Docker Registry by Docker Compose

데이터 저장할 디렉터리 생성

mkdir -p /data
mkdir -p /data/certs
mkdir -p /data/registry
mkdir -p /data/config

config file 생성

nano /data/config/config.yml
version: 0.1
log:
  fields:
    service: registry

storage:
    cache:
      blobdescriptor: inmemory
    filesystem:
        rootdirectory: /data/registry
    delete:
      enabled: true
http:
    addr: :5000
    headers:
        X-Content-Type-Options: [nosniff]

health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3

Create Certs SSL

move certs directory

cd /data/certs

Create Key

 openssl genrsa -des3 -out server.key 2048
Enter pass phrase for server.key : 패스워드
Verifying - Enter pass phrase for server.key: 패스워드 다시 입력

Create csr

openssl req -new -key server.key -out server.csr
Country Name (2 letter code) [AU]: KR
State or Province Name (full name) [Some-State]: 도
Locality Name (eg, city) []: 시/군/구
Organization Name (eg, company) [Internet Widgits Pty Ltd]: 회사명
Organizational Unit Name (eg, section) []: 부서명
Common Name (e.g. server FQDN or YOUR name) []: 도메인, IP
Email Address []: Email

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Deconding Key File

openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:
 key파일 생성 시 입력한 패스워드

create ext config file

 echo subjectAltName=DNS:도메인,IP:아이피,IP:127.0.0.1 > extfile.cnf

Create CRT

openssl x509 -req -days 10000 -signkey server.key -in server.csr -out server.crt -extfile extfile.cnf

Apply Certs

 sudo cp server.crt /usr/local/share/ca-certificates/
 sudo update-ca-certificates
systemctl restart docker

Create registry.yml compose file

version: '3.7'
services:

  registry:
    container_name: "registry_web"
    image: registry:2.6
    ports:
      - 5000:5000
    environment:
      REGISTRY_HTTP_ADDR: :5000
      REGISTRY_HTTP_TLS_CERTIFICATE: /certs/server.crt
      REGISTRY_HTTP_TLS_KEY: /certs/server.key
      REGISTRY_STORAGE: filesystem
      REGISTRY_STORAGE_DELETE_ENABLED: 'true'
      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /var/lib/registry
    volumes:
      - /data/registry:/var/lib/registry
      - /data/certs:/certs
      - /data/config/config.yml:/etc/docker/registry/config.yml
    restart: always
    logging:
      driver: "json-file"
      options:
        "max-size": "10m"
        "max-file": "5"

Start registry

docker-compose -f registry.yml up -d

Client Apply Certs

Server에서 생성한 server.crt 파일을 Client PC로 옮긴 후 아래 진행

Windows

server.crt 파일을 오른쪽 마우스 클릭 후 인증서 설치하면 완료.

Linux

 sudo cp server.crt /usr/share/ca-certificates/
 echo server.crt >> /etc/ca-certificates.conf
sudo update-ca-certificates
systemctl restart docker

Leave a Comment