`
sillycat
  • 浏览: 2550976 次
  • 性别: Icon_minigender_1
  • 来自: 成都
社区版块
存档分类
最新评论

Private Registry 2020(1)No auth in registry Nginx AUTH for UI

 
阅读更多
Private Registry 2020(1)No auth in registry Nginx AUTH for UI

Deploy basic registry server
> docker run -d -p 5000:5000 --name registry registry:2

Have it running
> docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
5676dd2a19e0        registry:2          "/entrypoint.sh /etc…"   12 seconds ago      Up 11 seconds       0.0.0.0:5000->5000/tcp   registry

It is running basic config, verify that
> docker pull ubuntu:16.04

Tag the ubuntu to point to our own registry
> docker tag ubuntu:16.04 localhost:5000/c-ubuntu

Push to localhost
> docker push localhost:5000/c-ubuntu

Remove local images
> docker image remove ubuntu:16.04
> docker rmi localhost:5000/c-ubuntu
Finally, we can pull from the remote
> docker pull localhost:5000/c-ubuntu

We can enable the UI https://github.com/Joxit/docker-registry-ui
Run the Docker UI
> docker run -d -p 80:80 -e URL=http://localhost:5000 -e DELETE_IMAGES=true joxit/docker-registry-ui

It will not work because I run 2 docker and use localhost, they can not find each other. Try on my rancher-home virtual box.
>docker run -d -p 5000:5000 --name registry registry:2
>docker run -d -p 80:80 -e URL=http://rancher-home:5000 -e DELETE_IMAGES=true joxit/docker-registry-ui

It is not working because of the CORS. Try add settings for registry
Prepare the Password configuration
> docker run --entrypoint htpasswd registry:2 -Bbn sillycat ‘password' > conf/htpasswd

Try this
> docker run -d -p 80:80 -e REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin="*" -e URL=http://rancher-home:5000 -e DELETE_IMAGES=true joxit/docker-registry-ui

Visit page with username and password is working fine
http://admin:admin~!%40@rancher-home:5000/v2/_catalog?n=100000


Try this
> docker tag ubuntu:16.04 192.168.56.110:5000/a-ubuntu

> docker push 192.168.56.110:5000/a-ubuntu
The push refers to repository [192.168.56.110:5000/a-ubuntu]
Get https://192.168.56.110:5000/v2/: http: server gave HTTP response to HTTPS client

Solution:
https://github.com/docker/distribution/issues/1874

Check this file and add our website there
> cat /etc/docker/daemon.json
{
"insecure-registries": [
"192.168.56.110:8088",
"192.168.56.111:8088",
"192.168.56.112:8088",
"rancher-worker1:8088",
"rancher-worker2:8088",
"rancher-home:8088",
"159.89.253.84:80",
"10.132.242.85:8088"
]
}

Restart the service
> sudo systemctl restart docker.service

It works pretty well now
> docker tag ubuntu:16.04 rancher-home:5000/b-ubuntu
> docker push rancher-home:5000/b-ubuntu

Make it working with Nginx Authentication
>docker run -d -p 5001:80 -e REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin="*" -e URL=http://rancher-home:5000 -e DELETE_IMAGES=true joxit/docker-registry-ui

> docker run -d -p 5001:80 -e REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin="*" -e URL=http://rancher-home:5000 -e REGISTRY_URL=http://rancher-home:5000 -e NGINX_PROXY_HEADER_X_Forwarded_For=$$proxy_add_x_forwarded_for -e DELETE_IMAGES=true joxit/docker-registry-ui

NGINX_PROXY_HEADER_Authorization=Basic cmVnaXN0cnk6dWk=

We can try this as well.
    upstream registry {
server localhost:5001;
    }
        location /registry/ {
    proxy_http_version 1.1;
    proxy_set_header Connection "";
    proxy_pass http://registry/;
}

Working Makefile for registry
PORT=5000

IMAGE=registry
TAG=2
NAME=docker-registry-$(PORT)

#-v $(shell pwd)/conf/htpasswd:/etc/docker/registry/htpasswd \
run:
    docker run \
    -d \
    -p $(PORT):5000 \
    -v $(shell pwd)/registry:/var/lib/registry \
    -v $(shell pwd)/conf/config.yml:/etc/docker/registry/config.yml \
    --name $(NAME) \
    $(IMAGE):$(TAG)

clean:
    docker stop ${NAME}
    docker rm ${NAME}

Configuration for no auth registry in conf/config.yml
version: 0.1
log:
  fields:
    service: registry
storage:
  delete:
    enabled: true
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
    Access-Control-Allow-Origin: ['*']
    Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
    Access-Control-Expose-Headers: ['Docker-Content-Digest']
    #Access-Control-Allow-Origin: ['http://rancher-home']
    #Access-Control-Allow-Headers: ['Authorization']
    #Access-Control-Max-Age: [1728000]
    #Access-Control-Allow-Credentials: [true]
#auth:
#  htpasswd:
#    realm: basic-realm
#    path: /etc/docker/registry/htpasswd


References:
https://docs.docker.com/registry/deploying/
https://github.com/Quiq/docker-registry-ui
https://github.com/mkuchin/docker-registry-web
https://github.com/Joxit/docker-registry-ui
https://github.com/Joxit/docker-registry-ui/blob/master/examples/proxy-headers/docker-compose.yml
分享到:
评论

相关推荐

Global site tag (gtag.js) - Google Analytics