Registry Classification

  • Sponsor Registry: a third-party registry for customers and communities
  • Mirror Registry: third-party registry, only available to users
  • Vendor Registry: The registry provided by the vendor that published the image
  • Private Registry: Private registry with fire period and extra security layer (ssl)

Why you need a private registry

Generally deployed locally self-built (using intranet), if you use aliyun directly use the registry of ali can be.

  • Hosted Mirror
  • Low bandwidth consumption
  • Fast download speed
  • Rapid Deployment

Install docker-registry

To install registry in ubuntu 16.04 use apt-get install docker-registry. After installing the image storage directory is. /var/lib/docker-registry

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
root@iZm5e7rjmq1tkuwoy8h8vuZ:~# apt-get install docker-registry
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libopts25 python-meld3 python-pkg-resources
Use 'apt autoremove' to remove them.
The following NEW packages will be installed:
  docker-registry
0 upgraded, 1 newly installed, 0 to remove and 205 not upgraded.
Need to get 2,694 kB of archives.
After this operation, 12.6 MB of additional disk space will be used.
Get:1 http://mirrors.cloud.aliyuncs.com/ubuntu xenial/universe amd64 docker-registry amd64 2.3.0~ds1-1 [2,694 kB]
Fetched 2,694 kB in 0s (8,438 kB/s)       
Selecting previously unselected package docker-registry.
(Reading database ... 103689 files and directories currently installed.)
Preparing to unpack .../docker-registry_2.3.0~ds1-1_amd64.deb ...
Unpacking docker-registry (2.3.0~ds1-1) ...
Processing triggers for systemd (229-4ubuntu21.16) ...
Processing triggers for ureadahead (0.100.0-19) ...
Setting up docker-registry (2.3.0~ds1-1) ...
Adding system user `docker-registry' (UID 113) ...
Adding new group `docker-registry' (GID 122) ...
Adding new user `docker-registry' (UID 113) with group `docker-registry' ...
Not creating home directory `/var/lib/docker-registry'.
Processing triggers for systemd (229-4ubuntu21.16) ...
Processing triggers for ureadahead (0.100.0-19) ...

Check the boot port 5000

1
2
3
4
5
6
7
8
root@iZm5e7rjmq1tkuwoy8h8vuZ:~# netstat -nlpt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      27873/nginx -g daem
tcp        0      0 127.0.0.1:8222          0.0.0.0:*               LISTEN      8466/python3    
tcp6       0      0 :::5000                 :::*                    LISTEN      32026/docker-regist
tcp6       0      0 :::8335                 :::*                    LISTEN      17406/docker-proxy
tcp6       0      0 :::8336                 :::*                    LISTEN      17989/docker-proxy

Modify client image tag

1
2
3
4
5
6
luodi@roddydeMacBook-Pro:~$ docker tag nginxtest 120.27.0.222:5000/nginxtest:1.0.0
luodi@roddydeMacBook-Pro:~$ docker images
REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZE
<none>                        <none>              5b5cf5c2be8f        23 hours ago        249MB
120.27.0.222:5000/nginxtest   1.0.0               1c26cc9ad467        24 hours ago        249MB
nginxtest                     latest              1c26cc9ad467        24 hours ago        249MB

Push Mirror

We can’t push to the private registry, suggesting that we need https, but we can modify the docker configuration file to add insecure-registries

1
2
3
4
luodi@roddydeMacBook-Pro:~$ docker push 120.27.0.222:5000/nginxtest:1.0.0
The push refers to repository [120.27.0.222:5000/nginxtest]
Get https://120.27.0.222:5000/v2/: http: server gave HTTP response to HTTPS client
luodi@roddydeMacBook-Pro:~$

Configuration Reference:

1
2
3
4
5
6
7
8
9
{
  "experimental": false,
  "debug": true,
  "registry-mirrors": [
    "http://hub-mirror.c.163.com",
    "https://docker.mirrors.ustc.edu.cn"
  ],
  "insecure-registries":["120.27.0.222:5000"]
}

Restart client docker after modification

1
2
3
4
luodi@roddydeMacBook-Pro:~/dockerfile_build/httpd$ docker push 120.27.0.222:5000/nginxtest:1.0.0
The push refers to repository [120.27.0.222:5000/nginxtest]
291f6e44771a: Pushed 
1.0.0: digest: sha256:fc4a234b91cc4b542bac8a6ad23b2ddcee60ae68fc4dbd4a52efb5f1b0baad71 size: 529

After successful upload, look at the directory structure, it will be stored in the v2 directory

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
/var/lib/docker-registry/
└── docker
    └── registry
        └── v2
            ├── blobs
            │   └── sha256
            │       ├── 0d
            │       │   └── 0d120b6ccaa8c5e149176798b3501d4dd1885f961922497cd0abef155c869566
            │       │       └── data
            │       ├── 3c
            │       │   └── 3c72a8ed68140139e483fe7368ae4d9651422749e91483557cbd5ecf99a96110
            │       │       └── data
            │       └── fc
            │           └── fc4a234b91cc4b542bac8a6ad23b2ddcee60ae68fc4dbd4a52efb5f1b0baad71
            │               └── data
            └── repositories
                └── nginxtest
                    ├── _layers
                    │   └── sha256
                    │       ├── 0d120b6ccaa8c5e149176798b3501d4dd1885f961922497cd0abef155c869566
                    │       │   └── link
                    │       └── 3c72a8ed68140139e483fe7368ae4d9651422749e91483557cbd5ecf99a96110
                    │           └── link
                    ├── _manifests
                    │   ├── revisions
                    │   │   └── sha256
                    │   │       └── fc4a234b91cc4b542bac8a6ad23b2ddcee60ae68fc4dbd4a52efb5f1b0baad71
                    │   │           └── link
                    │   └── tags
                    │       └── 1.0.0
                    │           ├── current
                    │           │   └── link
                    │           └── index
                    │               └── sha256
                    │                   └── fc4a234b91cc4b542bac8a6ad23b2ddcee60ae68fc4dbd4a52efb5f1b0baad71
                    │                       └── link
                    └── _uploads

Installation using containers

Since registry itself is a container, by default, private repositories are stored in the /var/lib/registry directory inside the container, so that if the container is deleted, the images stored in the container will also be lost.

Download registry image

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
root@iZm5e7rjmq1tkuwoy8h8vuZ:~# docker pull registry       
Using default tag: latest
latest: Pulling from library/registry
cbdbe7a5bc2a: Pull complete 
47112e65547d: Pull complete 
46bcb632e506: Pull complete 
c1cc712bcecd: Pull complete 
3db6272dcbfa: Pull complete 
Digest: sha256:8be26f81ffea54106bae012c6f349df70f4d5e7e2ec01b143c46e2c03b9e551d
Status: Downloaded newer image for registry:latest
docker.io/library/registry:latest

Start the registry container

1
2
3
4
5
root@iZm5e7rjmq1tkuwoy8h8vuZ:~# docker run -dit -p 5000:5000 --restart=always --name Myregistry -v /root/registry:/var/lib/registry registry 
d65c75db0954348d5d06a896c04c5e935606e023a1a260b62959600e0165d146
droot@iZm5e7rjmq1tkuwoy8h8vuZ:~# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                     NAMES
d65c75db0954        registry            "/entrypoint.sh /etc…"   3 seconds ago       Up 2 seconds        0.0.0.0:5000->5000/tcp    Myregistry

Push Mirror

1
2
3
4
luodi@roddydeMacBook-Pro:~/dockerfile_build/httpd$ docker push 120.27.0.222:5000/nginxtest:1.0.0
The push refers to repository [120.27.0.222:5000/nginxtest]
291f6e44771a: Pushed 
1.0.0: digest: sha256:fc4a234b91cc4b542bac8a6ad23b2ddcee60ae68fc4dbd4a52efb5f1b0baad71 size: 529

Reference http://roddypy.com/2020/08/19/%E6%9E%84%E5%BB%BAdocker%E7%A7%81%E6%9C%89%E4%BB%93%E5%BA%93/