file according to the modification of the heap configuration file in my article.
Authorize registry-admin and subdirectories and files to the user running docker through chown -R
Start service
**
Enter /registry-admin and run docker-compose -p registry-admin -f ./docker-compose.yml. up -d
-p is to specify a project name, personal preference
Auto-start has been specified in the configuration. In the future, as long as the main docker process starts, these two services will start.
Stop the service and uninstall the container
docker-compose -p registry-admin -f ./docker-compose.yml. down
If everything is normal, you can access the private server login page through the host’s IP: 8080 (according to the port you configured).
Enter the previously configured admin password to log in
After logging in successfully, click “Repositories” to view and manage images.
If it shows
You can click SYNC to synchronize manually
Generally speaking, Registry reports data to registry-admin through event triggering (push and the like), and also supports active synchronization by registry-admin.
If you encounter any problems, you can check the logs
The log of registry-admin is under the log directory created before.
The registry’s log is under /var/lib/docker/${registry’s container_id}/
For more detailed usage functions, you can explore by yourself.