使用Docker Registry快速搭建私有镜像仓库

最新推荐文章于 2025-11-03 09:25:34 发布

原创最新推荐文章于 2025-11-03 09:25:34 发布 · 1.5k 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#docker #linux

Linux 同时被 2 个专栏收录

37 篇文章

订阅专栏

Docker

29 篇文章

订阅专栏

1、背景

在 Docker 中，当我们执行 docker pull xxx 的时候，可能会比较好奇，Docker 会去哪儿查找并下载镜像呢？

它实际上是从 registry.hub.docker.com 这个地址去查找，这就是Docker公司为我们提供的公共仓库，上面的镜像，大家都可以看到，也可以使用。所以，我们也可以带上仓库地址去拉取镜像，如：docker pull registry.hub.docker.com/library/alpine，不过要注意，这种方式下载的镜像的默认名称就会长一些。

如果要在公司中使用 Docker，我们基本不可能把商业项目上传到公共仓库中，那如果要多个机器共享，又能怎么办呢？

正因为这种需要，所以私有仓库也就有用武之地了。

所谓私有仓库，也就是在本地（局域网）搭建的一个类似公共仓库的东西，搭建好之后，我们可以将镜像提交到私有仓库中。这样我们既能使用 Docker 来运行我们的项目镜像，也避免了商业项目暴露出去的风险。

下面我们用官方提供的registry镜像来搭建私有镜像仓库，当然还有其它很多方法。

2、环境

准备两台安装好docker的服务器：
服务端机器（主机名为registry【192.168.134.133:5000】）：docker私有仓库服务器，运行registry容器；
测试端机器（主机名为node）：普通的docker服务器，在这台服务器上下载一个测试镜像busybox，然后上传到registry服务器进行测试；

3、部署(服务端操作)

3.1 下载镜像registry

[root@localhost xiajun]# docker pull registry
Using default tag: latest
Trying to pull repository docker.io/library/registry ... 
latest: Pulling from docker.io/library/registry
486039affc0a: Downloading [======>                                            ] 277.6 kB/2.207 MB
ba51a3b098e6: Download complete 
8bb4c43d6c8e: Download complete 
6f5f453e5f2d: Download complete 
42bc10b72f42: Download complete

3.2 查看镜下是否pull下来

[root@localhost xiajun]# docker images
REPOSITORY                       TAG                 IMAGE ID            CREATED             SIZE
docker.io/registry               latest              708bc6af7e5e        8 weeks ago         25.8 MB
docker.io/mysql                  latest              ed1ffcb5eff3        2 months ago        456 MB
mcr.microsoft.com/mssql/server   latest              ba266fae5320        4 months ago        1.57 GB

3.3 运行registry容器

[root@localhost xiajun]# docker run -itd -v /data/registry:/var/lib/registry -p 5000:5000 --restart=always --name oopxiajun-registry registry:latest
ab619b3dd68e7b408c1c9cc4d1378b057aa8358bed96076ba5cafaa37bd8b532

参数说明
-itd：在容器中打开一个伪终端进行交互操作，并在后台运行；
-v：把宿主机的/data/registry目录绑定到容器/var/lib/registry目录(这个目录是registry容器中存放镜像文件的目录)，来实现数据的持久化；
-p：映射端口；访问宿主机的5000端口就访问到registry容器的服务了；
--restart=always：这是重启的策略，假如这个容器异常退出会自动重启容器；
--name oopxiajun-registry：创建容器命名为oopxiajun-registry，你可以随便命名；
registry:latest：这个是刚才pull下来的镜像；

3.4 测试镜像仓库中所有的镜像

[root@localhost xiajun]# curl http://192.168.134.133:5000/v2/_catalog
{"repositories":[]}

现在是空的，因为才刚运行，里面没有任何镜像内容。

4、测试镜像仓库（测试端操作）

4.1 修改下镜像源并重启docker服务

[root@localhost xiajun]# vim /etc/docker/daemon.json
{"insecure-registries": ["192.168.134.133:5000"] }

重启客户端

[root@localhost xiajun]# systemctl restart docker

4.1 下载busybox镜像

[root@localhost xiajun]# docker pull busybox
Using default tag: latest
Trying to pull repository docker.io/library/busybox ... 
latest: Pulling from docker.io/library/busybox
0669b0daf1fb: Pull complete 
Digest: sha256:b26cd013274a657b86e706210ddd5cc1f82f50155791199d29b9e86e935ce135
Status: Downloaded newer image for docker.io/busybox:latest
[root@localhost xiajun]# docker images
REPOSITORY                       TAG                 IMAGE ID            CREATED             SIZE
docker.io/busybox                latest              83aa35aa1c79        13 days ago         1.22 MB

4.2 为镜像打标签

[root@localhost xiajun]# docker tag docker.io/busybox:latest 192.168.134.133:5000/busybox:v1
[root@localhost xiajun]# docker tag docker.io/busybox:latest 192.168.134.133:5000/busybox:v2
[root@localhost xiajun]# docker images
REPOSITORY                       TAG                 IMAGE ID            CREATED             SIZE
docker.io/busybox                latest              83aa35aa1c79        2 weeks ago         1.22 MB
192.168.134.133:5000/busybox                v1                  83aa35aa1c79        2 weeks ago         1.22 MB
192.168.134.133:5000/busybox                v2                  83aa35aa1c79        2 weeks ago         1.22 MB
mcr.microsoft.com/mssql/server   latest              ba266fae5320        4 months ago        1.57 GB
docker.io/mysql                  latest              91dadee7afee        12 months ago       477 MB

格式说明：Usage: docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]

busybox:lastest 这是源镜像，也是刚才pull下来的镜像文件；
192.168.134.133:5000/busybox:v1：这是目标镜像，是registry私有镜像服务器的IP地址和端口；

在改个标记
192.168.134.133:5000/busybox:v2：这是目标镜像，也是registry私有镜像服务器的IP地址和端口；

4.3 上传到镜像服务器

注意了，这是报错了，需要https的方法才能上传，我们可以修改下daemon.json来解决：

[root@node ~]# vim /etc/docker/daemon.json 
{"registry-mirrors": [ "https://registry.docker-cn.com"],"insecure-registries": [ "192.168.134.133:5000"]}

添加私有镜像服务器的地址，注意书写格式为json，有严格的书写要求，然后重启docker服务：

[root@localhost xiajun]# systemctl start docker
Warning: docker.service changed on disk. Run 'systemctl daemon-reload' to reload units.
[root@localhost xiajun]# systemctl daemon-reload
[root@localhost xiajun]# systemctl restart docker
[root@localhost xiajun]# docker info
Containers: 1
 Running: 0
 Paused: 0
 Stopped: 1
Images: 3
Server Version: 1.13.1
Storage Driver: overlay2
 Backing Filesystem: xfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: journald
Cgroup Driver: systemd
Plugins: 
 Volume: local
 Network: bridge host macvlan null overlay
Swarm: inactive
Runtimes: runc docker-runc
Default Runtime: docker-runc
Init Binary: /usr/libexec/docker/docker-init-current
containerd version:  (expected: aa8187dbd3b7ad67d8e5e3a15115d3eef43a7ed1)
runc version: 290a33602b16ff2d1cc5339bc0297f0e094462ce (expected: 9df8b306d01f59d3a8029be411de015b7304dd8f)
init version: fec3683b971d9c3ef73f284f176672c44b448662 (expected: 949e6facb77383876aeff8a6944dde66b3089574)
Security Options:
 seccomp
  WARNING: You're not using the default seccomp profile
  Profile: /etc/docker/seccomp.json
 selinux
Kernel Version: 3.10.0-957.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
Number of Docker Hooks: 3
CPUs: 8
Total Memory: 3.683 GiB
Name: localhost.localdomain
ID: PFFT:VRZA:VK4L:DDWM:3NTJ:C2QA:7TEI:CZMR:3R7U:2FY6:XB2J:4RBO
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Username: oopxiajun
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
 192.168.134.133:5000
 127.0.0.0/8
Registry Mirrors:
 https://registry.docker-cn.com
Live Restore Enabled: false
Registries: docker.io (secure)

在次上传可以看到没问题了我在这儿推了好几次才把推上去。

[root@localhost xiajun]# docker push 192.168.134.133:5000/busybox:v1
The push refers to a repository [192.168.134.133:5000/busybox]
a6d503001157: Retrying in 1 second 
received unexpected HTTP status: 500 Internal Server Error

500错误？？看看日志

[root@localhost xiajun]# tailf /var/log/messages
Mar 25 14:38:22 localhost systemd: Starting Hostname Service...
Mar 25 14:38:22 localhost dbus[8825]: [system] Successfully activated service 'org.freedesktop.hostname1'
Mar 25 14:38:22 localhost systemd: Started Hostname Service.
Mar 25 14:38:31 localhost journal: #033[34mINFO#033[0m[1798] response completed                            #033[34mgo.version#033[0m=go1.11.2 #033[34mhttp.request.host#033[0m="192.168.134.133:5000" #033[34mhttp.request.id#033[0m=b1b66b09-8af3-4792-aa1c-7e9758c0e80c #033[34mhttp.request.method#033[0m=GET #033[34mhttp.request.remoteaddr#033[0m="192.168.134.133:34250" #033[34mhttp.request.uri#033[0m="/v2/_catalog" #033[34mhttp.request.useragent#033[0m="Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" #033[34mhttp.response.contenttype#033[0m="application/json; charset=utf-8" #033[34mhttp.response.duration#033[0m="998.785µs" #033[34mhttp.response.status#033[0m=200 #033[34mhttp.response.written#033[0m=20#015
Mar 25 14:38:31 localhost journal: 192.168.134.133 - - [25/Mar/2020:06:38:31 +0000] "GET /v2/_catalog HTTP/1.1" 200 20 "" "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"#015
Mar 25 14:40:01 localhost systemd: Created slice User Slice of root.
Mar 25 14:40:01 localhost systemd: Started Session 5 of user root.
Mar 25 14:40:01 localhost systemd: Removed slice User Slice of root.
Mar 25 14:40:55 localhost journal: g_simple_action_set_enabled: assertion 'G_IS_SIMPLE_ACTION (simple)' failed
Mar 25 14:40:55 localhost journal: g_simple_action_set_enabled: assertion 'G_IS_SIMPLE_ACTION (simple)' failed
Mar 25 14:41:48 localhost journal: g_simple_action_set_enabled: assertion 'G_IS_SIMPLE_ACTION (simple)' failed
Mar 25 14:41:48 localhost journal: g_simple_action_set_enabled: assertion 'G_IS_SIMPLE_ACTION (simple)' failed

查了些资料：人家是这样解决的

将服务端（192.168.134.133）上的 selinux禁用

# setenforce 0
# getenforce 
Permissive

再推一次

[root@localhost xiajun]# docker push 192.168.134.133:5000/busybox:v1
The push refers to a repository [192.168.134.133:5000/busybox]
a6d503001157: Pushed 
v1: digest: sha256:afe605d272837ce1732f390966166c2afff5391208ddd57de10942748694049d size: 527

看看私有库上的情况：

[root@localhost xiajun]# curl http://192.168.134.133:5000/v2/_catalog
{"repositories":["busybox"]}
[root@localhost xiajun]# curl http://192.168.134.133:5000/v2/busybox/tags/list
{"name":"busybox","tags":["v1"]}

4.4 测试下载镜像
上传测试没问题了，我们接下来测试一下从registry服务器上下载刚才上传的busybox镜像，先删除node主机上的镜像：

[root@localhost xiajun]# docker rmi 192.168.134.133:5000/busybox:v1
Untagged: 192.168.134.133:5000/busybox:v1
Deleted: sha256:83aa35aa1c79e4b6957e018da6e322bfca92bf3b4696a211b42502543c242d6f
Deleted: sha256:a6d503001157aedc826853f9b67f26d35966221b158bff03849868ae4a821116
[root@localhost xiajun]# docker images
REPOSITORY                       TAG                 IMAGE ID            CREATED             SIZE
mcr.microsoft.com/mssql/server   latest              ba266fae5320        4 months ago        1.57 GB
docker.io/mysql                  latest              91dadee7afee        12 months ago       477 MB

然后，从registry服务器上下载busybox镜像：

[root@localhost xiajun]# docker pull 192.168.134.133:5000/busybox:v1
Trying to pull repository 192.168.134.133:5000/busybox ... 
v1: Pulling from 192.168.134.133:5000/busybox
0669b0daf1fb: Pull complete 
Digest: sha256:afe605d272837ce1732f390966166c2afff5391208ddd57de10942748694049d
Status: Downloaded newer image for 192.168.134.133:5000/busybox:v1
[root@localhost xiajun]# docker images
REPOSITORY                       TAG                 IMAGE ID            CREATED             SIZE
192.168.134.133:5000/busybox     v1                  83aa35aa1c79        2 weeks ago         1.22 MB
mcr.microsoft.com/mssql/server   latest              ba266fae5320        4 months ago        1.57 GB
docker.io/mysql                  latest              91dadee7afee        12 months ago       477 MB