some notes for docker registry
parent
9cbb83d591
commit
829f8fb1e5
15
_Sidebar.md
15
_Sidebar.md
@ -1,10 +1,5 @@
|
||||
[Home](Home)
|
||||
|
||||
|
||||
[Setup stuff](setup)
|
||||
|
||||
|
||||
[Docker](docker)
|
||||
|
||||
|
||||
[OS Chooser](oschooser)
|
||||
- [Home](Home)
|
||||
- [Setup stuff](setup)
|
||||
- [Docker](docker)
|
||||
- [Docker registry](docker-registry)
|
||||
- [OS Chooser](oschooser)
|
||||
|
72
docker-registry.md
Normal file
72
docker-registry.md
Normal file
@ -0,0 +1,72 @@
|
||||
## Docker registry
|
||||
|
||||
|
||||
https://github.com/cesanta/docker_auth
|
||||
|
||||
https://github.com/mayflower/docker-ls
|
||||
|
||||
|
||||
docker-compose.yml
|
||||
~~~
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
dockerauth:
|
||||
image: cesanta/docker_auth:latest
|
||||
ports:
|
||||
- "5001:5001"
|
||||
volumes:
|
||||
- ./auth/config:/config:ro
|
||||
- ./auth/logs:/logs
|
||||
- ./auth/ssl:/ssl
|
||||
command: /config/auth_config.yml
|
||||
restart: always
|
||||
|
||||
registry:
|
||||
image: registry:2
|
||||
ports:
|
||||
- "5000:5000"
|
||||
volumes:
|
||||
- ./registry/data:/var/lib/registry
|
||||
- ./auth/ssl:/ssl
|
||||
restart: always
|
||||
environment:
|
||||
- REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry
|
||||
- REGISTRY_AUTH=token
|
||||
- REGISTRY_AUTH_TOKEN_REALM=https://registry
|
||||
- REGISTRY_AUTH_TOKEN_SERVICE="Docker registry"
|
||||
- REGISTRY_AUTH_TOKEN_ISSUER="Auth Service"
|
||||
- REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/ssl/fullchain.pem
|
||||
~~~
|
||||
|
||||
auth_config.yml
|
||||
~~~
|
||||
server:
|
||||
addr: ":5001"
|
||||
|
||||
token:
|
||||
issuer: "Auth Service" # Must match issuer in the Registry config.
|
||||
expiration: 900
|
||||
certificate: "/ssl/fullchain.pem"
|
||||
key: "/ssl/privkey.pem"
|
||||
|
||||
users:
|
||||
# Password is specified as a BCrypt hash. Use `htpasswd -nB USERNAME` to generate.
|
||||
"admin":
|
||||
password: "$2y$05$LO.vzwpWC5LZGqThvEfznu8qhb5SGqvBSWY1J3yZ4AxtMRZ3kN5jC" # badmin
|
||||
"test":
|
||||
password: "$2y$05$WuwBasGDAgr.QCbGIjKJaep4dhxeai9gNZdmBnQXqpKly57oNutya" # 123
|
||||
"": {} # Allow anonymous (no "docker login") access.
|
||||
|
||||
acl:
|
||||
- match: {account: "admin"}
|
||||
actions: ["*"]
|
||||
comment: "Admin has full access to everything."
|
||||
- match: {account: "test"}
|
||||
actions: ["*"]
|
||||
comment: "User can do stuff."
|
||||
- match: {account: ""}
|
||||
actions: ["pull"]
|
||||
comment: "Anonymous users can pull."
|
||||
~~~
|
||||
|
Loading…
Reference in New Issue
Block a user