From 829f8fb1e5b2d37953c5016d82167523a67d817b Mon Sep 17 00:00:00 2001 From: saces Date: Thu, 7 Jan 2021 05:38:12 +0100 Subject: [PATCH] some notes for docker registry --- _Sidebar.md | 15 ++++------ docker-registry.md | 72 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 77 insertions(+), 10 deletions(-) create mode 100644 docker-registry.md diff --git a/_Sidebar.md b/_Sidebar.md index 05c804b..269db9f 100644 --- a/_Sidebar.md +++ b/_Sidebar.md @@ -1,10 +1,5 @@ -[Home](Home) - - -[Setup stuff](setup) - - -[Docker](docker) - - -[OS Chooser](oschooser) +- [Home](Home) +- [Setup stuff](setup) +- [Docker](docker) + - [Docker registry](docker-registry) +- [OS Chooser](oschooser) diff --git a/docker-registry.md b/docker-registry.md new file mode 100644 index 0000000..64e1037 --- /dev/null +++ b/docker-registry.md @@ -0,0 +1,72 @@ +## Docker registry + + +https://github.com/cesanta/docker_auth + +https://github.com/mayflower/docker-ls + + +docker-compose.yml +~~~ +version: '3' + +services: + dockerauth: + image: cesanta/docker_auth:latest + ports: + - "5001:5001" + volumes: + - ./auth/config:/config:ro + - ./auth/logs:/logs + - ./auth/ssl:/ssl + command: /config/auth_config.yml + restart: always + + registry: + image: registry:2 + ports: + - "5000:5000" + volumes: + - ./registry/data:/var/lib/registry + - ./auth/ssl:/ssl + restart: always + environment: + - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry + - REGISTRY_AUTH=token + - REGISTRY_AUTH_TOKEN_REALM=https://registry + - REGISTRY_AUTH_TOKEN_SERVICE="Docker registry" + - REGISTRY_AUTH_TOKEN_ISSUER="Auth Service" + - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/ssl/fullchain.pem +~~~ + +auth_config.yml +~~~ +server: + addr: ":5001" + +token: + issuer: "Auth Service" # Must match issuer in the Registry config. + expiration: 900 + certificate: "/ssl/fullchain.pem" + key: "/ssl/privkey.pem" + +users: + # Password is specified as a BCrypt hash. Use `htpasswd -nB USERNAME` to generate. + "admin": + password: "$2y$05$LO.vzwpWC5LZGqThvEfznu8qhb5SGqvBSWY1J3yZ4AxtMRZ3kN5jC" # badmin + "test": + password: "$2y$05$WuwBasGDAgr.QCbGIjKJaep4dhxeai9gNZdmBnQXqpKly57oNutya" # 123 + "": {} # Allow anonymous (no "docker login") access. + +acl: + - match: {account: "admin"} + actions: ["*"] + comment: "Admin has full access to everything." + - match: {account: "test"} + actions: ["*"] + comment: "User can do stuff." + - match: {account: ""} + actions: ["pull"] + comment: "Anonymous users can pull." +~~~ +