Skip to content

搭建自己的nexus私有仓库5--测试docker仓库pull和push

本文档是nexus系列课程第5篇。

第4篇中,已经使用nexus创建docker代理仓库(proxy)、本地仓库(hosted)和聚合仓库(group),并尝试通过HTTP方式从代理仓库下载镜像,并且可以正常下载镜像。

本文计划做以下事情:

  • 使用HTTP形式,分别测试从代理仓库、本地仓库、聚合仓库下载镜像,构建镜像并上传到私有仓库。
  • 使用HTTPS形式,配置nginx反向代理,从代理仓库下载镜像,构建镜像并上传到私有仓库。(下一篇再处理。)

以下是实验环境:

主机IP主机名操作系统docker版本自定义域名
1192.168.56.11nexusCentOS 7.6.181020.10.5nexushub.com
2192.168.56.12masterCentOS 7.6.181020.10.5

0. 准备工作

请在主机2以及你的电脑上面配置域名解析:

sh
[root@master ~]# tail -n 1 /etc/hosts
192.168.56.11 nexushub.com

注意,实际操作时,请将192.168.56.11替换成你服务器的内网IP或者公网IP,nexushub.com替换成你想使用的域名。

1. 前情回顾

我们在搭建自己的nexus私有仓库4--创建docker私有仓库 中是使用的以下命令启动nexus容器:

sh
[root@nexus ~]# docker run -d --restart always -p 8081:8081 -p 8001-8003:8001-8003  -v /some/dir/nexus-data:/nexus-data --name nexus sonatype/nexus3:3.59.0
8b931229efd4a2749a16342b149901a74674ec5b771591a808baebc744ebcdc4
[root@nexus ~]# docker ps
CONTAINER ID   IMAGE                    COMMAND                  CREATED         STATUS         PORTS                                                      NAMES
8b931229efd4   sonatype/nexus3:3.59.0   "/opt/sonatype/nexus…"   4 seconds ago   Up 3 seconds   0.0.0.0:8001-8003->8001-8003/tcp, 0.0.0.0:8081->8081/tcp   nexus
[root@nexus ~]# netstat -tunlp|grep docker
tcp        0      0 0.0.0.0:8081            0.0.0.0:*               LISTEN      24765/docker-proxy
tcp        0      0 0.0.0.0:8001            0.0.0.0:*               LISTEN      24801/docker-proxy
tcp        0      0 0.0.0.0:8002            0.0.0.0:*               LISTEN      24789/docker-proxy
tcp        0      0 0.0.0.0:8003            0.0.0.0:*               LISTEN      24777/docker-proxy
[root@nexus ~]#

可以看到,除了管理端口8081监听了,8001、8002和8003端口也监听了。

2. docker仓库规划

在Nexus3中支持3种Docker仓库:

  • hosted:本地仓库,同Docker官方仓库一样。
  • proxy:代理仓库,提供代理其他仓库的功能,如我内网只有一台主机能上网,其他主机不能上网,则可以在可以上网的主机上面配置这种代理仓库,然后别的不能上网的主机就可以通过该代理仓库下载docker镜像了。
  • group:聚合仓库,将多个仓库组合成一个仓库。

我需要配置这三种类型的仓库,现规划如下:

仓库类型仓库名称HTTP端口号HTTPS端口号支持docker操作
proxy代理仓库docker-proxy8001不设置pull
hosted本地仓库docker-hosted8002不设置pull、push
group聚合仓库docker-group8003不设置pull

3. 测试docker仓库pull和push

3.1 测试docker-proxy代理仓库

3.1.1 测试docker-proxy代理仓库的pull

先修改/etc/docker/daemon.json配置:

sh
[root@master ~]# cd /etc/docker/

# 备份
[root@master docker]# cp -p daemon.json daemon.json.20240124.bak

# 修改配置文件
[root@master docker]# vi daemon.json

# 查看配置文件内容
[root@master docker]# cat daemon.json
{
    "insecure-registries":[
        "nexushub.com:8001"
    ],
    "registry-mirrors":[
        "http://nexushub.com:8001"
    ],
    "data-root": "/data/docker"
}
[root@master docker]#

注意,跟nexushub.com相关的是我新加的。

重启docker服务:

sh
[root@master ~]# systemctl restart docker

再次查看docker信息:

sh
[root@master ~]# docker info|tail -n 7
 Insecure Registries:
  nexushub.com:8001
  127.0.0.0/8
 Registry Mirrors:
  http://nexushub.com:8001/
 Live Restore Enabled: false

[root@master ~]#

可以看到,现在只使用docker-proxy代理仓库进行加速。

然后下载镜像:

sh
# 下载alpine镜像指定版本
[root@master ~]# docker images
REPOSITORY   TAG       IMAGE ID   CREATED   SIZE
[root@master ~]# docker pull alpine:3.19
3.19: Pulling from library/alpine
661ff4d9561e: Pull complete
Digest: sha256:51b67269f354137895d43f3b3d810bfacd3945438e94dc5ac55fdac340352f48
Status: Downloaded newer image for alpine:3.19
docker.io/library/alpine:3.19
[root@master ~]# date
Wed Jan 24 21:37:13 CST 2024
[root@master ~]#

可以看到,能够正常下载。

并且在Browse浏览器界面也可以看到刚才下载的镜像信息,对应的alpine镜像版本是3.19,所使用的仓库,容器仓库Containing repo是docker-proxy代理仓库。

3.1.2 测试docker-proxy代理仓库的push

参考 https://hub-stage.docker.com/_/alpine 来构建一个本地镜像,并尝试push到仓库中。

创建构建mysql镜像的文件夹和Dockerfile文件:

sh
[root@master ~]# mkdir mysql
[root@master ~]# cd mysql/
[root@master mysql]# vi Dockerfile
[root@master mysql]# cat Dockerfile
FROM alpine:3.9
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories \
    && apk add --update mysql-client \
    && rm -rf /var/cache/apk/*
ENTRYPOINT ["mysql"]

[root@master mysql]#

参考: Alpine 镜像使用帮助

使用sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories 加速alpine软件包安装。

构建镜像:

sh
[root@master mysql]# docker build --tag mysql-client:proxy .
Sending build context to Docker daemon  2.048kB
Step 1/3 : FROM alpine:3.9
3.9: Pulling from library/alpine
31603596830f: Pull complete
Digest: sha256:414e0518bb9228d35e4cd5165567fb91d26c6a214e9c95899e1e056fcd349011
Status: Downloaded newer image for alpine:3.9
 ---> 78a2ce922f86
Step 2/3 : RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories     && apk add --update mysql-client     && rm -rf /var/cache/apk/*
 ---> Running in 2108c31c0b42
fetch http://mirrors.tuna.tsinghua.edu.cn/alpine/v3.9/main/x86_64/APKINDEX.tar.gz
fetch http://mirrors.tuna.tsinghua.edu.cn/alpine/v3.9/community/x86_64/APKINDEX.tar.gz
(1/8) Installing mariadb-common (10.3.25-r0)
(2/8) Installing ncurses-terminfo-base (6.1_p20190105-r0)
(3/8) Installing ncurses-terminfo (6.1_p20190105-r0)
(4/8) Installing ncurses-libs (6.1_p20190105-r0)
(5/8) Installing libgcc (8.3.0-r0)
(6/8) Installing libstdc++ (8.3.0-r0)
(7/8) Installing mariadb-client (10.3.25-r0)
(8/8) Installing mysql-client (10.3.25-r0)
Executing busybox-1.29.3-r10.trigger
OK: 45 MiB in 22 packages
Removing intermediate container 2108c31c0b42
 ---> 12f6f9a7c8b9
Step 3/3 : ENTRYPOINT ["mysql"]
 ---> Running in 2de87bfa1035
Removing intermediate container 2de87bfa1035
 ---> f326dd608a3f
Successfully built f326dd608a3f
Successfully tagged mysql-client:proxy
[root@master mysql]#

查看镜像:

sh
[root@master ~]# docker images
REPOSITORY     TAG       IMAGE ID       CREATED         SIZE
mysql-client   proxy     f326dd608a3f   8 minutes ago   41.1MB
alpine         3.19      f8c20f8bbcb6   6 weeks ago     7.38MB
alpine         3.9       78a2ce922f86   3 years ago     5.55MB
[root@master ~]#

重新打标签并上传镜像:

sh
重新打标签
[root@master ~]# docker tag mysql-client:proxy nexushub.com:8001/mysql-client:proxy
[root@master ~]# docker images
REPOSITORY                       TAG       IMAGE ID       CREATED          SIZE
mysql-client                     proxy     f326dd608a3f   16 minutes ago   41.1MB
nexushub.com:8001/mysql-client   proxy     f326dd608a3f   16 minutes ago   41.1MB
alpine                           3.19      f8c20f8bbcb6   6 weeks ago      7.38MB
alpine                           3.9       78a2ce922f86   3 years ago      5.55MB

# 登陆
[root@master ~]# docker login http://nexushub.com:8001
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

# 上传
[root@master ~]# docker push nexushub.com:8001/mysql-client:proxy
The push refers to repository [nexushub.com:8001/mysql-client]
55af1c19d0db: Preparing
89ae5c4ee501: Preparing
error parsing HTTP 404 response body: invalid character '<' looking for beginning of value: "\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n  <title>404 - Sonatype Nexus Repository</title>\n  <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\"/>\n\n\n  <link rel=\"icon\" type=\"image/png\" href=\"../../../../../../static/rapture/resources/safari-favicon-32x32.png?3.59.0-01\" sizes=\"32x32\">\n  <link rel=\"mask-icon\" href=\"../../../../../../static/rapture/resources/favicon-white.svg?3.59.0-01\" color=\"#00bb6c\">\n  <link rel=\"icon\" type=\"image/png\" href=\"../../../../../../static/rapture/resources/favicon.svg?3.59.0-01\" sizes=\"16x16\">\n\n  <link rel=\"stylesheet\" type=\"text/css\" href=\"../../../../../../static/css/nexus-content.css?3.59.0-01\"/>\n</head>\n<body>\n<div class=\"nexus-header\">\n  <a href=\"../../../../../..\">\n    <div class=\"product-logo\">\n      <img src=\"../../../../../../static/rapture/resources/nxrm-reverse-icon.png?3.59.0-01\" alt=\"Product logo\"/>\n    </div>\n    <div class=\"product-id\">\n      <div class=\"product-id__line-1\">\n        <span class=\"product-name\">Sonatype Nexus Repository</span>\n      </div>\n      <div class=\"product-id__line-2\">\n        <span class=\"product-spec\">OSS 3.59.0-01</span>\n      </div>\n    </div>\n  </a>\n</div>\n\n<div class=\"nexus-body\">\n  <div class=\"content-header\">\n    <img src=\"../../../../../../static/rapture/resources/icons/x32/exclamation.png?3.59.0-01\" alt=\"Exclamation point\" aria-role=\"presentation\"/>\n    <span class=\"title\">Error 404</span>\n    <span class=\"description\">Not Found</span>\n  </div>\n  <div class=\"content-body\">\n    <div class=\"content-section\">\n      Not Found\n    </div>\n  </div>\n</div>\n</body>\n</html>\n\n"
[root@master ~]#

此处,我们不管构建的镜像能不能正常运行,只看镜像能不能正常push上传,可以看到上传镜像失败了。

3.1.3 测试docker-proxy代理仓库的search功能

可以使用docker search搜索镜像:

sh
[root@master ~]# docker search alpine
NAME                               DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
alpine                             A minimal Docker image based on Alpine Linux…   10627     [OK]
alpinelinux/unbound                                                                11
alpinelinux/docker-cli             Simple and lightweight Alpine Linux image wi…   10
alpinelinux/ansible                Ansible in docker                               9
grafana/alpine                     Alpine Linux with ca-certificates package in…   7
alpinelinux/gitlab-runner-helper   Helper image container gitlab-runner-helper …   6
alpinelinux/gitlab-runner          Alpine Linux gitlab-runner (supports more ar…   5
alpinelinux/alpine-gitlab-ci       Build Alpine Linux packages with Gitlab CI      3
alpinelinux/golang                 Build container for golang based on Alpine L…   2
alpinelinux/docker-compose         docker-compose image based on Alpine Linux      2
alpinelinux/rsyncd                                                                 2
alpinelinux/darkhttpd                                                              2
kasmweb/alpine-317-desktop         Alpine 3.17 desktop for Kasm Workspaces         1
alpinelinux/package-builder        Container to build packages for a repository    1
alpinelinux/apkbuild-lint-tools    Tools for linting APKBUILD files in a CI env…   0
alpinelinux/alpine-docker-gitlab   Gitlab running on Alpine Linux                  0
alpinelinux/docker-abuild          Dockerised abuild                               0
alpinelinux/build-base             Base image suitable for building packages wi…   0
alpinelinux/alpine-www             The Alpine Linux public website (www.alpinel…   0
alpinelinux/turbo-paste            Alpine Linux paste service                      0
alpinelinux/mqtt-exec                                                              0
alpinelinux/alpine-drone-ci        Build Alpine Linux packages with drone CI       0
alpinelinux/git-mirror-syncd                                                       0
alpinelinux/mirror-status                                                          0
alpinelinux/docker-alpine                                                          0
[root@master ~]#

可以看到,代理仓库支持搜索功能。

3.2 测试docker-hosted本地仓库

像上一节一样修改/etc/docker/daemon.json配置文件,并重启docker服务:

sh
[root@master ~]# cat /etc/docker/daemon.json
{
    "insecure-registries":[
        "nexushub.com:8002"
    ],
    "registry-mirrors":[
        "http://nexushub.com:8002"
    ],
    "data-root": "/data/docker"
}
[root@master ~]# systemctl restart docker
[root@master ~]# docker info|tail -n 6
  nexushub.com:8002
  127.0.0.0/8
 Registry Mirrors:
  http://nexushub.com:8002/
 Live Restore Enabled: false

[root@master ~]#

3.2.1 测试docker-hosted本地仓库的pull

当我修改了docker的代理仓库地址时,发现拉取镜像不那么好使了,为了确认docker到底有没有走我们的代理,可以使用tcpdump命令抓包。

在执行下载镜像前,使用以下命令开始抓包:

sh
[root@master ~]# tcpdump -w docker.pcap
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes

此时,tcpdump命令开始抓包。

我们重开一个命令行窗口,执行docker pull下载镜像,为了与之前下载的镜像不一样,使用docker pull alpine:3.17命令下载不一样版本标签的镜像:

sh
[root@master ~]# date
Fri Jan 26 21:29:29 CST 2024
[root@master ~]# docker pull alpine:3.17
3.17: Pulling from library/alpine
1207c741d8c9: Pull complete
error pulling image configuration: Get https://registry-1.docker.io/v2/library/alpine/blobs/sha256:7997ad530b088ce1ef0b5e4a705600db0e62a2fd399e3639722b81ebe596d67d: net/http: TLS handshake timeout
[root@master ~]#

此时,可以发现docker去官方仓库下载镜像,出现异常了。

tcpdump窗口,按Ctrl+C停止抓包。然后查看抓包内容,并进行过滤:

sh
[root@master ~]# tcpdump -r docker.pcap |grep docker
reading from file docker.pcap, link-type EN10MB (Ethernet)
21:29:30.981844 IP master.39801 > 183.60.83.19.domain: 39211+ AAAA? registry-1.docker.io. (38)
21:29:30.981891 IP master.41196 > 183.60.83.19.domain: 35656+ A? registry-1.docker.io. (38)
21:29:32.494813 IP master.58750 > 183.60.83.19.domain: 21063+ A? auth.docker.io. (32)
21:29:32.494813 IP master.57133 > 183.60.83.19.domain: 50872+ AAAA? auth.docker.io. (32)
21:29:34.629189 IP master.35928 > 183.60.83.19.domain: 2521+ A? registry-1.docker.io. (38)
21:29:34.629189 IP master.44917 > 183.60.83.19.domain: 60493+ AAAA? registry-1.docker.io. (38)
21:29:42.004018 IP master.39689 > 183.60.83.19.domain: 40605+ AAAA? registry-1.docker.io. (38)
21:29:42.004069 IP master.50498 > 183.60.83.19.domain: 43681+ A? registry-1.docker.io. (38)
21:29:45.811099 IP master.37113 > 183.60.83.19.domain: 58786+ AAAA? registry-1.docker.io. (38)
21:29:45.811101 IP master.42227 > 183.60.83.19.domain: 23235+ A? registry-1.docker.io. (38)
21:29:47.842681 IP master.59306 > 183.60.83.19.domain: 1282+ AAAA? registry-1.docker.io. (38)
21:29:47.842712 IP master.41541 > 183.60.83.19.domain: 19428+ A? registry-1.docker.io. (38)
21:29:49.329197 IP master.38550 > 183.60.83.19.domain: 56599+ AAAA? production.cloudflare.docker.com. (50)
21:29:49.329197 IP master.54597 > 183.60.83.19.domain: 44289+ A? production.cloudflare.docker.com. (50)
[root@master ~]# tcpdump -r docker.pcap |grep nexushub
reading from file docker.pcap, link-type EN10MB (Ethernet)
21:29:30.928183 IP master.47456 > nexushub.com.teradataordbms: Flags [S], seq 4140786466, win 29200, options [mss 1460,sackOK,TS val 7389275 ecr 0,nop,wscale 7], length 0
21:29:30.932360 IP nexushub.com.teradataordbms > master.47456: Flags [S.], seq 653420215, ack 4140786467, win 28960, options [mss 1424,sackOK,TS val 1094546779 ecr 7389275,nop,wscale 7], length 0
21:29:30.932394 IP master.47456 > nexushub.com.teradataordbms: Flags [.], ack 1, win 229, options [nop,nop,TS val 7389279 ecr 1094546779], length 0
21:29:30.932480 IP master.47456 > nexushub.com.teradataordbms: Flags [P.], seq 1:252, ack 1, win 229, options [nop,nop,TS val 7389279 ecr 1094546779], length 251
21:29:30.937268 IP nexushub.com.teradataordbms > master.47456: Flags [.], ack 252, win 235, options [nop,nop,TS val 1094546784 ecr 7389279], length 0
21:29:30.939085 IP nexushub.com.teradataordbms > master.47456: Flags [P.], seq 1:634, ack 252, win 235, options [nop,nop,TS val 1094546786 ecr 7389279], length 633
21:29:30.939095 IP master.47456 > nexushub.com.teradataordbms: Flags [.], ack 634, win 239, options [nop,nop,TS val 7389286 ecr 1094546786], length 0
21:29:30.939098 IP nexushub.com.teradataordbms > master.47456: Flags [F.], seq 634, ack 252, win 235, options [nop,nop,TS val 1094546786 ecr 7389279], length 0
21:29:30.939189 IP master.47456 > nexushub.com.teradataordbms: Flags [F.], seq 252, ack 635, win 239, options [nop,nop,TS val 7389286 ecr 1094546786], length 0
21:29:30.940119 IP master.47458 > nexushub.com.teradataordbms: Flags [S], seq 1817288869, win 29200, options [mss 1460,sackOK,TS val 7389287 ecr 0,nop,wscale 7], length 0
21:29:30.943971 IP nexushub.com.teradataordbms > master.47456: Flags [.], ack 253, win 235, options [nop,nop,TS val 1094546790 ecr 7389286], length 0
21:29:30.945032 IP nexushub.com.teradataordbms > master.47458: Flags [S.], seq 4064665969, ack 1817288870, win 28960, options [mss 1424,sackOK,TS val 1094546792 ecr 7389287,nop,wscale 7], length 0
21:29:30.945049 IP master.47458 > nexushub.com.teradataordbms: Flags [.], ack 1, win 229, options [nop,nop,TS val 7389292 ecr 1094546792], length 0
21:29:30.945142 IP master.47458 > nexushub.com.teradataordbms: Flags [P.], seq 1:354, ack 1, win 229, options [nop,nop,TS val 7389292 ecr 1094546792], length 353
21:29:30.949228 IP nexushub.com.teradataordbms > master.47458: Flags [.], ack 354, win 235, options [nop,nop,TS val 1094546796 ecr 7389292], length 0
21:29:30.950788 IP nexushub.com.teradataordbms > master.47458: Flags [P.], seq 1:411, ack 354, win 235, options [nop,nop,TS val 1094546797 ecr 7389292], length 410
21:29:30.950806 IP master.47458 > nexushub.com.teradataordbms: Flags [.], ack 411, win 237, options [nop,nop,TS val 7389298 ecr 1094546797], length 0
21:29:30.950811 IP nexushub.com.teradataordbms > master.47458: Flags [F.], seq 411, ack 354, win 235, options [nop,nop,TS val 1094546797 ecr 7389292], length 0
21:29:30.950889 IP master.47458 > nexushub.com.teradataordbms: Flags [F.], seq 354, ack 412, win 237, options [nop,nop,TS val 7389298 ecr 1094546797], length 0
21:29:30.951037 IP master.47460 > nexushub.com.teradataordbms: Flags [S], seq 1864346844, win 29200, options [mss 1460,sackOK,TS val 7389298 ecr 0,nop,wscale 7], length 0
21:29:30.954957 IP nexushub.com.teradataordbms > master.47458: Flags [.], ack 355, win 235, options [nop,nop,TS val 1094546801 ecr 7389298], length 0
21:29:30.955927 IP nexushub.com.teradataordbms > master.47460: Flags [S.], seq 632883591, ack 1864346845, win 28960, options [mss 1424,sackOK,TS val 1094546802 ecr 7389298,nop,wscale 7], length 0
21:29:30.955946 IP master.47460 > nexushub.com.teradataordbms: Flags [.], ack 1, win 229, options [nop,nop,TS val 7389303 ecr 1094546802], length 0
21:29:30.956041 IP master.47460 > nexushub.com.teradataordbms: Flags [P.], seq 1:654, ack 1, win 229, options [nop,nop,TS val 7389303 ecr 1094546802], length 653
21:29:30.960143 IP nexushub.com.teradataordbms > master.47460: Flags [.], ack 654, win 237, options [nop,nop,TS val 1094546807 ecr 7389303], length 0
21:29:30.963244 IP nexushub.com.teradataordbms > master.47460: Flags [P.], seq 1:406, ack 654, win 237, options [nop,nop,TS val 1094546810 ecr 7389303], length 405
21:29:30.963254 IP master.47460 > nexushub.com.teradataordbms: Flags [.], ack 406, win 237, options [nop,nop,TS val 7389310 ecr 1094546810], length 0
21:29:30.963256 IP nexushub.com.teradataordbms > master.47460: Flags [F.], seq 406, ack 654, win 237, options [nop,nop,TS val 1094546810 ecr 7389303], length 0
21:29:30.963329 IP master.47460 > nexushub.com.teradataordbms: Flags [F.], seq 654, ack 407, win 237, options [nop,nop,TS val 7389310 ecr 1094546810], length 0
21:29:30.963486 IP master.47462 > nexushub.com.teradataordbms: Flags [S], seq 3505736660, win 29200, options [mss 1460,sackOK,TS val 7389310 ecr 0,nop,wscale 7], length 0
21:29:30.967399 IP nexushub.com.teradataordbms > master.47460: Flags [.], ack 655, win 237, options [nop,nop,TS val 1094546814 ecr 7389310], length 0
21:29:30.968399 IP nexushub.com.teradataordbms > master.47462: Flags [S.], seq 1793806116, ack 3505736661, win 28960, options [mss 1424,sackOK,TS val 1094546815 ecr 7389310,nop,wscale 7], length 0
21:29:30.968413 IP master.47462 > nexushub.com.teradataordbms: Flags [.], ack 1, win 229, options [nop,nop,TS val 7389315 ecr 1094546815], length 0
21:29:30.968520 IP master.47462 > nexushub.com.teradataordbms: Flags [P.], seq 1:676, ack 1, win 229, options [nop,nop,TS val 7389315 ecr 1094546815], length 675
21:29:30.972658 IP nexushub.com.teradataordbms > master.47462: Flags [.], ack 676, win 237, options [nop,nop,TS val 1094546819 ecr 7389315], length 0
21:29:30.981318 IP nexushub.com.teradataordbms > master.47462: Flags [P.], seq 1:527, ack 676, win 237, options [nop,nop,TS val 1094546828 ecr 7389315], length 526
21:29:30.981353 IP master.47462 > nexushub.com.teradataordbms: Flags [.], ack 527, win 237, options [nop,nop,TS val 7389328 ecr 1094546828], length 0
21:29:30.981358 IP nexushub.com.teradataordbms > master.47462: Flags [F.], seq 527, ack 676, win 237, options [nop,nop,TS val 1094546828 ecr 7389315], length 0
21:29:30.981462 IP master.47462 > nexushub.com.teradataordbms: Flags [F.], seq 676, ack 528, win 237, options [nop,nop,TS val 7389328 ecr 1094546828], length 0
21:29:30.985551 IP nexushub.com.teradataordbms > master.47462: Flags [.], ack 677, win 237, options [nop,nop,TS val 1094546832 ecr 7389328], length 0
[root@master ~]#

可以看到,docker先从代理nexushub.com拉取镜像,发现没有拉取到,又从docker官方镜像仓库去拉取,由于从国内访问docker官方镜像仓库很慢,导致镜像下载失败了。说明通过本地仓库代理去拉取官方镜像是不通的。

3.2.2 测试docker-hosted本地仓库的push

给3.1节自己创建的本地镜像,重新打个标签:

sh
# 打标签
[root@master ~]# docker tag mysql-client:proxy nexushub.com:8002/mysql-client:hosted

# 查看本地镜像
[root@master ~]# docker images|grep mysql
nexushub.com:8002/mysql-client   hosted    f326dd608a3f   2 days ago    41.1MB
mysql-client                     proxy     f326dd608a3f   2 days ago    41.1MB
nexushub.com:8001/mysql-client   proxy     f326dd608a3f   2 days ago    41.1MB
[root@master ~]#

尝试push推送到本地仓库:

sh
# 第一次登陆时,需要输入用户名和密码
[root@master ~]# docker login http://nexushub.com:8002
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@master ~]#

# 再次登陆的话,就会用之前保存的认证信息
[root@master ~]# docker login http://nexushub.com:8002
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

# 尝试推送本地镜像到nexushub.com本地仓库
[root@master ~]# docker push nexushub.com:8002/mysql-client:hosted
The push refers to repository [nexushub.com:8002/mysql-client]
55af1c19d0db: Pushed
89ae5c4ee501: Pushed
hosted: digest: sha256:55ff0eed604c1ed42c18455a1ac3ba6fbd10a44cc7e6b489bb48d2e6a4d5ad01 size: 739
[root@master ~]#

可以看到,正常推送到远程仓库了。

此时,在Nexus Browse浏览器中,可以看到docker-hosted仓库中已经有blob对象数据了:

此时,尝试pull拉取刚才上传的镜像:

sh
# 直接拉取,此时会docker官方镜像仓库拉取镜像
# 因为这个镜像是在我们自己的nexushub.com本地仓库,并不在官方镜像仓库
# 可以看到拉取失败
[root@master ~]# docker pull mysql-client:hosted
Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled (Client.Timeout exceeded while awaiting headers)

# 查看当前存在哪些镜像
[root@master ~]# docker images
REPOSITORY                       TAG       IMAGE ID       CREATED       SIZE
mysql-client                     proxy     f326dd608a3f   2 days ago    41.1MB
nexushub.com:8001/mysql-client   proxy     f326dd608a3f   2 days ago    41.1MB
nexushub.com:8002/mysql-client   hosted    f326dd608a3f   2 days ago    41.1MB
alpine                           3.19      f8c20f8bbcb6   7 weeks ago   7.38MB
alpine                           3.9       78a2ce922f86   3 years ago   5.55MB

# 将我们刚才本地打标签的镜像删除掉
[root@master ~]# docker rmi nexushub.com:8002/mysql-client:hosted
Untagged: nexushub.com:8002/mysql-client:hosted
Untagged: nexushub.com:8002/mysql-client@sha256:55ff0eed604c1ed42c18455a1ac3ba6fbd10a44cc7e6b489bb48d2e6a4d5ad01

# 查看当前存在哪些镜像
[root@master ~]# docker images
REPOSITORY                       TAG       IMAGE ID       CREATED       SIZE
mysql-client                     proxy     f326dd608a3f   2 days ago    41.1MB
nexushub.com:8001/mysql-client   proxy     f326dd608a3f   2 days ago    41.1MB
alpine                           3.19      f8c20f8bbcb6   7 weeks ago   7.38MB
alpine                           3.9       78a2ce922f86   3 years ago   5.55MB


# 带上域名,再次从nexushub.com本地仓库拉取镜像
# 可以看到,正常拉取下来镜像
[root@master ~]# docker pull nexushub.com:8002/mysql-client:hosted
hosted: Pulling from mysql-client
Digest: sha256:55ff0eed604c1ed42c18455a1ac3ba6fbd10a44cc7e6b489bb48d2e6a4d5ad01
Status: Downloaded newer image for nexushub.com:8002/mysql-client:hosted
nexushub.com:8002/mysql-client:hosted

# 再次查看镜像信息
# 可以看到,新下载的镜像ID也是f326dd608a3f,与之前我们本地创建的镜像的ID是一样的
[root@master ~]# docker images
REPOSITORY                       TAG       IMAGE ID       CREATED       SIZE
mysql-client                     proxy     f326dd608a3f   2 days ago    41.1MB
nexushub.com:8001/mysql-client   proxy     f326dd608a3f   2 days ago    41.1MB
nexushub.com:8002/mysql-client   hosted    f326dd608a3f   2 days ago    41.1MB
alpine                           3.19      f8c20f8bbcb6   7 weeks ago   7.38MB
alpine                           3.9       78a2ce922f86   3 years ago   5.55MB
[root@master ~]#

通过以上实验,可以看到在docker中配置docker-hosted作为加速源,只能正常pull nexus本地仓库中存在的镜像,并且可以push推送镜像到nexus本地仓库中。

3.3 测试docker-group聚合仓库

像上一节一样修改/etc/docker/daemon.json配置文件,并重启docker服务:

sh
[root@master ~]# cat /etc/docker/daemon.json
{
    "insecure-registries":[
        "nexushub.com:8003"
    ],
    "registry-mirrors":[
        "http://nexushub.com:8003"
    ],
    "data-root": "/data/docker"
}
[root@master ~]# systemctl restart docker
[root@master ~]# docker info|tail -n 6
  nexushub.com:8003
  127.0.0.0/8
 Registry Mirrors:
  http://nexushub.com:8003/
 Live Restore Enabled: false

[root@master ~]#

3.3.1 测试docker-group聚合仓库的pull

3.3.1.1 拉取docker官方仓库中的镜像

拉取代理仓库中不存在的镜像:

sh
# 查看本地镜像
[root@master ~]# docker images
REPOSITORY                       TAG       IMAGE ID       CREATED       SIZE
mysql-client                     proxy     f326dd608a3f   2 days ago    41.1MB
nexushub.com:8001/mysql-client   proxy     f326dd608a3f   2 days ago    41.1MB
nexushub.com:8002/mysql-client   hosted    f326dd608a3f   2 days ago    41.1MB
alpine                           3.19      f8c20f8bbcb6   7 weeks ago   7.38MB
alpine                           3.9       78a2ce922f86   3 years ago   5.55MB

# 拉取新版本的镜像
# 可以看到,很快就拉取下来了
[root@master ~]# docker pull alpine:3.16
3.16: Pulling from library/alpine
070eb51debd9: Pull complete
Digest: sha256:e4cdb7d47b06ba0a062ad2a97a7d154967c8f83934594d9f2bd3efa89292996b
Status: Downloaded newer image for alpine:3.16
docker.io/library/alpine:3.16

# 再次查看本地镜像
[root@master ~]# docker images
REPOSITORY                       TAG       IMAGE ID       CREATED       SIZE
mysql-client                     proxy     f326dd608a3f   2 days ago    41.1MB
nexushub.com:8001/mysql-client   proxy     f326dd608a3f   2 days ago    41.1MB
nexushub.com:8002/mysql-client   hosted    f326dd608a3f   2 days ago    41.1MB
alpine                           3.19      f8c20f8bbcb6   7 weeks ago   7.38MB
alpine                           3.16      e525c930fe75   8 weeks ago   5.54MB
alpine                           3.9       78a2ce922f86   3 years ago   5.55MB
[root@master ~]#

在Nexus Browse浏览器中,可以看到docker-group仓库中已经有blob对象数据了:

该仓库中包含了docker-proxy代理仓库下载的镜像。

3.3.1.2 拉取nexus-hosted仓库中的镜像

我们上一节手动上传了一个镜像到nexus-hosted本地仓库中,我们尝试下载这个镜像:

sh
[root@master ~]# docker pull nexushub.com:8003/mysql-client:hosted
hosted: Pulling from mysql-client
Digest: sha256:55ff0eed604c1ed42c18455a1ac3ba6fbd10a44cc7e6b489bb48d2e6a4d5ad01
Status: Downloaded newer image for nexushub.com:8003/mysql-client:hosted
nexushub.com:8003/mysql-client:hosted
[root@master ~]# docker images
REPOSITORY                       TAG       IMAGE ID       CREATED       SIZE
mysql-client                     proxy     f326dd608a3f   2 days ago    41.1MB
nexushub.com:8001/mysql-client   proxy     f326dd608a3f   2 days ago    41.1MB
nexushub.com:8002/mysql-client   hosted    f326dd608a3f   2 days ago    41.1MB
nexushub.com:8003/mysql-client   hosted    f326dd608a3f   2 days ago    41.1MB
alpine                           3.19      f8c20f8bbcb6   7 weeks ago   7.38MB
alpine                           3.16      e525c930fe75   8 weeks ago   5.54MB
alpine                           3.9       78a2ce922f86   3 years ago   5.55MB
[root@master ~]#

可以看到,此时使用的8003端口代理,同样能拉取mysql-client:hosted镜像下来。

通过以下两次拉取镜像可以看到,使用docker-group聚合仓库,可以拉取docker官方镜像和自己上传到docker-hosted仓库中的私有镜像。

3.3.2 测试docker-group聚合仓库的push

像3.2节一样,打镜像标签,登陆远程仓库,然后执行push推送:

sh
# 登陆聚合仓库
[root@master ~]# docker login http://nexushub.com:8003
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

# 重新打标签
[root@master ~]# docker tag mysql-client:proxy nexushub.com:8003/mysql-client:group

# 查看本地镜像
[root@master ~]# docker images
REPOSITORY                       TAG       IMAGE ID       CREATED       SIZE
nexushub.com:8001/mysql-client   proxy     f326dd608a3f   2 days ago    41.1MB
nexushub.com:8002/mysql-client   hosted    f326dd608a3f   2 days ago    41.1MB
nexushub.com:8003/mysql-client   group     f326dd608a3f   2 days ago    41.1MB
nexushub.com:8003/mysql-client   hosted    f326dd608a3f   2 days ago    41.1MB
mysql-client                     proxy     f326dd608a3f   2 days ago    41.1MB
alpine                           3.19      f8c20f8bbcb6   7 weeks ago   7.38MB
alpine                           3.16      e525c930fe75   8 weeks ago   5.54MB
alpine                           3.9       78a2ce922f86   3 years ago   5.55MB

# 尝试推送到远程仓库
[root@master ~]# docker push nexushub.com:8003/mysql-client:group
The push refers to repository [nexushub.com:8003/mysql-client]
55af1c19d0db: Layer already exists
89ae5c4ee501: Layer already exists
denied: Deploying to groups is a PRO-licensed feature. See https://links.sonatype.com/product-nexus-repository
[root@master ~]#

可以看到,提示异常"denied: Deploying to groups is a PRO-licensed feature. See https://links.sonatype.com/product-nexus-repository" 权限拒绝,部署到组需要PRO许可。

即要专业版才让朝聚合仓库里面推送镜像,我们简单看下官方的报价:

即,如果你有50个用户,那一个用户一个月要127美元!按 2024-01-26 的汇率,每个月约要911.39元。

看看免费版和专业版的区别:

可以看到,免费版不支持高可用、不支持朝NPM仓库和docker聚合仓库推送。我自己测试,不想花钱。

通过以上几节验证,可以知道三种类型的仓库支持的docker镜像正如规划时的一样:

仓库类型仓库名称HTTP端口号HTTPS端口号支持docker操作
proxy代理仓库docker-proxy8001不设置pull
hosted本地仓库docker-hosted8002不设置pull、push
group聚合仓库docker-group8003不设置pull

本首页参考 https://notes.fe-mm.com/ 配置而成