docker creating a private mirror repository setup tutorial

  • 2020-06-03 08:56:32
  • OfStack

My environment-related Settings are as follows

Environment: centos7

IP address:

dockere version: 1.10.3

Mirror warehouse: v2

First download the registry image on machine

$ docker pull registry 

Image import can also be used for offline installation. Can be downloaded to my network location: https: / / pan baidu. jHZlz2u com s / 1

Then go to Docker to import

$ docker load -i registry.tar 

After downloading, we start a container with this image

$ docker run -d -p 5000:5000 registry 

By default, the warehouse will be stored in containers/tmp/registry directory, so that if the container is removed, the image is stored in containers will be lost, so we like 1 case will specify a local directory mounted to the container/tmp/registry, I will/opt data/registry directory mounted to/tmp/registry directory, if you don't have the local directory to the newly created, also need to give/opt/data/registry directory permissions

chmod +777 /opt/data/registry 

Here's the pit: By default it's in the /tmp/registry directory in the container, but my container image is in the /var/lib/registry location in the container.
I used find / -ES61en *** to find the location after uploading one image after setup

[root@server01 ~]# docker run -d -p 5000:5000 -v /opt/data/registry:/var/lib/registry registry 

You can see that we have started a container at the address


The next step is to put a local image, push, into the private repository. First test pull1 with a smaller image under machine (busybox is used here)

$ sudo docker pull busybox 

Next, change the tag of the image under 1. The format of the image is mirror warehouse IP: port/mirror name

$ sudo docker tag busybox 

Next, upload the image with tag to the private warehouse.

$ sudo docker push 

You can see that push failed with the following errors:

2015/01/05 11:01:17 Error: Invalid registry endpoint Get dial tcp connection refused. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/ 

Since Docker interacts with docker registry since 1.3.X, the default is https. However, the private warehouse built here only provides http services, so the error will be reported when interacting with the private warehouse. To solve this problem, you need to add the boot parameter when starting docker server to use http access by default. Modified docker startup configuration file (this is a modified machine configuration) centos7 configuration file under the address is: / usr lib systemd/system/docker service, in which increased � insecure - registry as shown below:

Description=Docker Application Container Engine 
Documentation= rhel-push-plugin.socket 
ExecStart=/usr/bin/docker-current daemon \ 
     --exec-opt native.cgroupdriver=systemd \ 
     --insecure-registry= \ 
     $OPTIONS \ 

After the modifications, restart the Docker service.

$ restart docker 

After the restart we run the push command again and push the local image to the private server.

$ docker load -i registry.tar 

You can see that the image has moved push to the private repository.

At this step, it is not certain that I can succeed. Using journalctl-ES127en, I can check the log information. The following information can be seen through the log information

$ docker load -i registry.tar 

The closing method is as follows

View SELinux status:

$ docker load -i registry.tar 

Close the SELinux:

1. Temporary shutdown (no need to restart the machine)

setenforce 0  ## Set up the SELinux  Become a permissive model  setenforce 1  Set up the SELinux  Become a enforcing model  

2. To modify the configuration file, restart the machine:

Modify the /etc/selinux/config file

Change SELINUX=enforcing to SELINUX=disabled

Restart the machine

Next we delete the local image and remove it from the private repository pull.

$ docker load -i registry.tar 

This completes the Docker private warehouse. The warehouses built above do not require certification.

Manage the images in the warehouse

The query

Viewing or retrieving Repository or images in Private Registry2 will not work with docker search and will report an error below

$ docker load -i registry.tar 

But through the API v2 version, we can achieve the same purpose, must according to IP: port v2 / _catalog formats:

$ docker load -i registry.tar 

Pull the mirror image as follows

$ docker load -i registry.tar 

Related articles: