Clever Geek Handbook

Create custom docker registry

I created my private docker registry, running on localhost:5000/v1

but not providing authentication. How to get username and password so that only authorized users can click on its image.

I also cannot list all the images present in the private registry and the whole document says that running under the command will display it localhost:5000/v1/search

, but it gives an empty json response like:

{
  "num_results": 0, 
  "query": "", 
  "results": []
}

How do I resolve this?

Thanks, Yash

0


source to share


2 answers


The answer to your first question is, you need to use something like nginx in front of the registry to actually authenticate the password. For example, nginx config files for pre-1.3.9 nginx and later in the Docker Registry Github repo to migrate the registry using nginx; there is more information about authentication configuration on the nginx wiki .



+1


source


You can use htpasswd to set up login with a docker registry image. However, I do not believe they have implemented a search function in this image. To create a user, I have the following script:

#!/bin/sh

usage() { echo "$0 user"; exit 1; }

if [ $# -ne 1 ]; then
  usage
fi

user=$1

cd `dirname $0`

if [ ! -d "auth" ]; then
  mkdir -p auth
fi

chmod 666 auth/htpasswd
docker run --rm -it \
  -v `pwd`/auth:/auth \
  --entrypoint htpasswd registry:2 -B /auth/htpasswd $user
chmod 444 auth/htpasswd

Then I use the following script (from the same folder) to run the registry:



#!/bin/sh

cd `dirname $0`

docker run -d -p 5000:5000 --restart=always --name registry \
  -v `pwd`/certs:/certs:ro \
  -v `pwd`/auth/htpasswd:/auth/htpasswd:ro \
  -v `pwd`/registry:/var/lib/registry \
  -e "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/host-cert.pem" \
  -e "REGISTRY_HTTP_TLS_KEY=/certs/host-key.pem" \
  -e "REGISTRY_AUTH=htpasswd" \
  -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
  -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" \
  -e "REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry" \
  registry:2

Note that I am also using TLS certificates in the above directory in the certs directory. You can create them using openssl commands (the same ones used to secure the docker daemon daemon).

0


source






More articles:


All Articles