വ്യാഴാഴ്‌ച, ജൂലൈ 23

How to create a local docker images repository?


Prerequisites

1. Docker and docker-compose.

        > apt-get install docker

        > apt-get install docker-compose

    In Centos, 

    yum install docker-compose

    > yum install docker-compose

2. Nginx , 

    command: apt-get install nginx.

    In Centos,

      >yum install nginx

3. Self -Signed SSL certificate for Nginx.

4. apache2-utils to restrict image access using user name and password.

    command: apt-get install apache2-utils

    In Centos,

        > yum install httpd-tools

5. Nano editor (you can use any editor you like).

Command: apt-get install nano

In Centos,

  > yum install nano

Let's Begin,

 

First, we need to create a docker-registry to keep images and authentication data.

 

1. Let's create a docker-registry directory and data,auth directories inside root.

 

> mkdir ~/docker-registry && cd $_

> mkdir data

> mkdir auth


Now create a docker-compose.yml file and add the following content

//Creating a docker-compose.yml file

> nano docker-compose.yml

 

//docker-compose content

version: '3'

 

services:

  docker-registry:

    image: registry:2

restart: always

container_name:  docker-registry

    ports:

    - "5000:5000"

    environment:

      REGISTRY_AUTH: htpasswd

      REGISTRY_AUTH_HTPASSWD_REALM: Registry

      REGISTRY_AUTH_HTPASSWD_PATH: /auth/registry.password

      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data

    volumes:

      - ./auth:/auth

      - ./data:/data

 

  docker-registry-ui:

    image: konradkleine/docker-registry-frontend:v2

    container_name: docker-registry-ui

    ports:

      - "8080:80"

    environment:

      ENV_DOCKER_REGISTRY_HOST: docker-registry

      ENV_DOCKER_REGISTRY_PORT: 5000

 

//Before running docker-compose up,lets create a user for docker login purpose


> cd auth

> htpasswd -Bc registry.password <username>

 

Example:


> htpasswd -Bc registry.password advik

And then enter password

 

 

//Check authentication working by running docker-compose


> docker-compose up -d

 

//and then go to http://localhost:5000/v2 

// After entering username and the corresponding password, you  will see {} again

// Now we can set up nginx

// let's create an open SSL certificate for nginx

> openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt


//Enter current system’s IP address as Common Name in the certificate

//Configuring Nginx to Use SSL

 

>  sudo nano /etc/nginx/snippets/self-signed.conf


//self-sgned.conf content

 

ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;

ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;

 

//add SSL certificate info to advik-images.com

 

> sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/advik-images.com

 

> sudo nano /etc/nginx/sites-available/advik-images.com

 

//advik-images.com - Content

      server

{

listen 443 SSL;

 listen [::]:443 SSL; 

include snippets/self-signed.conf;       

server_name advik-images.com www.advik-images.com; 

 root /var/www/advik-images.com/html;

location / {                                                                                                         

        proxy_pass    http://localhost:5000;                

proxy_set_header  Host    $http_host; 

proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP 

proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;   

proxy_set_header  X-Forwarded-Proto $scheme;

proxy_read_timeout    900; 

}

}

server {

listen 80;

  listen [::]:80;

root /var/www/advik-images.com/html; 

index index.html index.htm index.nginx-debian.html; 

server_name advik_images.com www.advik-images.com;

return 301 https://$server_name$request_uri;

}

 

//Create advik-images.com index page


>  sudo mkdir -p /var/www/advik-images.com/html   

>  sudo chown -R $USER:$USER /var/www/advik-images.com/html

>  sudo chmod -R 755 /var/www/advik-images.com

>  nano /var/www/advik-images.com/html/index.html

 

//index.html content

<html>

    <head>

        <title>Welcome to Advik-Images.com!</title>

    </head>

    <body>

        <h1>Success!  The Advik-Images.com server block is working!</h1>

    </body>

</html>


//Create a soft link of advik-images.com to site-enabled


> sudo ln -s /etc/nginx/sites-available/advik-images.com /etc/nginx/sites-enabled/

 

// To avoid a possible hash bucket memory problem


> sudo nano /etc/nginx/nginx.conf

 

//add these lines to Nginx.conf

“ server_names_hash_bucket_size 64; “

“ client_max_body_size 2000M; “

Example :

 

http {

    ...

    server_names_hash_bucket_size 64;

client_max_body_size 2000M;

    ...

}


//Ok let's configure the firewall to allow only HTTP and HTTPS

> sudo ufw allow "Nginx HTTP"


 

//stop and start Nginx

 

> service stop Nginx

> service start nginx

 

 

// Let's add exception inside docker to allow login from the current system.

//If you want to login into docker add an exception for docker in that system by giving this system’s IP as an exception.

//for that let's create daemon.json and add a JSON document inside etc/docker directory.

 

//Here My System’s IP is 192.168.2.14.

(here I added advik-images.com also, so that later we can pull using both IP and domain name)

 

> nano /etc/docker/daemon.json

 

//daemon.json content

Example :

{

"insecure-registries":["192.168.2.14","advik-images.com"]

}

 *(here I added advik-images.com also, so that later we can pull using both ip and domain name)

//now stop and start docker service

 

> service docker stop

> service docker start


//Lets add advik.images.com to /etc/hosts also,so that it will redirect to the ip

 > nano /etc/hosts

//etc/hosts content

Example :

...
192.168.2.14    advik-images.com
...

// let's publish an image into docker-repository

//For that, I am pulling a small image alpine from docker hub first

 

> docker pull alpine

 

// let's tag it with repository address specified to create an image to push into the repository.

Syntax : docker tag <image full name> <ip>/<username>/new image full name.

Example:

 

> docker tag alpine:latest 192.168.2.14/akhi/test-image:v1

 

//login to docker repository to push the image

Example:

 

> docker login 192.168.2.14

//enter user name and password

 

//the push image

Example:

 

> docker push 192.168.2.14/akhi/test-image:v1

 

 

// Now Try to pull that image back.

//First login

 

> docker login 192.168.2.14

//enter user name and password

 

//Then pull the image by giving address and image name

Example:

 

> docker pull 192.168.2.14/akhi/test-image:v1

 

(Similarly, you can use docker login advik-images.com also )


Thank You


References:

https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-16-04

https://www.digitalocean.com/community/tutorials/how-to-set-up-a-private-docker-registry-on-ubuntu-18-04

https://www.youtube.com/watch?v=8gEs_zefNYA

Host your own docker registry | Local Docker Registry | Docker Registry using Docker Compose | SelfTuts Channel