CODEWITHSUNDEEP
dockerdockerhub
priyank
priyank

Reputation: 887

docker private registry user creation

I have created my private docker registry running on localhost:5000/v1 but it does not provide authentication, How to have username and password so that only authorized users can push an image to it.

I am also not able to list all the images present in private registry, all document says running below command will list it localhost:5000/v1/search but it gives a blank json response as:

{
  "num_results": 0, 
  "query": "", 
  "results": []
}

How to resolve this?

Thanks, Yash

Upvotes: 1

Views: 3173

Answers (2)

BMitch
BMitch

Reputation: 263636

You can use htpasswd to setup a login with dockers registry image. However, I don't believe they have implemented a search function in this image yet. To create a user, I have the following script:

#!/bin/sh

usage() { echo "$0 user"; exit 1; }

if [ $# -ne 1 ]; then
  usage
fi

user=$1

cd `dirname $0`

if [ ! -d "auth" ]; then
  mkdir -p auth
fi

chmod 666 auth/htpasswd
docker run --rm -it \
  -v `pwd`/auth:/auth \
  --entrypoint htpasswd registry:2 -B /auth/htpasswd $user
chmod 444 auth/htpasswd

Then to run the registry, I use the following script (from the same folder):

#!/bin/sh

cd `dirname $0`

docker run -d -p 5000:5000 --restart=always --name registry \
  -v `pwd`/certs:/certs:ro \
  -v `pwd`/auth/htpasswd:/auth/htpasswd:ro \
  -v `pwd`/registry:/var/lib/registry \
  -e "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/host-cert.pem" \
  -e "REGISTRY_HTTP_TLS_KEY=/certs/host-key.pem" \
  -e "REGISTRY_AUTH=htpasswd" \
  -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
  -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" \
  -e "REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry" \
  registry:2

Note that I'm also using TLS certificates in the above under the certs directory. You can create these with openssl commands (same ones used for securing the docker daemon socket).

Upvotes: 0

bskaggs
bskaggs

Reputation: 1494

An answer to your first question: You need to use something like nginx in front of the registry to do the actual password authentication. There are example nginx configuration files for pre-1.3.9 nginx and later versions in the Docker Registry Github repo for wrapping the registry with nginx; there is more information on authentication configuration on the nginx wiki.

Upvotes: 2

Related Questions