Enhancing doc to persist data

Signed-off-by: Olivier Gambier <olivier@docker.com>
This commit is contained in:
Olivier Gambier 2015-06-10 21:05:13 -07:00
parent 6e0cfc17dc
commit 8ed0c66745

View file

@ -8,11 +8,7 @@ IGNORES-->
You obviously need to [install Docker](https://docs.docker.com/installation/) (remember you need **Docker version 1.6.0 or newer**).
## Getting started in 2 lines
Create a folder for your registry data:
$ mkdir registry-data
## Getting started
Start your registry:
@ -30,6 +26,20 @@ Then pull it back:
$ docker pull localhost:5000/batman/ubuntu
## Where is my data?
By default, your registry stores its data on the local filesystem, inside the container.
In a production environment, it's highly recommended to use [another storage backend](https://github.com/docker/distribution/blob/master/docs/storagedrivers.md), by [configuring it](https://github.com/docker/distribution/blob/master/docs/configuration.md#storage).
If you want to stick with the local posix filesystem, you should store your data outside of the container.
This is achieved by mounting a volume into the container:
$ docker run -d -p 5000:5000 \
-e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry \
-v /myregistrydata:/var/lib/registry \
--restart=always --name registry registry:2
## Making your Registry available
@ -40,7 +50,12 @@ Let assume your registry is accessible via the domain name `myregistrydomain.com
If you try to `docker pull myregistrydomain.com:5000/batman/ubuntu`, you will see the following error message:
```
FATA[0000] Error response from daemon: v1 ping attempt failed with error: Get https://myregistrydomain.com:5000/v1/_ping: tls: oversized record received with length 20527. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry myregistrydomain.com:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/myregistrydomain.com:5000/ca.crt
FATA[0000] Error response from daemon: v1 ping attempt failed with error:
Get https://myregistrydomain.com:5000/v1/_ping: tls: oversized record received with length 20527.
If this private registry supports only HTTP or HTTPS with an unknown CA certificate,please add
`--insecure-registry myregistrydomain.com:5000` to the daemon's arguments.
In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag;
simply place the CA certificate at /etc/docker/certs.d/myregistrydomain.com:5000/ca.crt
```
If trying to reach a non `localhost` registry, Docker requires that you secure it using https, or make it explicit that you want to run an insecure registry.
@ -132,9 +147,9 @@ registry:
environment:
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt
REGISTRY_HTTP_TLS_KEY: /certs/domain.key
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /var/lib/registry
volumes:
- /path/registry-data:/data
- /path/registry-data:/var/lib/registry
- /path/certs:/certs
```