Centos 7.x use a Docker registry image to create a private repository

Sometimes it is inconvenient to use a public repository such as Docker Hub, and the company's private images are not pushed to the docker hub for business security. You can create a local repository for private use. Similar to git and maven, it saves the server bandwidth for downloading and uploading images.

What is docker registry?

Docker Registry consists of three parts: index, registry, and registry client.

You can regard Index as an external implementation for login, authentication, storage of image information, and external display, while registry is responsible for the internal implementation of image storage, the Registry Client is the docker Client.

I have installed docker1.6 on this server. I will not talk about how to install it. Refer to here to deploy docker on centos.

[Root @ docker data] # docker-v
Docker version 1.6.2, build ba1f6c3/1.6.2
[Root @ docker data] # uname-r
4.1.2-1. el7.elrepo. x86_64

Install docker-registry

Docker run-d-p 5000: 5000-v/data/registry:/tmp/registry
If docker-registry has not been downloaded locally, the path and Port will be mapped to the pull registry runtime for the first time. Then, you can find the private repository under/data/registry, check my local image here

[Root @ docker data] # docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
Docker. io/registry latest ddfbba49d0b6 21 hours ago 423.6 MB
Docker. io/centos latest 7322fbe74aa5 3 weeks ago 172.2 MB
We can see from the above information that

From which Warehouse, such as centos
Image tag, such as the last latest version
Its ID (unique)
Creation time
Image size
The registry container is started.

[Root @ docker data] # docker ps-
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
Ad1_d9302b registry: latest "docker-registry" 5 minutes ago Up 5 minutes 0.0.0.0: 5000-> 5000/tcp compassionate_newton
4c86d4e541e3 centos: latest "/bin/bash" 23 hours ago Exited (0) 23 hours ago high_galileo
E79a883fdc8b centos: latest "/bin/echo 'hello Wo 23 hours ago Exited (0) 23 hours ago stoic_lalande
Access a private repository

[Root @ docker data] # curl 127.0.0.1: 5000/v1/search
{"Num_results": 0, "query": "", "results": []}
Because we have not submitted an image like a private container, the returned result is null. Here we will try to submit an image. We can see that I have a registry image locally.

Use the docker tag to mark my local image with id 7322fb474aa5 as 127.0.0.1: 5000/centos

Command format: docker tag IMAGE [: TAG] [REGISTRYHOST/] [USERNAME/] NAME [: TAG]

[Root @ docker data] # docker tag7322fbe74aa5 127.0.0.1: 5000/centos
[Root @ docker data] # docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
Docker. io/registry latest ddfbba49d0b6 21 hours ago 423.6 MB
Docker. io/centos latest 7322fbe74aa5 3 weeks ago 172.2 MB
127.0.0.1: 5000/centos latest 7322fbe74aa5 3 weeks ago 172.2 MB
[Root @ docker data] #

The image ID uniquely identifies the image. Note that docker. io/centos and 127.0.0.1: 5000/centos have the same image ID, which means they are actually the same image.

PUSH image

Then we push the image to the private Image Library.

[Root @ docker data] # docker push 127.0.0.1: 5000/centos
The push refers to a repository [127.0.0.1: 5000/centos] (len: 1)
Sending image list
Pushing repository 127.0.0.1: 5000/centos (1 tags)
F1b10cd84249: Image successfully pushed
C852f6d61e65: Image successfully pushed
7322fbe74aa5: Image successfully pushed
Pushing tag for rev [7322fbe74aa5] on {http: // 127.0.0.1: 5000/v1/repositories/centos/tags/latest}

Why don't I check whether there are images in the private repository?

[Root @ docker data] # curl 127.0.0.1: 5000/v1/search
{"Num_results": 1, "query": "", "results": [{"description": "", "name": "library/centos"}]}

We can see that an image named centos exists, that is, the image I just uploaded. Then you can download the image from other servers.

Docker pull 192.168.1.222: 5000/centos

If there are many local images that you want to upload in batches, you can use this script.

$ Wget https://github.com/yeasy/docker_practice/raw/master/_local/push_images.sh; sudo chmod a + x push_images.sh
$./Push_images.sh ubuntu: latest centos: centos7

We can see that there is no permission control when accessing our private library. That is to say, if someone else knows the repository address, they can also push and pull images. This is very insecure and you can access the network layer, you can also add nginx to the front layer, and then nginx Reverse proxy local port 5000