1

I have created my private docker registry running on localhost:5000/v1 but it does not provide authentication, How to have username and password so that only authorized users can push an image to it.

I am also not able to list all the images present in private registry, all document says running below command will list it localhost:5000/v1/search but it gives a blank json response as:

{
  "num_results": 0, 
  "query": "", 
  "results": []
}

How to resolve this?

Thanks, Yash

Michael Lihs
  • 7,460
  • 17
  • 52
  • 85
priyank
  • 857
  • 2
  • 18
  • 35

2 Answers2

2

An answer to your first question: You need to use something like nginx in front of the registry to do the actual password authentication. There are example nginx configuration files for pre-1.3.9 nginx and later versions in the Docker Registry Github repo for wrapping the registry with nginx; there is more information on authentication configuration on the nginx wiki.

bskaggs
  • 1,374
  • 2
  • 12
  • 24
  • Hi Thankyou so much for the response, I had a look at nginx.conf file within my private registry. how it helps here for authentication? I tried creating user account by "docker login ", it allows me to create account but I am not able to make how it is getting used because push and pull works fine without any username and password required. Would be great if you can help. – priyank Sep 18 '14 at 09:12
0

You can use htpasswd to setup a login with dockers registry image. However, I don't believe they have implemented a search function in this image yet. To create a user, I have the following script:

#!/bin/sh

usage() { echo "$0 user"; exit 1; }

if [ $# -ne 1 ]; then
  usage
fi

user=$1

cd `dirname $0`

if [ ! -d "auth" ]; then
  mkdir -p auth
fi

chmod 666 auth/htpasswd
docker run --rm -it \
  -v `pwd`/auth:/auth \
  --entrypoint htpasswd registry:2 -B /auth/htpasswd $user
chmod 444 auth/htpasswd

Then to run the registry, I use the following script (from the same folder):

#!/bin/sh

cd `dirname $0`

docker run -d -p 5000:5000 --restart=always --name registry \
  -v `pwd`/certs:/certs:ro \
  -v `pwd`/auth/htpasswd:/auth/htpasswd:ro \
  -v `pwd`/registry:/var/lib/registry \
  -e "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/host-cert.pem" \
  -e "REGISTRY_HTTP_TLS_KEY=/certs/host-key.pem" \
  -e "REGISTRY_AUTH=htpasswd" \
  -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
  -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" \
  -e "REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry" \
  registry:2

Note that I'm also using TLS certificates in the above under the certs directory. You can create these with openssl commands (same ones used for securing the docker daemon socket).

BMitch
  • 231,797
  • 42
  • 475
  • 450