系统版本：CentOS Linux release 7.2.1511 (Core)

目的：基于docker创建一个registry容器，做为docker仓库给其它机器拉取镜像用

安装iptables 如果有iptables，就略过

[root@localhost ~]# yum install -y iptables iptables-utils iptables-services
[root@localhost ~]# systemctl start iptables
[root@localhost ~]# systemctl enable iptables

# 安装docker

[root@localhost ~]# yum install -y docker

# 启动

[root@localhost ~]# systemctl start docker

# 开机启动docker服务

[root@localhost ~]# systemctl enable docker

# 查询docker 私库镜像环境名称 找官方的

[root@localhost ~]# docker search registry
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
docker.io docker.io/registry The Docker Registry 2.0 implementation for... 1426 [OK]

# 拉取私库镜像

[root@localhost ~]# docker pull docker.io/registry

# 查看本地镜像

[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/registry latest 136c8b16df20 6 days ago 33.17 MB

# 根据本地registry镜像启动一个容器，指定容器名，主机名，挂载卷

[root@localhost ~]# docker run -d --name=docker-repo -h docker-repo -p 5000:5000 -v /home/docker_repo:/var/lib/registry 136c8b16df20

registry私库默认监听在5000端口上

# 为了测试方便，从官方拉取一个 busybox 镜像（体积小）

[root@localhost ~]# docker pull busybox
Using default tag: latest
Trying to pull repository docker.io/library/busybox ...
latest: Pulling from docker.io/library/busybox
7520415ce762: Pull complete
Digest: sha256:32f093055929dbc23dec4d03e09dfe971f5973a9ca5cf059cbfb644c206aa83f

# 查看busybox镜像

[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/registry latest 136c8b16df20 7 days ago 33.17 MB
docker.io/busybox latest 00f017a8c2a6 5 weeks ago 1.11 MB

# 通过docker tag将 docker.io/busybox 镜像打一个标签，该镜像标志为要推送到私有仓库

[root@localhost ~]# docker tag docker.io/busybox 192.168.1.50:5000/busybox

# 注意命名 仓库地址+镜像名

[root@VM_33_244_centos ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/registry latest 136c8b16df20 7 days ago 33.17 MB
192.168.1.50:5000/busybox latest 00f017a8c2a6 5 weeks ago 1.11 MB
docker.io/busybox latest 00f017a8c2a6 5 weeks ago 1.11 MB

#然后把 docker.io/busybox push到私有仓库中

[root@localhost ~]# docker push 192.168.1.50:5000/busybox
The push refers to a repository [192.168.1.50:5000/busybox]
c0de73ac9968: Mounted from busybox_small
latest: digest: sha256:68effe31a4ae8312e47f54bec52d1fc925908009ce7e6f734e1b54a4169081c5 size: 527

浏览器访问：
http://192.168.1.50:5000/v2/_catalog

# 删除本地busybox镜像

[root@localhost ~]# docker rmi -f 00f017a8c2a6

# 从私有仓库拉取

[root@localhost ~]# docker pull 192.168.1.50:5000/busybox
Using default tag: latest
Trying to pull repository 192.168.1.50:5000/busybox ...
latest: Pulling from 192.168.1.50:5000/busybox
04176c8b224a: Pull complete
Digest: sha256:68effe31a4ae8312e47f54bec52d1fc925908009ce7e6f734e1b54a4169081c5
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/registry latest 136c8b16df20 7 days ago 33.17 MB
192.168.1.50:5000/busybox latest 00f017a8c2a6 5 weeks ago 1.11 MB

# 注意事项
需要添加私有仓库信任 否则会报一个 http: server gave HTTP response to HTTPS client 错误
把 /etc/sysconfig/docker

OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false'
改为：
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry=192.168.1.50:5000'

重启docker生效

registry 私库默认用/bin/sh登陆
镜像默认保存在 /var/lib/registry/docker/registry/v2/repositories 中

直接删除 上面目录下的文件夹，就可以删除镜像。

docker的端口映射是通过iptables实现，如果重启iptables，容器端口映射失效，需要重启docker服务。