Home > Article > Operation and Maintenance > How to build a safe and reliable Docker image warehouse on a Linux server?
How to establish a safe and reliable Docker image warehouse on a Linux server?
With the rapid development of container technology, Docker has become a common tool for building and managing containerized applications. However, in practical applications, how to establish a safe and reliable Docker image warehouse is an important issue. This article will introduce how to establish a safe and reliable Docker image warehouse on a Linux server, and provide code examples for reference.
First, you need to install Docker on the Linux server. You can install it through the following command:
$ sudo apt-get update $ sudo apt-get install docker-ce
After the installation is complete, run the following command to verify whether the installation is successful:
$ docker version
Next , you need to configure the Docker image warehouse. You can choose to use Docker’s official Registry image or third-party open source images, such as Harbor, Nexus, etc.
Taking Docker’s official Registry image as an example, you can start a Registry container through the following command:
$ docker run -d -p 5000:5000 --name registry registry:latest
After the startup is completed, you can verify whether the Registry is working properly through the following command:
$ curl http://localhost:5000/v2/_catalog
If an empty array []
is returned, it means that the Registry has run successfully.
In order to ensure the security of the image warehouse, authentication and authorization functions need to be added. You can use Nginx as a reverse proxy server and use Basic Auth authentication method.
First, install Nginx:
$ sudo apt-get install nginx
Then, create a password file to store authentication information:
$ sudo sh -c "echo -n 'admin:' >> /etc/nginx/.htpasswd" $ sudo sh -c "openssl passwd -apr1 >> /etc/nginx/.htpasswd"
After the creation is completed, you need to edit the Nginx configuration file /etc/nginx/sites-available/default
, add the following content:
server { listen 80; server_name <your-domain-name>; location / { proxy_pass http://localhost:5000; auth_basic "Restricted"; auth_basic_user_file /etc/nginx/.htpasswd; } }
Replace 454b098903dd34fa7086458fb3f097b6
with your domain name.
Save the configuration file and restart Nginx:
$ sudo systemctl restart nginx
In order to ensure the security of communication, you can use the HTTPS protocol for communication. You need to generate a self-signed certificate for the image warehouse first.
First, install OpenSSL:
$ sudo apt-get install openssl
Then, generate the private key and self-signed certificate:
$ sudo openssl req -newkey rsa:2048 -nodes -keyout registry.key -x509 -days 365 -out registry.crt
The generated registry.key
is the private key file , registry.crt
is a self-signed certificate file.
Next, edit the Nginx configuration file /etc/nginx/sites-available/default
and add the following content:
server { listen 443 ssl; server_name <your-domain-name>; ssl_certificate /path/to/registry.crt; ssl_certificate_key /path/to/registry.key; location / { proxy_pass http://localhost:5000; auth_basic "Restricted"; auth_basic_user_file /etc/nginx/.htpasswd; } }
Replace 7812f5abc3beef02219ae84b3350f36d
is your domain name.
Save the configuration file and restart Nginx:
$ sudo systemctl restart nginx
Finally, use the Docker client to interact with the image warehouse . First, you need to configure a trusted warehouse for Docker:
$ sudo vi /etc/docker/daemon.json
Add the following content to the configuration file:
{ "insecure-registries": ["<your-domain-name>:5000"] }
Save the configuration file and restart the Docker service:
$ sudo systemctl restart docker
It can now be used The Docker client interacts with the image warehouse, for example, pushing and pulling images:
$ docker tag image <your-domain-name>:5000/image $ docker push <your-domain-name>:5000/image $ docker pull <your-domain-name>:5000/image
The above are all the steps and code examples for establishing a safe and reliable Docker image warehouse on a Linux server. By following these steps, you can build a safe and reliable Docker image warehouse to ensure the reliability and security of containerized applications.
The above is the detailed content of How to build a safe and reliable Docker image warehouse on a Linux server?. For more information, please follow other related articles on the PHP Chinese website!