搭建docker私有仓库（用户认证、web管理）

openssl req -new -newkey rsa:4096 -days 365 -subj "/CN=localhost"         -nodes -x509 -keyout conf/auth.key -out conf/auth.cert

version: 0.1    

storage:
  filesystem:
    rootdirectory: /var/lib/registry
    
http:
  addr: 0.0.0.0:5000   
    
auth:
  token:
    # external url to docker-web authentication endpoint
    realm: http://192.168.83.102:8080/api/auth
    # should be same as registry.name of registry-web
    service: 192.168.83.102:5000
    # should be same as registry.auth.issuer of registry-web
    issuer: ‘my issuer‘
    # path to auth certificate
    rootcertbundle: /etc/docker/registry/auth.cert

docker run     -v /data/registry:/var/lib/registry     -v $(pwd)/conf/registry-srv.yml:/etc/docker/registry/config.yml:ro     -v $(pwd)/conf/auth.cert:/etc/docker/registry/auth.cert:ro     -p 5000:5000  --name=registry-srv --restart=always -d registry:2

registry:
  # Docker registry url
  url: http://192.168.83.102:5000/v2
  # Docker registry fqdn
  name: 192.168.83.102:5000
  # To allow image delete, should be false
  readonly: false
  auth:
    # Enable authentication
    enabled: true
    # Token issuer
    # should equals to auth.token.issuer of docker registry
    issuer: ‘my issuer‘
    # Private key for token signing
    # certificate used on auth.token.rootcertbundle should signed by this key
    key: /conf/auth.key

docker run -v $(pwd)/conf/registry-web.yml:/conf/config.yml:ro            -v $(pwd)/conf/auth.key:/conf/auth.key -v $(pwd)/db:/data            -d -p 8080:8080 --restart=always --link registry-srv --name=registry-web hyper/docker-registry-web