docker registry使用用户名密码登录并解决docker login 400 Bad Request错误问题

创建存储凭据的文件夹：

?

1	mkdir -p /root/auth

现在，我将在Docker容器的帮助下创建htpasswd文件。该htpasswd文件将包含我的凭据和加密的passwd。

?

1	docker run --entrypoint htpasswd registry -Bbn myuser mypassword > auth/htpasswd

核实：

?

1 2	cat auth/htpasswd myuser:$2y$05$8IpPEG94/u.gX4Hn9zDU3.6vru2rHJSehPEZfD1yyxHu.ABc2QhSa

凭据很好。现在，我必须将我的凭据添加到注册表中。在这里，我将在容器中安装auth目录：

?

1 2 3 4 5 6 7

docker run  -d -p 5000:5000 --restart=unless-stopped --name registry-auth \   -v  /root/auth:/auth \   -v /data/registry:/var/lib/registry \   -e "REGISTRY_AUTH=htpasswd" \   -e  "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \   -e  REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \   registry

测试：

?

1 2 3 4

docker push localhost:5000/busybox The push refers to a repository [localhost:5000/busybox] 8ac8bfaff55a: Image push failed unauthorized: authentication required

认证：

?

1 2 3 4

docker login localhost:5000 Username (): myuser Password: Login Succeeded

 注意：因为服务器docker版本问题第一次docker login报错，Error response from daemon: login attempt to http://192.168.122.190:5000/v2/ failed with status: 400 Bad Request，升级了一下docker版本再docker login就成功了。

重试推送：

?

1 2 3 4

docker push localhost:5000/busybox The push refers to a repository [localhost:5000/busybox] 8ac8bfaff55a: Pushed latest: digest: sha256:1359608115b94599e5641638bac5aef1ddfaa79bb96057ebf41ebc8d33acf8a7 size: 527b

 

部署支持https的registry

+ View Code?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55

1.安装docker（安装指定版本的话可以参考其他文档） # docker install docker 2.拉取仓库镜像 # docker pull registry 3.生成认证certificate # mkdir ~/certs # openssl req -newkey rsa:4096 -nodes -sha256 -keyout /root/certs/domain.key  -x509 -days 365 -out /root/certs/domain.crt 4.复制认证到docker # mkdir -p /etc/docker/certs.d/zmcheng.com:5000 # cp /root/certs/domain.crt  /etc/docker/certs.d/zmcheng.com:5000/ca.crt 5.复制认证到本机 # cat /root/certs/domain.crt >> /etc/pki/tls/certs/ca-bundle.crt 7.启动仓库镜像 # docker run -d -p 5000:5000 --privileged=true -v /opt/docker-registry:/var/lib/registry -v /root/certs/:/root/certs  -e REGISTRY_HTTP_TLS_CERTIFICATE=/root/cer ts/domain.crt -e REGISTRY_HTTP_TLS_KEY=/root/certs/domain.key registry 8.创建一个镜像 docker run -it --name=nginx centos /bin/bash yum install epel-release.noarch -y yum install nginx -y docker commit 7ab4d6b6a438 dingyingsi/nginx  //7ab4d6b6a438为容器id docker tag dingyingsi/nginx zmcheng.com:5000/nginx:latest //给当前镜像打标签 9.修改当前主机名： vi /etc/hosts 10.20.31.166 zmcheng.com 10.推送镜像到https私有仓库 docker push zmcheng.com:5000/nginx 11.删除本地镜像并重新从https私有仓库拉取镜像 docker rmi zmcheng.com:5000/nginx docker pull zmcheng.com:5000/nginx  12.添加http basic authentication docker run --entrypoint htpasswd  registry -Bbn root zmcheng2018 > /root/auth/htpasswd 13.停止仓库并删除容器 docker stop  726ae7846612 docker rm  ba29cdf804f07167707eeb871c7d0ee8cc6eab7c82f07f829b2bc91263941627 14.启动http basic authentication仓库 docker run -d \ --name registry \ -p 5000:5000 \ --restart=always \ --privileged=true \ -v /opt/docker-registry:/var/lib/registry \ -e "REGISTRY_AUTH=htpasswd" \ -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \ -v /root/auth:/root/auth \ -e "REGISTRY_AUTH_HTPASSWD_PATH=/root/auth/htpasswd" \ -v /root/certs/:/root/certs \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/root/certs/domain.crt \ -e REGISTRY_HTTP_TLS_KEY=/root/certs/domain.key \ registry    15.登录仓库 docker login zmcheng.com:5000 username:root password:zmcheng2018 16.其他服务器用这个私有仓库，直接复制docker的仓库服务器下的/etc/docker/certs.d下的zmcheng.com:5000/ca.cert目录和文件，到自己的/etc/docker/cert.d/目录下即可。

参考：https://note.youdao.com/ynoteshare1/index.html?id=62939cb3407c4c6365d2a4c1e7428e00&type=note