官方已经提供了很多版本的 Linux 镜像,直接从官方仓库(Public Repositories)下载就可以了。如果考虑到安全性和速度,我们可能会想在自己局域网里架设一个私有仓库(Private Repositories)来放我们自己的镜像,Docker-Registry 正是我们需要的工具。
本次搭建
docker-registry server (dev) (v0.9.0)
添加docker用户和目录
为了安全起见,我们可以添加一个用户docker,使用这个非root用户来允许docker registry程序,同时指定好docker镜像的存储位置,本处指定为/home/docker_registry目录
|
1
2
3
|
useradd docker
mkdir -p /home/docker_registry
chown -R docker.docker /home/docker_registry/
|
从github克隆最新版本registry, 进入这个目录下的config子目录,从模板复制一个配置文件出来:
|
1
2
3
|
git clone https://github.com/docker/docker-registry.git
cd docker-registry/config
cp config_sample.yml config.yml
|
此时可以修改这个config.yml配置文件,需要注意修改以下的两个地方:
|
1
2
3
4
5
6
|
#配置sqlite数据库位置
sqlalchemy_index_database: _env:SQLALCHEMY_INDEX_DATABASE:sqlite:////home/docker_registry/docker-registry.db
#配置本地存储位置
local: &local
storage: local
storage_path: _env:STORAGE_PATH:/home/docker_registry
|
安装一些必要软件包和一些 Docker-Registry 需要用到的 Python 工具和库:
|
1
2
|
apt-get update
apt-get install build-essential python-dev liblzma-dev libevent-dev python-pip libssl-dev
|
使用apt-get安装软件包时经常会提示让你插入netinst的光盘:
Media change: please insert the disc labeled
当没有时就无法进行安装了, 这时可以打开文件/etc/apt/sources.list文件,注释掉cdrom那一行,
然后再执行apt-get update更新下deb仓库,
这样以后再使用apt-get安装时就不会再搜寻cdrom了
修改HOSTS文件加上域名
|
1
2
|
vim /etc/hosts
127.0.0.1 docker.registry.com
|
安装Nginx
|
1
2
3
|
apt-get install nginx
#配置Nginx config
vim /etc/nginx/nginx.conf
|
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
##
# nginx-naxsi config
##
# Uncomment it if you installed nginx-naxsi
##
#include /etc/nginx/naxsi_core.rules;
##
# nginx-passenger config
##
# Uncomment it if you installed nginx-passenger
##
#passenger_root /usr;
#passenger_ruby /usr/bin/ruby;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
upstream docker-registry {
server localhost:5000;
}
server {
listen 80;
server_name docker.registry.com;
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads
# required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
chunked_transfer_encoding on;
#
location / {
proxy_pass http://docker-registry;
}
}
}
|
启动Nginx
service nginx start
访问浏览器测试
http://192.168.124.130/
安装python依赖
|
1
2
|
cd /opt/docker-registry
pip install .
|
若出现:Cannot connect to proxy. Socket error: [Errno -2] Name or service not known.
手动安装依赖包 加代理参数
|
1
2
3
|
pip install -i http://pypi.v2ex.com/simple .
#注销下面的 pip install . 安装全部
--pip install -i http://pypi.v2ex.com/simple gunicorn
|
建立软连接
ln -s /usr/local/bin/gunicorn /usr/bin/gunicorn
nginx启动之后,使用docker用户执行以下的命令可以测试启动:
gunicorn --access-logfile - --error-logfile - -k gevent -b 0.0.0.0:5000 -w 8 --max-requests 100 docker_registry.wsgi:application
访问浏览器
http://docker.registry.com
如果看到以下的输出,则表明docker registry安装成功
给目录下数据库赋权限,不然上传文件时会不能写数据库
chmod 777 /home/docker_registry/repositories/docker-registry.db
使用supervisord来进行进程的监控
apt-get install supervisor
配置supervisor [docker-registry]
vim /etc/supervisor/conf.d/docker-registry.conf
|
1
2
3
4
5
6
7
8
9
10
|
[program:docker-registry]
directory=/opt/docker-registry
#使用docker用户
user=docker
command=/usr/local/bin/gunicorn --access-logfile - --error-logfile - -k gevent -b 0.0.0.0:5000 -w 8 --max-requests 100 --graceful-timeout 3600 -t 3600 docker_registry.wsgi:application
redirect_stderr=true
stderr_logfile=none
stdout_logfile=/var/log/supervisor/docker-registry.log
autostart=true
autorestart=true
|
|
1
2
3
4
5
6
7
8
|
#重新加载 supervisor 配置:
supervisorctl
supervisor> reread
docker-registry: available
supervisor> update
docker-registry: added process group
supervisor> status
docker-registry RUNNING pid 4371, uptime 0:00:01
|
查看端口占用
netstat -apn | grep 5000
启动重启
service supervisor start
#/etc/init.d/supervisord {start|stop|restart|force-reload|status|force-stop}
感谢阅读,希望能帮助到大家,谢谢大家对本站的支持!
原文链接:http://www.cnblogs.com/saintaxl/p/3982061.html