sillycat
- 浏览: 2571950 次
- 性别:
- 来自: 成都
-
文章分类
最新评论
-
nation:
你好,在部署Mesos+Spark的运行环境时,出现一个现象, ...
Spark(4)Deal with Mesos -
sillycat:
AMAZON Relatedhttps://www.godad ...
AMAZON API Gateway(2)Client Side SSL with NGINX -
sillycat:
sudo usermod -aG docker ec2-use ...
Docker and VirtualBox(1)Set up Shared Disk for Virtual Box -
sillycat:
Every Half an Hour30 * * * * /u ...
Build Home NAS(3)Data Redundancy -
sillycat:
3 List the Cron Job I Have>c ...
Build Home NAS(3)Data Redundancy
Private Registry 2020(1)No auth in registry Nginx AUTH for UI
Deploy basic registry server
> docker run -d -p 5000:5000 --name registry registry:2
Have it running
> docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5676dd2a19e0 registry:2 "/entrypoint.sh /etc…" 12 seconds ago Up 11 seconds 0.0.0.0:5000->5000/tcp registry
It is running basic config, verify that
> docker pull ubuntu:16.04
Tag the ubuntu to point to our own registry
> docker tag ubuntu:16.04 localhost:5000/c-ubuntu
Push to localhost
> docker push localhost:5000/c-ubuntu
Remove local images
> docker image remove ubuntu:16.04
> docker rmi localhost:5000/c-ubuntu
Finally, we can pull from the remote
> docker pull localhost:5000/c-ubuntu
We can enable the UI https://github.com/Joxit/docker-registry-ui
Run the Docker UI
> docker run -d -p 80:80 -e URL=http://localhost:5000 -e DELETE_IMAGES=true joxit/docker-registry-ui
It will not work because I run 2 docker and use localhost, they can not find each other. Try on my rancher-home virtual box.
>docker run -d -p 5000:5000 --name registry registry:2
>docker run -d -p 80:80 -e URL=http://rancher-home:5000 -e DELETE_IMAGES=true joxit/docker-registry-ui
It is not working because of the CORS. Try add settings for registry
Prepare the Password configuration
> docker run --entrypoint htpasswd registry:2 -Bbn sillycat ‘password' > conf/htpasswd
Try this
> docker run -d -p 80:80 -e REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin="*" -e URL=http://rancher-home:5000 -e DELETE_IMAGES=true joxit/docker-registry-ui
Visit page with username and password is working fine
http://admin:admin~!%40@rancher-home:5000/v2/_catalog?n=100000
Try this
> docker tag ubuntu:16.04 192.168.56.110:5000/a-ubuntu
> docker push 192.168.56.110:5000/a-ubuntu
The push refers to repository [192.168.56.110:5000/a-ubuntu]
Get https://192.168.56.110:5000/v2/: http: server gave HTTP response to HTTPS client
Solution:
https://github.com/docker/distribution/issues/1874
Check this file and add our website there
> cat /etc/docker/daemon.json
{
"insecure-registries": [
"192.168.56.110:8088",
"192.168.56.111:8088",
"192.168.56.112:8088",
"rancher-worker1:8088",
"rancher-worker2:8088",
"rancher-home:8088",
"159.89.253.84:80",
"10.132.242.85:8088"
]
}
Restart the service
> sudo systemctl restart docker.service
It works pretty well now
> docker tag ubuntu:16.04 rancher-home:5000/b-ubuntu
> docker push rancher-home:5000/b-ubuntu
Make it working with Nginx Authentication
>docker run -d -p 5001:80 -e REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin="*" -e URL=http://rancher-home:5000 -e DELETE_IMAGES=true joxit/docker-registry-ui
> docker run -d -p 5001:80 -e REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin="*" -e URL=http://rancher-home:5000 -e REGISTRY_URL=http://rancher-home:5000 -e NGINX_PROXY_HEADER_X_Forwarded_For=$$proxy_add_x_forwarded_for -e DELETE_IMAGES=true joxit/docker-registry-ui
NGINX_PROXY_HEADER_Authorization=Basic cmVnaXN0cnk6dWk=
We can try this as well.
upstream registry {
server localhost:5001;
}
location /registry/ {
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_pass http://registry/;
}
Working Makefile for registry
PORT=5000
IMAGE=registry
TAG=2
NAME=docker-registry-$(PORT)
#-v $(shell pwd)/conf/htpasswd:/etc/docker/registry/htpasswd \
run:
docker run \
-d \
-p $(PORT):5000 \
-v $(shell pwd)/registry:/var/lib/registry \
-v $(shell pwd)/conf/config.yml:/etc/docker/registry/config.yml \
--name $(NAME) \
$(IMAGE):$(TAG)
clean:
docker stop ${NAME}
docker rm ${NAME}
Configuration for no auth registry in conf/config.yml
version: 0.1
log:
fields:
service: registry
storage:
delete:
enabled: true
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
Access-Control-Allow-Origin: ['*']
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
Access-Control-Expose-Headers: ['Docker-Content-Digest']
#Access-Control-Allow-Origin: ['http://rancher-home']
#Access-Control-Allow-Headers: ['Authorization']
#Access-Control-Max-Age: [1728000]
#Access-Control-Allow-Credentials: [true]
#auth:
# htpasswd:
# realm: basic-realm
# path: /etc/docker/registry/htpasswd
References:
https://docs.docker.com/registry/deploying/
https://github.com/Quiq/docker-registry-ui
https://github.com/mkuchin/docker-registry-web
https://github.com/Joxit/docker-registry-ui
https://github.com/Joxit/docker-registry-ui/blob/master/examples/proxy-headers/docker-compose.yml
Deploy basic registry server
> docker run -d -p 5000:5000 --name registry registry:2
Have it running
> docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5676dd2a19e0 registry:2 "/entrypoint.sh /etc…" 12 seconds ago Up 11 seconds 0.0.0.0:5000->5000/tcp registry
It is running basic config, verify that
> docker pull ubuntu:16.04
Tag the ubuntu to point to our own registry
> docker tag ubuntu:16.04 localhost:5000/c-ubuntu
Push to localhost
> docker push localhost:5000/c-ubuntu
Remove local images
> docker image remove ubuntu:16.04
> docker rmi localhost:5000/c-ubuntu
Finally, we can pull from the remote
> docker pull localhost:5000/c-ubuntu
We can enable the UI https://github.com/Joxit/docker-registry-ui
Run the Docker UI
> docker run -d -p 80:80 -e URL=http://localhost:5000 -e DELETE_IMAGES=true joxit/docker-registry-ui
It will not work because I run 2 docker and use localhost, they can not find each other. Try on my rancher-home virtual box.
>docker run -d -p 5000:5000 --name registry registry:2
>docker run -d -p 80:80 -e URL=http://rancher-home:5000 -e DELETE_IMAGES=true joxit/docker-registry-ui
It is not working because of the CORS. Try add settings for registry
Prepare the Password configuration
> docker run --entrypoint htpasswd registry:2 -Bbn sillycat ‘password' > conf/htpasswd
Try this
> docker run -d -p 80:80 -e REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin="*" -e URL=http://rancher-home:5000 -e DELETE_IMAGES=true joxit/docker-registry-ui
Visit page with username and password is working fine
http://admin:admin~!%40@rancher-home:5000/v2/_catalog?n=100000
Try this
> docker tag ubuntu:16.04 192.168.56.110:5000/a-ubuntu
> docker push 192.168.56.110:5000/a-ubuntu
The push refers to repository [192.168.56.110:5000/a-ubuntu]
Get https://192.168.56.110:5000/v2/: http: server gave HTTP response to HTTPS client
Solution:
https://github.com/docker/distribution/issues/1874
Check this file and add our website there
> cat /etc/docker/daemon.json
{
"insecure-registries": [
"192.168.56.110:8088",
"192.168.56.111:8088",
"192.168.56.112:8088",
"rancher-worker1:8088",
"rancher-worker2:8088",
"rancher-home:8088",
"159.89.253.84:80",
"10.132.242.85:8088"
]
}
Restart the service
> sudo systemctl restart docker.service
It works pretty well now
> docker tag ubuntu:16.04 rancher-home:5000/b-ubuntu
> docker push rancher-home:5000/b-ubuntu
Make it working with Nginx Authentication
>docker run -d -p 5001:80 -e REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin="*" -e URL=http://rancher-home:5000 -e DELETE_IMAGES=true joxit/docker-registry-ui
> docker run -d -p 5001:80 -e REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin="*" -e URL=http://rancher-home:5000 -e REGISTRY_URL=http://rancher-home:5000 -e NGINX_PROXY_HEADER_X_Forwarded_For=$$proxy_add_x_forwarded_for -e DELETE_IMAGES=true joxit/docker-registry-ui
NGINX_PROXY_HEADER_Authorization=Basic cmVnaXN0cnk6dWk=
We can try this as well.
upstream registry {
server localhost:5001;
}
location /registry/ {
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_pass http://registry/;
}
Working Makefile for registry
PORT=5000
IMAGE=registry
TAG=2
NAME=docker-registry-$(PORT)
#-v $(shell pwd)/conf/htpasswd:/etc/docker/registry/htpasswd \
run:
docker run \
-d \
-p $(PORT):5000 \
-v $(shell pwd)/registry:/var/lib/registry \
-v $(shell pwd)/conf/config.yml:/etc/docker/registry/config.yml \
--name $(NAME) \
$(IMAGE):$(TAG)
clean:
docker stop ${NAME}
docker rm ${NAME}
Configuration for no auth registry in conf/config.yml
version: 0.1
log:
fields:
service: registry
storage:
delete:
enabled: true
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
Access-Control-Allow-Origin: ['*']
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
Access-Control-Expose-Headers: ['Docker-Content-Digest']
#Access-Control-Allow-Origin: ['http://rancher-home']
#Access-Control-Allow-Headers: ['Authorization']
#Access-Control-Max-Age: [1728000]
#Access-Control-Allow-Credentials: [true]
#auth:
# htpasswd:
# realm: basic-realm
# path: /etc/docker/registry/htpasswd
References:
https://docs.docker.com/registry/deploying/
https://github.com/Quiq/docker-registry-ui
https://github.com/mkuchin/docker-registry-web
https://github.com/Joxit/docker-registry-ui
https://github.com/Joxit/docker-registry-ui/blob/master/examples/proxy-headers/docker-compose.yml
分享到:
发表评论
-
Update Site will come soon
2021-06-02 04:10 1703I am still keep notes my tech n ... -
Stop Update Here
2020-04-28 09:00 336I will stop update here, and mo ... -
NodeJS12 and Zlib
2020-04-01 07:44 499NodeJS12 and Zlib It works as ... -
Docker Swarm 2020(2)Docker Swarm and Portainer
2020-03-31 23:18 386Docker Swarm 2020(2)Docker Swar ... -
Docker Swarm 2020(1)Simply Install and Use Swarm
2020-03-31 07:58 388Docker Swarm 2020(1)Simply Inst ... -
Traefik 2020(1)Introduction and Installation
2020-03-29 13:52 357Traefik 2020(1)Introduction and ... -
Portainer 2020(4)Deploy Nginx and Others
2020-03-20 12:06 445Portainer 2020(4)Deploy Nginx a ... -
Docker Compose 2020(1)Installation and Basic
2020-03-15 08:10 397Docker Compose 2020(1)Installat ... -
VPN Server 2020(2)Docker on CentOS in Ubuntu
2020-03-02 08:04 483VPN Server 2020(2)Docker on Cen ... -
Buffer in NodeJS 12 and NodeJS 8
2020-02-25 06:43 407Buffer in NodeJS 12 and NodeJS ... -
NodeJS ENV Similar to JENV and PyENV
2020-02-25 05:14 501NodeJS ENV Similar to JENV and ... -
Prometheus HA 2020(3)AlertManager Cluster
2020-02-24 01:47 443Prometheus HA 2020(3)AlertManag ... -
Serverless with NodeJS and TencentCloud 2020(5)CRON and Settings
2020-02-24 01:46 348Serverless with NodeJS and Tenc ... -
GraphQL 2019(3)Connect to MySQL
2020-02-24 01:48 264GraphQL 2019(3)Connect to MySQL ... -
GraphQL 2019(2)GraphQL and Deploy to Tencent Cloud
2020-02-24 01:48 463GraphQL 2019(2)GraphQL and Depl ... -
GraphQL 2019(1)Apollo Basic
2020-02-19 01:36 340GraphQL 2019(1)Apollo Basic Cl ... -
Serverless with NodeJS and TencentCloud 2020(4)Multiple Handlers and Running wit
2020-02-19 01:19 323Serverless with NodeJS and Tenc ... -
Serverless with NodeJS and TencentCloud 2020(3)Build Tree and Traverse Tree
2020-02-19 01:19 335Serverless with NodeJS and Tenc ... -
Serverless with NodeJS and TencentCloud 2020(2)Trigger SCF in SCF
2020-02-19 01:18 307Serverless with NodeJS and Tenc ... -
Serverless with NodeJS and TencentCloud 2020(1)Running with Component
2020-02-19 01:17 324Serverless with NodeJS and Tenc ...
相关推荐
docker-nginx-auth-registry通过nginx对私有仓库的安全认证1.在宿主机上用htpasswd生成用户名和密码,作为nginx basic auth 的用户名和密码htpasswd -b -c -d docker-registry.htpasswd kiss test2.在宿主机上做好...
Docker Registry 2身份验证服务器原始Docker Registry服务器(v1)不提供对身份验证或授权的任何支持。 访问控制必须在外部执行,通常是通过具有基本身份验证或其他类型身份验证的反向代理模式部署Nginx。 尽管执行...
1. `nginx.conf`:这是Nginx的主要配置文件,其中会包含一个或多个server块,用于定义监听的端口和如何处理特定域名或IP的请求。在与Verdaccio集成时,你需要配置一个server块,将所有指向npm仓库的请求代理到运行...
* Harbor的架构包括Registry v2、Docker client、Nginx、API、Harbor Browser、Auth、UID、BAD /LDAP、Admin Server、Log Collector、Replica job service、Remote Registry等组件。 Harbor的关键特性 * 用户管理...
Heroku上已弃用的,受TLS和Auth保护的私有Docker注册表此应用使用了不再维护的python docker注册表。 目前,此应用无法在Heroku上开箱即用,已被弃用。 部署您自己的应用程序: 获取一个AWS存储桶按下此按钮: ...