Created
July 22, 2021 02:07
-
-
Save rindrasakti/f1efa7bf774020f99742ad794e65f626 to your computer and use it in GitHub Desktop.
Manual Cara menginstall Private Registry
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 14. membuat private registry | |
| --- download image registry | |
| docker pull registry | |
| --- jalankan image menjadi container | |
| docker run -d -p 5000:5000 --name myregistry -h myregistry registry | |
| -- jika ingin ditambahkan authentication | |
| --- lakukan proses taging untuk upload | |
| docker tag myapp 127.0.0.1:5000/phpapache | |
| --- upload image ke local registry | |
| docker push 127.0.0.1:5000/phpapache | |
| --- untuk check image yang tersedia didalam registry | |
| akses ke browser | |
| http://IP_REGISTRY:5000/v2/_catalog | |
| --- jika ingin mengupload image ke registry yang belum https maka client harus mencantumkan alamat registry ke daemon.json | |
| a. ubah file demon.json yang ada di folder /etc/docker/daemon.json jika belum ada buat file tersebut | |
| sudo nano /etc/docker/daemon.json | |
| b. tambahkan alamat IP Registri ke dalam tag insecure-registries | |
| { | |
| "insecure-registries":["10.10.4.134:5000","10.10.4.135:5000"] | |
| } | |
| c. restart service docker | |
| sudo systemctl restart docker | |
| d. membuat tag sesuai dengan alamat IP | |
| docker tag myapp 10.10.4.134:5000/wawanimage | |
| e. upload image ke registri | |
| docker push 10.10.4.134:5000/wawanimage | |
| f. cek list image lewat browser | |
| http://IP_REGISTRY:5000/v2/_catalog | |
| 0. Mmebuat self sign certificate | |
| cd | |
| mkdir registry | |
| mkdir registry/cert | |
| openssl req \ | |
| -newkey rsa:4096 -nodes -sha256 -keyout registry/certs/domain.key \ | |
| -addext "subjectAltName = DNS:inixregistry.com" \ | |
| -x509 -days 365 -out registry/certs/domain.crt | |
| ------ jangan lupa untuk mengisi pada Input Common Name (CN) di isikan inixregistry.com | |
| ------------ trust domain root CA di setiap Docker Enggine | |
| cd | |
| mkdir /etc/docker/certs.d/ | |
| mkdir /etc/docker/certs.d/inixregistry.com | |
| sudo cp registry/cert/domain.crt /etc/docker/cert.d/inixregistry.com/ca.crt | |
| 1. membuat username dan password | |
| cd | |
| mkdir registry | |
| mkdir registry/auth | |
| docker run --entrypoint htpasswd httpd:2 -Bbn wawan abc > auth/htpasswd | |
| 2. menjalankan registry dengan password yang telah di buat | |
| cd | |
| docker run -d -p 443:443 --name myregistry -h myregistry -v `pwd`/registry/auth:/auth \ | |
| -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registy Realm" \ | |
| -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \ | |
| -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \ | |
| -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ | |
| -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \ | |
| -v `pwd`/registry/cert:/certs \ | |
| registry | |
| 3. membuat dns |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment