2
docker registry
saces edited this page 2021-01-07 13:32:49 +01:00
Table of Contents
Docker registry
Working with docker/drone a registry comes handy, so set one up. Adding some auth is also a good idea: https://github.com/cesanta/docker_auth
Since this lightwight setup has no gui, a tool for browsing the registry: https://github.com/mayflower/docker-ls
Sample configuration files for registry+auth
docker-compose.yml
version: '3'
services:
dockerauth:
image: cesanta/docker_auth:latest
ports:
- "5001:5001"
volumes:
- ./auth/config:/config:ro
- ./auth/logs:/logs
- ./auth/ssl:/ssl
command: /config/auth_config.yml
restart: always
registry:
image: registry:2
ports:
- "5000:5000"
volumes:
- ./registry/data:/var/lib/registry
- ./auth/ssl:/ssl
restart: always
environment:
- REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry
- REGISTRY_AUTH=token
- REGISTRY_AUTH_TOKEN_REALM=https://registry
- REGISTRY_AUTH_TOKEN_SERVICE="Docker registry"
- REGISTRY_AUTH_TOKEN_ISSUER="Auth Service"
- REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/ssl/fullchain.pem
auth_config.yml
server:
addr: ":5001"
token:
issuer: "Auth Service" # Must match issuer in the Registry config.
expiration: 900
certificate: "/ssl/fullchain.pem"
key: "/ssl/privkey.pem"
users:
# Password is specified as a BCrypt hash. Use `htpasswd -nB USERNAME` to generate.
"admin":
password: "$2y$05$LO.vzwpWC5LZGqThvEfznu8qhb5SGqvBSWY1J3yZ4AxtMRZ3kN5jC" # badmin
"test":
password: "$2y$05$WuwBasGDAgr.QCbGIjKJaep4dhxeai9gNZdmBnQXqpKly57oNutya" # 123
"": {} # Allow anonymous (no "docker login") access.
acl:
- match: {account: "admin"}
actions: ["*"]
comment: "Admin has full access to everything."
- match: {account: "test"}
actions: ["*"]
comment: "User can do stuff."
- match: {account: ""}
actions: ["pull"]
comment: "Anonymous users can pull."