Prerequisites
1. Docker and docker-compose.
> apt-get install docker
> apt-get install docker-compose
In Centos,
> yum install docker-compose
> yum install docker-compose
2. Nginx ,
command: apt-get install nginx.
In Centos,
>yum install nginx
3. Self -Signed SSL certificate for Nginx.
4. apache2-utils to restrict image access using user name and password.
command: apt-get install apache2-utils
In Centos,
> yum install httpd-tools
5. Nano editor (you can use any editor you like).
Command: apt-get install nano
In Centos,
> yum install nano
Let's Begin,
First, we need to create a docker-registry to keep images and authentication data.
1. Let's create a docker-registry directory and data,auth directories inside root.
> mkdir ~/docker-registry && cd $_
> mkdir data
> mkdir auth
Now create a docker-compose.yml file and add the following content
//Creating a docker-compose.yml file
> nano docker-compose.yml
//docker-compose content
version: '3'
services:
docker-registry:
image: registry:2
restart: always
container_name: docker-registry
ports:
- "5000:5000"
environment:
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry
REGISTRY_AUTH_HTPASSWD_PATH: /auth/registry.password
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
volumes:
- ./auth:/auth
- ./data:/data
docker-registry-ui:
image: konradkleine/docker-registry-frontend:v2
container_name: docker-registry-ui
ports:
- "8080:80"
environment:
ENV_DOCKER_REGISTRY_HOST: docker-registry
ENV_DOCKER_REGISTRY_PORT: 5000
//Before running docker-compose up,lets create a user for docker login purpose
> cd auth
> htpasswd -Bc registry.password <username>
Example:
> htpasswd -Bc registry.password advik
And then enter password
//Check authentication working by running docker-compose
> docker-compose up -d
//and then go to http://localhost:5000/v2
// After entering username and the corresponding password, you will see {} again
// Now we can set up nginx
// let's create an open SSL certificate for nginx
> openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
//Enter current system’s IP address as Common Name in the certificate
//Configuring Nginx to Use SSL
> sudo nano /etc/nginx/snippets/self-signed.conf
//self-sgned.conf content
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
//add SSL certificate info to advik-images.com
> sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/advik-images.com
> sudo nano /etc/nginx/sites-available/advik-images.com
//advik-images.com - Content
server
{
listen 443 SSL;
listen [::]:443 SSL;
include snippets/self-signed.conf;
server_name advik-images.com www.advik-images.com;
root /var/www/advik-images.com/html;
location / {
proxy_pass http://localhost:5000;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
}
server {
listen 80;
listen [::]:80;
root /var/www/advik-images.com/html;
index index.html index.htm index.nginx-debian.html;
server_name advik_images.com www.advik-images.com;
return 301 https://$server_name$request_uri;
}
//Create advik-images.com index page
> sudo mkdir -p /var/www/advik-images.com/html
> sudo chown -R $USER:$USER /var/www/advik-images.com/html
> sudo chmod -R 755 /var/www/advik-images.com
> nano /var/www/advik-images.com/html/index.html
//index.html content
<html>
<head>
<title>Welcome to Advik-Images.com!</title>
</head>
<body>
<h1>Success! The Advik-Images.com server block is working!</h1>
</body>
</html>
//Create a soft link of advik-images.com to site-enabled
> sudo ln -s /etc/nginx/sites-available/advik-images.com /etc/nginx/sites-enabled/
// To avoid a possible hash bucket memory problem
> sudo nano /etc/nginx/nginx.conf
//add these lines to
“ server_names_hash_bucket_size 64; “
“ client_max_body_size 2000M; “
Example :
http {
...
server_names_hash_bucket_size 64;
client_max_body_size 2000M;
...
}
//Ok let's configure the firewall to allow only HTTP and HTTPS
> sudo ufw allow "Nginx HTTP"
//stop and start Nginx
> service stop Nginx
> service start nginx
// Let's add exception inside docker to allow login from the current system.
//If you want to login into docker add an exception for docker in that system by giving this system’s IP as an exception.
//for that let's create daemon.json and add a JSON document inside etc/docker directory.
//Here My System’s IP is 192.168.2.14.
(here I added advik-images.com also, so that later we can pull using both IP and domain name)
> nano /etc/docker/daemon.json
//daemon.json content
Example :
{
"insecure-registries":["192.168.2.14","advik-images.com"]
}
*(here I added advik-images.com also, so that later we can pull using both ip and domain name)
//now stop and start docker service
> service docker stop
> service docker start
//Lets add advik.images.com to /etc/hosts also,so that it will redirect to the ip
> nano /etc/hosts
//etc/hosts content
Example :
...
192.168.2.14 advik-images.com
...
// let's publish an image into docker-repository
//For that, I am pulling a small image alpine from docker hub first
> docker pull alpine
// let's tag it with repository address specified to create an image to push into the repository.
Syntax : docker tag <image full name> <ip>/<username>/new image full name.
Example:
> docker tag alpine:latest 192.168.2.14/akhi/test-image:v1
//login to docker repository to push the image
Example:
> docker login 192.168.2.14
//enter user name and password
//the push image
Example:
> docker push 192.168.2.14/akhi/test-image:v1
// Now Try to pull that image back.
//First login
> docker login 192.168.2.14
//enter user name and password
//Then pull the image by giving address and image name
Example:
> docker pull 192.168.2.14/akhi/test-image:v1
(Similarly, you can use docker login advik-images.com also )
Thank You
References:
https://www.youtube.com/watch?v=8gEs_zefNYA
Host your own docker registry | Local Docker Registry | Docker Registry using Docker Compose | SelfTuts Channel
അഭിപ്രായങ്ങള്
ഒരു അഭിപ്രായം പോസ്റ്റ് ചെയ്യൂ