[Docker] Build a Docker image warehouse

Article directory

Preface: Public warehouses and private warehouses
- Public mirror warehouse
- Private image warehouse
1. Build a Docker image warehouse
2. Push and pull images to private image warehouses
- 2.1 Push the local image to the private warehouse
- 2.2 Pull the image from the private warehouse

Preface: Public warehouses and private warehouses

In the Docker ecosystem, the Docker Registry plays a key role in storing and sharing Docker images. Mirror warehouses come in two forms: public and private, and each form has its specific application scenarios.

Public mirror warehouse

Docker Hub

Docker Hub is a Docker public repository and one of the largest Docker image repositories. It provides a large number of public images for users to use. You can find official base images on Docker Hub, as well as images of various applications and tools shared by other users.

Public warehouse provided by domestic cloud service providers

Due to the slow access speed of Docker Hub in China, some domestic cloud service providers provide public services similar to Docker Hub. For example, NetEase Cloud Image Service, DaoCloud Image Service, Alibaba Cloud Image Service, etc. all provide stable and fast public image warehouses.

Private image warehouse

Why build a private mirror warehouse?

Although public repositories provide a large number of images for users to use, in some specific scenarios, companies or individuals may want to build their own private Docker Registry. The main reasons include:

Security: Some sensitive applications or data are not suitable for storage in public warehouses, so a controlled, private storage environment is required.
Bandwidth control: In some special network environments, the download speed of using a public repository may not be ideal. Building a private repository can better control the image pull speed.
Customized requirements: Enterprises may have their own special image requirements and need to build and manage specific versions of images internally.

Docker Registry

Docker Registry is the official warehouse service provided by Docker, which supports users to build their own private mirror warehouse. You can deploy Docker Registry on your own server and build a private warehouse through simple configuration.

For detailed steps to build a private Docker Registry, please refer to the official documentation: Docker Registry Deployment .

Application of private Docker Registry in enterprises

Within the enterprise, private Docker Registry is widely used. It not only provides enterprises with a more secure and controllable image management environment, but also supports continuous integration and continuous deployment processes within the enterprise. By building a private warehouse, enterprises can better manage and customize their own images to ensure the stability and safe operation of applications.

In general, the choice of using a public warehouse or building a private warehouse depends on the specific usage scenarios and needs. In practical applications, a combination of public and private warehouses is sometimes used, with flexible choices based on actual needs.

1. Build a Docker image warehouse

In the Docker ecosystem, the Docker Registry is used to store and manage Docker images. You can choose to use a public repository, such as Docker Hub, or build a private Docker Registry for internal use within your team or organization.

Official website address: https://hub.docker.com/_/registry .

1.1 Build a simplified version of the mirror warehouse

Docker officially provides a simplified version of the Docker Registry image, which has complete warehouse management functions, but lacks a graphical interface. Here is a simple build command:

docker run -d \
    --restart=always \
    --name registry \
    -p 5000:5000 \
    -v registry-data:/var/lib/registry \
    registry

Parameter description in this command:

-d: Run the container in the background.
--restart=always: Set the container to always restart when Docker starts.
--name registry: Specify a name for the container, here it is registry.
-p 5000:5000: Map the host's 5000 port to the container's 5000 port.
-v registry-data:/var/lib/registry: Mount the data volume registry-datato the directory within the container /var/lib/registryfor persistent storage of image data.
registry: Image name to use.

Through the above command, a Docker Registry service is successfully run. Visit http://主机IP:5000/v2/_catalogto view the images included in the current private image service.

1.2 Build a mirror warehouse with a graphical interface

There are some third-party tools that provide a graphical interface for Docker Registry, making image management more intuitive. A commonly used tool is docker-registry-ui. Through Docker Compose, we can easily build a Docker Registry service with a graphical interface. Here is a simple docker-compose.ymlfile:

version: '3.0'
services:
  registry:
    image: registry
    volumes:
      - ./registry-data:/var/lib/registry
  ui:
    image: joxit/docker-registry-ui:static
    ports:
      - 8080:80
    environment:
      - REGISTRY_TITLE=私有仓库
      - REGISTRY_URL=http://registry:5000
    depends_on:
      - registry

This docker-compose.ymlfile includes two services: registryand ui. Among them, registrythe official Docker Registry image is used and the data volume is mounted; the image uiis used docker-registry-uiand the environment variables are configured, including the title and address of the private warehouse.

1.3 Configure Docker trusted address

Because the private server uses the HTTP protocol, it is not trusted by Docker by default, so it needs to be configured. Edit the Docker daemon configuration file:

# 打开要修改的文件
vim /etc/docker/daemon.json

Add the following:

"insecure-registries": ["http://主机IP:8080"]

Save and exit. Reload the Docker daemon configuration and restart Docker:

systemctl daemon-reload
systemctl restart docker

Through the above steps, a simplified version of the Docker image warehouse has been successfully built, and Docker Compose can also be used to deploy a Docker Registry with a graphical interface.

Then access: through the browser http://主机IP:8080/, you can see the UI interface for private mirror viewing.

2. Push and pull images to private image warehouses

2.1 Push the local image to the private warehouse

For example, if you want to nginxrename the local image now , please note that the name prefix is the address of the private warehouse: .tagnginx:1.0192.168.150.101:8080/

docker tag nginx:latest 192.168.211.128:8080/nginx:1.0

The meaning is to give the local image a new label so that it adapts to the private warehouse address.

Then push it to the private repository:

docker push 192.168.211.128:8080/nginx:1.0

Its meaning is to push the tagged image to the private warehouse.

After the push is successful, you can see the corresponding image in the graphical interface of the private warehouse.

2.2 Pull the image from the private warehouse

Pulling an image is the process of downloading an image from a remote repository for local use. You can easily pull images from private repositories using Docker commands.
The process of pushing local images to private repositories is already very detailed. Next, let’s take a look at the steps to pull the image.

Now there is an image in the private repository nginx:1.0, and we can pull it locally with the following command:

docker pull 192.168.211.128:8080/nginx:1.0

1.0The meaning of this command is to pull the image labeled with from the specified private warehouse address nginx.

After the pull is successful, you can use this image locally.

For example, the entire steps of pulling a private warehouse image:

First delete the local nginximage
Pull the image from the private repository

You can directly copy the command to pull the image in the UI interface of the private warehouse:

Execute this command in the terminal and find that the pull is successful: