Jump to content

We measure success with smiles

Making Your Event a Success!

Recommended Posts

  • Administrators
Posted

Coding against virtual, disposable replicas of production helps you get more work done.

Introduction:
A Docker private registry is a valuable tool for managing and distributing Docker images within your organization. It allows you to store, share, and control access to container images privately. This document outlines the step-by-step process to set up a Docker private registry on an AlmaLinux system.

Step 1: Docker Installation:
Add the Docker repository: Use the dnf config-manager command to add the Docker repository for CentOS.

dnf config-manager --add-repo=docker-ce.repo

Verify the repository is added: Check the available repositories using dnf repolist -v.

dnf repolist -v

Install Docker: Use dnf install docker-ce to install Docker.

dnf install docker-ce

Start Docker: Use systemctl start docker

systemctl start docker

Enable Docker: Use systemctl enable docker to enable the Docker service.

systemctl enable docker

Status of Docker: Use systemctl status docker

systemctl status docker

Check Docker version: Verify the Docker installation with docker — version.

docker — version

Step 2: Registry Container Setup:
Create a directory for registry storage: Use mkdir /docker_repo to create a directory for registry storage.

mkdir /docker_repo

Run the Docker registry container: Start the Docker registry container with the appropriate options, such as volume mappings and environment variables.

docker run --detach
--restart=always
--name registry
--volume /docker_repo:/docker_repo
--env REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/docker_repo
--publish 5000:5000
registry


Verify the container status: Check the status of the registry container using docker ps.

docker ps

Check that port 5000 (the port you configured) is listening with netstat

netstat -tlnp | grep :5000

Step 3: Install a TLS Certificate:
Create directory for certs

mkdir /certs


Assign IP to hostname using the /etc/hosts file

cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.222.134 hosangit.almalinux


Generate a TLS certificate: Use the openssl req command to generate a self-signed TLS certificate with the appropriate subject alternate name (SAN).

openssl req
-newkey rsa:4096 -nodes -sha256 -keyout /certs/hosangit.almalinux.key
-addext "subjectAltName = DNS:hosangit.almalinux"
-x509 -days 365 -out /certs/hosangit.almalinux.crt
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /certs/hosangit.almalinux.key -out /certs/hosangit.almalinux.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:MI
Locality Name (eg, city) [Default City]:Flint
Organization Name (eg, company) [Default Company Ltd]:HIT
Organizational Unit Name (eg, section) []:DevOps
Common Name ()eg, your name or your server's hostname) []:hosangit.almalinux
Email Address []: hosangit@mwg.com

Save the certificate: Store the generated certificate and private key files in the /certs directory.

Step 4: Nginx Setup:
Install Nginx: Use dnf install nginx to install the Nginx web server.

dnf install nginx -y


Configure Nginx: Edit the Nginx configuration files to set up a reverse proxy for the Docker registry.

vi /etc/nginx/nginx.conf #add this line at http section
client_max_body_size 2048m;
vi /etc/nginx/conf.d/hosangit.almalinux.conf
server {
listen 80;
server_name hosangit.almalinux;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name hosangit.almalinux;
# ssl params
ssl_certificate /certs/hosangit.almalinux.crt;
ssl_certificate_key /certs/hosangit.almalinux.key;
ssl_protocols TLSv1.2;
location / {
proxy_pass

proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 600;
}
}


Restart Nginx: Restart the Nginx service to apply the configuration changes.

systemctl stop firewalld.service
systemctl disable firewalld.service
setenforce 0
systemctl restart nginx
curl -kIL http://hosangit.almalinux/v2/ 

Step 5: Push Image to Private Registry:
Run a sample container: Start a container using the docker run command.

docker run --name webserver --detach nginx
docker exec -it webserver /bin/bash
apt update
apt install iproute2 iputils-ping net-tools -y

edit daemon.json

vi /etc/docker/daemon.json
{
"insecure-registries" : ["https://hosangit.almalinux"]
}

 

mkdir -p /etc/docker/certs.d/hosangit.almalinux
cp /certs/hosangit.almalinux.crt /etc/docker/certs.d/hosangit.almalinux/
systemctl restart docker
docker image ls


Commit the container: Use docker commit to create a new image from the running container.

docker commit webserver nginx


Tag the image: Assign a new tag to the image using docker tag.

docker tag nginx ahosan1.almalinux/nginx
docker image ls


Push the image: Push the image to the private registry using docker push.

docker push hosangit.almalinux/nginx
curl -kL https://hosangit.almalinux/v2/_catalog --run in one tab
docker logs -f registry --run in one tab

tail -1000f /var/log/nginx/access.log

Step 6: Pull & Push Images at Private Registry:
Verify the private registry: Check the repositories available in the private registry using curl.
Pull and tag the image: Pull an image from a public repository and tag it for the private registry.
Push the image to the private registry: Use docker push to push the image to the private registry.
Verify image availability: Check that the pushed image is available in the private registry.

Step 7: Pull & Push Images from Remote Host:
Configure remote host: Update the /etc/hosts file on a remote host to resolve the private registry hostname.
Configure Docker on the remote host: Configure Docker on the remote host to use the private registry as a mirror.
Restart Docker on the remote host: Restart the Docker service on the remote host to apply the configuration changes.
Pull images from the remote host: Pull images from the private registry on the remote host.

Step 8: Delete Image from Private Registry and Push Images from Remote:
Delete image from private registry: Remove an image from the private registry.
Restart the registry container: Restart the registry container to reflect the changes.
Check the registry status: Use curl to verify the repositories in the private registry.
Delete and push images from a remote host: Delete and push images from the private registry on a remote host.
Verify image availability: Confirm that the images are pushed and available in the private registry.

Conclusion:
Setting up a Docker private registry on AlmaLinux involves multiple steps, including Docker installation, registry container setup, TLS certificate generation, Nginx configuration, image management, and interaction between local and remote hosts. Following these steps allows you to create a secure and controlled environment for storing and distributing Docker images within your organization.

 

  • Administrators
Posted

Pretty cool way of creating a home lab is utilizing Container Station on a QNAP NAS device which offers Docker and LXD.

My goal is to test NGINX as a loadbalancer and what I have to use is...
1 QNAP 6bay NAS
1 QNAP 2bay NAS
**both running Container Station

I'm running three NGINX Containers on the QNAP 6bay and using bridge networking and assigning static IPs
192.168.10.101
192.168.10.102
192.168.10.103

On the 2bay NAS I'm running my pool members which are LAMP web servers
192.168.10.121
192.168.10.122

To build the alpine linux docker containers I ssh to the 2bay NAS
[scode lang="{language}"]mkdir -p alpine-sshd
cd alpine-sshd/
touch Dockerfile[/scode]

[scode lang="{language}"]vi Dockerfile
FROM alpine:latest
LABEL maintainer="hosang i.t. [email protected]"
RUN apk add --update --no-cache openssh
RUN echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config
RUN adduser -h /home/dennis -s /bin/sh -D dennis
RUN echo -n 'dennis:somepassword!' | chpasswd
ENTRYPOINT ["/entrypoint.sh"]
EXPOSE 22
COPY entrypoint.sh /[/scode]

[scode lang="{language}"]vi entrypoint.sh
#!/bin/sh
ssh-keygen -A
exec /usr/sbin/sshd -D -e "$@"[/scode]

[scode lang="{language}"]chmod +x -v entrypoint.sh[/scode]

[scode lang="{language}"]docker build -t alpine-sshd .[/scode]

To build the ubuntu linux docker containers I ssh to the 2bay NAS
[scode lang="{language}"]mkdir -p ubuntu-sshd
cd ubuntu-sshd/
touch Dockerfile[/scode]

[scode lang="{language}"]vi Dockerfile
# Download base image ubuntu 22.04
FROM ubuntu:22.04
LABEL maintainer="hosang i.t. [email protected]"
LABEL version="0.1"
LABEL description="This is a custom Docker Image for PHP-FPM and Nginx."
# Disable Prompt During Packages Installation
ARG DEBIAN_FRONTEND=noninteractive
# Update Ubuntu Software repository
RUN apt update
# Install nginx, php-fpm and supervisord from ubuntu repository
RUN apt install -y nginx php-fpm supervisor openssh
RUN rm -rf /var/lib/apt/lists/*
RUN apt clean
# Define the ENV variable
ENV nginx_vhost /etc/nginx/sites-available/default
ENV php_conf /etc/php/8.1/fpm/php.ini
ENV nginx_conf /etc/nginx/nginx.conf
ENV supervisor_conf /etc/supervisor/supervisord.conf
# Enable PHP-fpm on nginx virtualhost configuration
COPY default ${nginx_vhost}
RUN sed -i -e 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' ${php_conf} && echo "ndaemon off;" >> ${nginx_conf}
#Copy supervisor configuration
COPY supervisord.conf ${supervisor_conf}
RUN mkdir -p /run/php
RUN chown -R www-data:www-data /var/www/html
RUN chown -R www-data:www-data /run/php
# Volume configuration
VOLUME ["/etc/nginx/sites-enabled", "/etc/nginx/certs", "/etc/nginx/conf.d", "/var/log/nginx", "/var/www/html"]
# Copy start.sh script and define default command for the container
COPY start.sh /start.sh
CMD ["./start.sh"]
# Expose Port for the Application
EXPOSE 80 443 22[/scode]

[scode lang="{language}"]vi default
server {
listen 80 default_server;

root /var/www/html;
index index.html index.htm index.nginx-debian.html;

server_name _;

location / {
try_files $uri $uri/ =404;
}

location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
}
}[/scode]

[scode lang="{language}"]vi supervisord.conf
[unix_http_server]
file=/dev/shm/supervisor.sock ; (the path to the socket file)

[supervisord]
logfile=/var/log/supervisord.log ; (main log file;default $CWD/supervisord.log)
logfile_maxbytes=50MB ; (max main logfile bytes b4 rotation;default 50MB)
logfile_backups=10 ; (num of main logfile rotation backups;default 10)
loglevel=info ; (log level;default info; others: debug,warn,trace)
pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
nodaemon=false ; (start in foreground if true;default false)
minfds=1024 ; (min. avail startup file descriptors;default 1024)
minprocs=200 ; (min. avail process descriptors;default 200)
user=root ;

[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface

[supervisorctl]
serverurl=unix:///dev/shm/supervisor.sock ; use a unix:// URL for a unix socket

[include]
files = /etc/supervisor/conf.d/*.conf

[program:php-fpm8.1]
command=/usr/sbin/php-fpm8.1 -F
numprocs=1
autostart=true
autorestart=true

[program:nginx]
command=/usr/sbin/nginx
numprocs=1
autostart=true
autorestart=true[/scode]

[scode lang="{language}"]vi start.sh
#!/bin/sh
/usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf[/scode]

[scode lang="{language}"]chmod +x start.sh
[/scode]
[scode lang="{language}"]docker build -t nginx-image .[/scode]

[scode lang="{language}"]mkdir -p /var/webroot
docker run -d -v /var/webroot:/var/www/html -p 8080:80 --name test-container nginx-image[/scode]

Create index.html test page
[scode lang="{language}"]echo '

Nginx and PHP-FPM 8.1 inside Docker Container with Ubuntu 22.04 Base Image

' > /var/webroot/index.html
[/scode]

Test by running these commands
[scode lang="{language}"]curl server-ip:8080
curl -I server-ip:8080[/scode]



×
×
  • Create New...

Important Information

Privacy Policy