Private Registry 2020(1)No auth in registry Nginx AUTH for UI

sillycat

浏览: 2486731 次
性别:
来自: 成都

最近访客更多访客>>

huageng520

learnmore

u012363178

ymgjava

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

博客分类：

Summary
JAVA
Scripts

Private Registry 2020(1)No auth in registry Nginx AUTH for UI

Deploy basic registry server
> docker run -d -p 5000:5000 --name registry registry:2

Have it running
> docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
5676dd2a19e0        registry:2          "/entrypoint.sh /etc…"   12 seconds ago      Up 11 seconds       0.0.0.0:5000->5000/tcp   registry

It is running basic config, verify that
> docker pull ubuntu:16.04

Tag the ubuntu to point to our own registry
> docker tag ubuntu:16.04 localhost:5000/c-ubuntu

Push to localhost
> docker push localhost:5000/c-ubuntu

Remove local images
> docker image remove ubuntu:16.04
> docker rmi localhost:5000/c-ubuntu
Finally, we can pull from the remote
> docker pull localhost:5000/c-ubuntu

We can enable the UI https://github.com/Joxit/docker-registry-ui
Run the Docker UI
> docker run -d -p 80:80 -e URL=http://localhost:5000 -e DELETE_IMAGES=true joxit/docker-registry-ui

It will not work because I run 2 docker and use localhost, they can not find each other. Try on my rancher-home virtual box.
>docker run -d -p 5000:5000 --name registry registry:2
>docker run -d -p 80:80 -e URL=http://rancher-home:5000 -e DELETE_IMAGES=true joxit/docker-registry-ui

It is not working because of the CORS. Try add settings for registry
Prepare the Password configuration
> docker run --entrypoint htpasswd registry:2 -Bbn sillycat ‘password' > conf/htpasswd

Try this
> docker run -d -p 80:80 -e REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin="*" -e URL=http://rancher-home:5000 -e DELETE_IMAGES=true joxit/docker-registry-ui

Visit page with username and password is working fine
http://admin:admin~!%40@rancher-home:5000/v2/_catalog?n=100000

Try this
> docker tag ubuntu:16.04 192.168.56.110:5000/a-ubuntu

> docker push 192.168.56.110:5000/a-ubuntu
The push refers to repository [192.168.56.110:5000/a-ubuntu]
Get https://192.168.56.110:5000/v2/: http: server gave HTTP response to HTTPS client

Solution:
https://github.com/docker/distribution/issues/1874

Check this file and add our website there
> cat /etc/docker/daemon.json
{
"insecure-registries": [
"192.168.56.110:8088",
"192.168.56.111:8088",
"192.168.56.112:8088",
"rancher-worker1:8088",
"rancher-worker2:8088",
"rancher-home:8088",
"159.89.253.84:80",
"10.132.242.85:8088"
]
}

Restart the service
> sudo systemctl restart docker.service

It works pretty well now
> docker tag ubuntu:16.04 rancher-home:5000/b-ubuntu
> docker push rancher-home:5000/b-ubuntu

Make it working with Nginx Authentication
>docker run -d -p 5001:80 -e REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin="*" -e URL=http://rancher-home:5000 -e DELETE_IMAGES=true joxit/docker-registry-ui

> docker run -d -p 5001:80 -e REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin="*" -e URL=http://rancher-home:5000 -e REGISTRY_URL=http://rancher-home:5000 -e NGINX_PROXY_HEADER_X_Forwarded_For=$$proxy_add_x_forwarded_for -e DELETE_IMAGES=true joxit/docker-registry-ui

NGINX_PROXY_HEADER_Authorization=Basic cmVnaXN0cnk6dWk=

We can try this as well.
    upstream registry {
server localhost:5001;
    }
        location /registry/ {
    proxy_http_version 1.1;
    proxy_set_header Connection "";
    proxy_pass http://registry/;
}

Working Makefile for registry
PORT=5000

IMAGE=registry
TAG=2
NAME=docker-registry-$(PORT)

#-v $(shell pwd)/conf/htpasswd:/etc/docker/registry/htpasswd \
run:
    docker run \
    -d \
    -p $(PORT):5000 \
    -v $(shell pwd)/registry:/var/lib/registry \
    -v $(shell pwd)/conf/config.yml:/etc/docker/registry/config.yml \
    --name $(NAME) \
    $(IMAGE):$(TAG)

clean:
    docker stop ${NAME}
    docker rm ${NAME}

Configuration for no auth registry in conf/config.yml
version: 0.1
log:
fields:
    service: registry
storage:
delete:
    enabled: true
cache:
    blobdescriptor: inmemory
filesystem:
    rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
    X-Content-Type-Options: [nosniff]
    Access-Control-Allow-Origin: ['*']
    Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
    Access-Control-Expose-Headers: ['Docker-Content-Digest']
    #Access-Control-Allow-Origin: ['http://rancher-home']
    #Access-Control-Allow-Headers: ['Authorization']
    #Access-Control-Max-Age: [1728000]
    #Access-Control-Allow-Credentials: [true]
#auth:
# htpasswd:
#    realm: basic-realm
#    path: /etc/docker/registry/htpasswd

References:
https://docs.docker.com/registry/deploying/
https://github.com/Quiq/docker-registry-ui
https://github.com/mkuchin/docker-registry-web
https://github.com/Joxit/docker-registry-ui
https://github.com/Joxit/docker-registry-ui/blob/master/examples/proxy-headers/docker-compose.yml

分享到：

Portainer 2020(4)Deploy Nginx and Others | Docker Compose 2020(1)Installation and B ...

2020-03-18 00:56
浏览 373
评论(0)
分类:企业架构
查看更多

发表评论

您还没有登录,请您登录后再发表评论

最近访客更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论