some notes for docker registry
parent
9cbb83d591
commit
829f8fb1e5
15
_Sidebar.md
15
_Sidebar.md
@ -1,10 +1,5 @@
|
|||||||
[Home](Home)
|
- [Home](Home)
|
||||||
|
- [Setup stuff](setup)
|
||||||
|
- [Docker](docker)
|
||||||
[Setup stuff](setup)
|
- [Docker registry](docker-registry)
|
||||||
|
- [OS Chooser](oschooser)
|
||||||
|
|
||||||
[Docker](docker)
|
|
||||||
|
|
||||||
|
|
||||||
[OS Chooser](oschooser)
|
|
||||||
|
|||||||
72
docker-registry.md
Normal file
72
docker-registry.md
Normal file
@ -0,0 +1,72 @@
|
|||||||
|
## Docker registry
|
||||||
|
|
||||||
|
|
||||||
|
https://github.com/cesanta/docker_auth
|
||||||
|
|
||||||
|
https://github.com/mayflower/docker-ls
|
||||||
|
|
||||||
|
|
||||||
|
docker-compose.yml
|
||||||
|
~~~
|
||||||
|
version: '3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
dockerauth:
|
||||||
|
image: cesanta/docker_auth:latest
|
||||||
|
ports:
|
||||||
|
- "5001:5001"
|
||||||
|
volumes:
|
||||||
|
- ./auth/config:/config:ro
|
||||||
|
- ./auth/logs:/logs
|
||||||
|
- ./auth/ssl:/ssl
|
||||||
|
command: /config/auth_config.yml
|
||||||
|
restart: always
|
||||||
|
|
||||||
|
registry:
|
||||||
|
image: registry:2
|
||||||
|
ports:
|
||||||
|
- "5000:5000"
|
||||||
|
volumes:
|
||||||
|
- ./registry/data:/var/lib/registry
|
||||||
|
- ./auth/ssl:/ssl
|
||||||
|
restart: always
|
||||||
|
environment:
|
||||||
|
- REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry
|
||||||
|
- REGISTRY_AUTH=token
|
||||||
|
- REGISTRY_AUTH_TOKEN_REALM=https://registry
|
||||||
|
- REGISTRY_AUTH_TOKEN_SERVICE="Docker registry"
|
||||||
|
- REGISTRY_AUTH_TOKEN_ISSUER="Auth Service"
|
||||||
|
- REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/ssl/fullchain.pem
|
||||||
|
~~~
|
||||||
|
|
||||||
|
auth_config.yml
|
||||||
|
~~~
|
||||||
|
server:
|
||||||
|
addr: ":5001"
|
||||||
|
|
||||||
|
token:
|
||||||
|
issuer: "Auth Service" # Must match issuer in the Registry config.
|
||||||
|
expiration: 900
|
||||||
|
certificate: "/ssl/fullchain.pem"
|
||||||
|
key: "/ssl/privkey.pem"
|
||||||
|
|
||||||
|
users:
|
||||||
|
# Password is specified as a BCrypt hash. Use `htpasswd -nB USERNAME` to generate.
|
||||||
|
"admin":
|
||||||
|
password: "$2y$05$LO.vzwpWC5LZGqThvEfznu8qhb5SGqvBSWY1J3yZ4AxtMRZ3kN5jC" # badmin
|
||||||
|
"test":
|
||||||
|
password: "$2y$05$WuwBasGDAgr.QCbGIjKJaep4dhxeai9gNZdmBnQXqpKly57oNutya" # 123
|
||||||
|
"": {} # Allow anonymous (no "docker login") access.
|
||||||
|
|
||||||
|
acl:
|
||||||
|
- match: {account: "admin"}
|
||||||
|
actions: ["*"]
|
||||||
|
comment: "Admin has full access to everything."
|
||||||
|
- match: {account: "test"}
|
||||||
|
actions: ["*"]
|
||||||
|
comment: "User can do stuff."
|
||||||
|
- match: {account: ""}
|
||||||
|
actions: ["pull"]
|
||||||
|
comment: "Anonymous users can pull."
|
||||||
|
~~~
|
||||||
|
|
||||||
Loading…
Reference in New Issue
Block a user