閃電秀文:Set Up Your Private Docker Registry

MUST HAVE

VPS (為了 ip ), Domain

社群上有學員回饋可以用 ngrok 這樣一來可以免費申請網址,不知道願不願具名但感謝你 😀

Install Docker (Registry, Engine)

ssh [email protected] 遠端連線至Server

遵照官方安裝步驟

https://docs.docker.com/engine/install/ubuntu/#installation-methods

坑1 : 使用 snap install docker.io 的話,可能會使Docker Service存取不到System的Folder。

Mapping Domain to your IP

例如:Godaddy, Gandi

假設是registry.phelix.life來說
設定registry -> 123.456.78.90
試著ping domain測試成功沒。

Install CertBot

apt install certbot
registry.phelix.life 你要簽ssl, tsl的網域
certbot certonly -d registry.phelix.life


Let’s Encrypt有頻率限制

  • Same Domain, 5次申請 / 1 week
    • 申請第一次 [www.example.com, example.com]
    • 申請第二次 [www.example.com]
    • 這兩個就是不同Domain
  • Each Account, 5次網域驗證失敗限制 / per hours,善用 –staging 參數。
  • Each IP, 10 accounts 建立 / 3 hours

Generate Crt & Key File

cd /etc/letsencrypt/live/registry.phelix.life
mkdir /certs
cat fullchain.pem > /certs/domain.crt
cat privkey.pem > /certs/domain.key

Set Password To Restricted

mkdir -p /opt/registry/auth
apt install apache2-utils
htpasswd -Bbn 你的帳號 你的密碼 > /opt/registry/auth/htpasswd

Host Your Registry

“$(pwd)” => /etc/letsencrypt/live/registry.phelix.life

docker run -d \
--restart=always \
--name registry \
-v "$(pwd)"/certs:/certs \
-v /opt/registry/auth:/auth \
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
-e REGISTRY_AUTH=htpasswd \
-e REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-e REGISTRY_HTTP_SECRET: some_random_string_to_use \
-p 443:443 \
registry:2

Try Pull & Push Again Should Need Login

docker pull ubuntu:16.04
docker tag ubuntu:16.04 registry.phelix.life/my-ubuntu
docker push registry.phelix.life/my-ubuntu
docker pull registry.phelix.life/my-ubuntu

Back to Client-Side

docker login registry.phelix.life
docker pull registry.phelix.life/my-ubuntu

Reference

https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository

https://docs.docker.com/registry/deploying/#use-an-intermediate-certificate

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *