搭建容器私有仓库服务

1）-itd：在容器中打开一个伪终端进行交互操作，并在后台运行； 
2）-v：绑定宿主机的/docker/registry到容器/docker/registry目录(registry容器中存放镜像文件的目录)，来实现数据的持久化；
3）-p：映射端口；访问宿主机的5000端口就访问到registry容器的服务了； 
4）--restart=always：这是重启的策略，假如这个容器异常退出会自动重启容器； 
5）--name registry：创建容器命名为registry，可自定义任何名称； 
6）registry:latest：这个是刚才pull下来的镜像；

docker tag hello-world localhost:5000/hello-world:v1
docker push localhost:5000/hello-world:v1

curl http://localhost:5000/v2/_catalog
{“repositories":["hello-world"]}

curl http://localhost:5000/v2/hello-world/tags/list
{"name":"hello-world","tags":["latest","v1"]}

server {
        #listen 80;
        listen 443;
        server_name bksaas.com; #填写绑定证书的域名
        ssl on;
        ssl_certificate bksaas.crt;
        ssl_certificate_key bksaas.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
        ssl_prefer_server_ciphers on;

        client_max_body_size 0;
        chunked_transfer_encoding on;

        location / {
            proxy_pass  http://127.0.0.1:5000;
            proxy_set_header    Host    $host:$server_port;
            proxy_set_header    X-Forwarded-For  $remote_addr;
            proxy_set_header    X-Real-IP      $remote_addr;
            proxy_set_header    X-Forwarded-Proto $scheme;
            proxy_redirect http:// $scheme://;
            
        }
    }

upstream DOCKER_REGISTRY {
        server localhost:5000;
}

server {
        #listen 80;
        listen 443;
        server_name bksaas.com; #填写绑定证书的域名
        ssl on;
        ssl_certificate bksaas.crt;
        ssl_certificate_key bksaas.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
        ssl_prefer_server_ciphers on;

        client_max_body_size 0;
        chunked_transfer_encoding on;

        location / {
            proxy_pass  http://DOCKER_REGISTRY;
            # proxy_read_timeout  90;
            # proxy_http_version 1.1;
            proxy_set_header  Host    $host:$server_port;
            proxy_set_header    X-Real-IP      $remote_addr;
            proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header    X-Forwarded-Proto $scheme;
            # proxy_redirect http:// $scheme://;
        }
    }

docker tag hello-world bksaas.com/hello-world:v1
docker push bksaas.com/hello-world:v1
curl https://bksaas.com/v2/_catalog
{“repositories":["hello-world"]}

{
"registry-mirrors":["https://registry.docker-cn.com"],
"insecure-registries”:[“l172.19.0.13:5000”]
}

[root@miya sites-enabled]# docker push bksaas.com/nginx:v1
The push refers to repository [bksaas.com/nginx]
0b9e07febf57: Pushing  3.584kB
55028c39c191: Preparing 
0a07e81f5da3: Pushing   55.3MB/55.3MB
error parsing HTTP 400 response body: invalid character '<' looking for beginning of value: "<html>\r\n<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>400 Bad Request</h1></center>\r\n<center>The plain HTTP request was sent to HTTPS port</center>\r\n<hr><center>openresty/1.13.6.2</center>\r\n</body>\r\n</html>\r\n"

[root@miya sites-enabled]# docker push bksaas.com/nginx:v1
The push refers to repository [bksaas.com/nginx]
0b9e07febf57: Pushed 
55028c39c191: Pushing  53.97MB
0a07e81f5da3: Pushing   55.3MB/55.3MB
error parsing HTTP 413 response body: invalid character '<' looking for beginning of value: "<html>\r\n<head><title>413 Request Entity Too Large</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>413 Request Entity Too Large</h1></center>\r\n<hr><center>openresty/1.13.6.2</center>\r\n</body>\r\n</html>\r\n"

client_max_body_size 0;

{
name: "hello-world",
tags: [
"v3",
"latest",
"v1",
"v2",
],
}

[root@miya sites-enabled]# curl  --header "Accept: application/vnd.docker.distribution.manifest.v2+json" -I -X GET https://registry.bksaas.com/v2/hello-world/manifests/v1

HTTP/1.1 200 OK
Server: openresty/1.13.6.2
Date: Sun, 03 Mar 2019 03:23:55 GMT
Content-Type: application/vnd.docker.distribution.manifest.v2+json
Content-Length: 524
Connection: keep-alive
Docker-Content-Digest: sha256:92c7f9c92844bbbb5d0a101b22f7c2a7949e40f8ea90c8b3bc396879d95e899a
Docker-Distribution-Api-Version: registry/2.0
Etag: "sha256:92c7f9c92844bbbb5d0a101b22f7c2a7949e40f8ea90c8b3bc396879d95e899a"
X-Content-Type-Options: nosniff

$ curl -I -X DELETE <protocol>://<registry_host>/v2/<repo_name>/manifests/<digest_hash>