常用操作

• 第三方 Harbor
  https://github.com/goharbor/harbor

#查询私有仓库的全部镜像
curl -XGET https://registry.xxx.com/v2/_catalog
curl -XGET https://registry.xxx.com/v2/_catalog | python3 -m json.tool  
#查看tag
curl -XGET https://registry.xxxx.com/v2/x11vnc/tags/list

查看指定镜像 hash 值
curl -I -XGET --header "Accept:application/vnd.docker.distribution.manifest.v2+json"  https://rs.xxx.cn/v2/x11vnc/manifests/latest

删除私有仓库中的镜像
curl -I -XDELETE https://rs.xxxx.cn/v2/x11vnc/manifests/sha256:10844085735ef9a1ea350a8548e48821c86b11e929e44decb421227cbdcec190

安装说明

https://blog.csdn.net/Byd_chao/article/details/108779681
https://blog.csdn.net/u010383467/article/details/123571707

• 官方说明
  https://docs.docker.com/registry/deploying/

• 仓库管理

docker pull ubuntu:16.04
docker tag ubuntu:16.04 localhost:5000/my-ubuntu
docker push localhost:5000/my-ubuntu
docker pull localhost:5000/my-ubuntu

#删除仓库
docker image remove ubuntu:16.04
docker image remove localhost:5000/my-ubuntu

docker-compose.yml

version: '3.8'
services:
  registry:
    image: "registry:2.8"
    restart: always     
    container_name: registry
    ports:
      - "90:5000"   
    volumes:
      - './opt/registry:/var/lib/registry' 
      - './certs:/certs' 
      - 'config.yml:/etc/docker/registry/config.yml' 
    environment:
      - TZ=Asia/Shanghai
      - REGISTRY_HTTP_TLS_CERTIFICATE=/certs/xx.cn.pem
      - REGISTRY_HTTP_TLS_KEY=/certs/xx.cn.key
      - REGISTRY_STORAGE_DELETE_ENABLED= true

config.yml

• 说明：https://docs.docker.com/registry/configuration/

version: 0.1
log:
  fields:
    service: registry
storage:
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
# 增加这里的 delete 和 enabled ，注意 yaml 语法格式
# 如果有 delete ，并且 enable 为 true 表示已经开启了删除功能
  delete:
    enabled: true
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3

ip地址配置registry

• https://blog.csdn.net/fuck487/article/details/102147110
• http支持

vim /etc/docker/daemon.json
{
  "insecure-registries":["192.168.200.207:5000"] #私网http地址
}

systemctl daemon-reload
systemctl restart docker

nginx配置

server {
    listen              443 ssl;
    server_name         registry.xxx.cn;
    #charset  utf-8;
    root  /dataB/www/rs.jobpi.cn;
    client_max_body_size    512m;

    ssl_certificate     /ssl/jobpi.cn.pem;
    ssl_certificate_key /ssl/jobpi.cn.key;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;    

    ssl_prefer_server_ciphers on;
    ssl_session_timeout  5m;

    chunked_transfer_encoding on;
    add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always;

    location / {         
        #auth_basic              "Restricted";
        proxy_pass  http://mid_registry:5000;
        proxy_set_header  Host $http_host; 
        #proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_read_timeout 900;
    }

    location /_ping {
        auth_basic off;
        proxy_pass  http://mid_registry:5000;
    }
    location /v2/_ping {
        auth_basic off;
        proxy_pass  http://mid_registry:5000;
    }
    location /v2/_catalog {
        auth_basic off;
        proxy_pass  http://mid_registry:5000;
    } 
}