Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to build Registry Services based on Token Authentication in Docker

2025-04-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/01 Report--

This article will explain in detail how Docker builds Registry services based on Token authentication. The editor thinks it is very practical, so I share it with you for reference. I hope you can get something after reading this article.

Build Registry service for Token authentication 1. Create the directory mkdir-p {/ data/volume/ {auth_server/ {config,ssl}, docker_registry/data} 2. Copy the certification file

If there is a ready-made certification file, copy the file to the ssl folder, including (server.key, server.pem)

If there is no authentication file, use the following instructions to generate a temporary file

Openssl req-x509-nodes-days 365-newkey rsa:2048-keyout server.key-out server.pem3. Configure the configuration file for the authentication service

Create a configuration file (auth_config.yml) under the directory (/ data/volumes/auth_server/config)

Server: # Server settings. # Address to listen on. Addr: "5001" # TLS certificate and key. Certificate: "/ ssl/server.pem" key: "/ ssl/server.key" token: # Settings for the tokens Issuer: "Auth Service" # Must match issuer in the Registry config. Expiration: 900# Static user map. Users: # Password is specified as a BCrypt hash. Use htpasswd-B to generate. "admin": password: "$2y$05$ B.x046DV3bvuwFgn0I42F.W/SbRU5fUoCbCGtjFl7S33aCUHNBxbq"reader": password: "$2y$05 $xN3hNmNlBIYpST7UzqwK/O5T1/JyXDGuJgKJzf4XuILmvX7L5ensa": {} # Allow anonymous (no "docker login") access.acl: # Admin has full access to everything. -match: {account: "admin"} actions: ["*"]-match: {account: "reader", name: "nginx"} actions: ["pull"] 4. Build registry and auth services

Use compose mode to build and create compose file (registry-auth.yml)

Dockerauth: image: cesanta/docker_auth:stable container_name: docker_auth ports:-"5001cesanta/docker_auth:stable container_name 5001" volumes:-/ data/volumes/auth_server/config:/config:ro-/ var/log/docker_auth:/logs-/ data/volumes/auth_server/ssl:/ssl command: / config/auth_config.yml restart: alwaysregistry: image: registry:2 container_name: docker_registry ports:-"5000 : 5000 "volumes:-/ data/volumes/auth_server/ssl:/ssl-/ data/volumes/docker_registry/data:/var/lib/registry restart: always environment:-REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry-REGISTRY_AUTH=token-REGISTRY_AUTH_TOKEN_REALM= https://registry.sky.com:5001/auth-REGISTRY_AUTH_TOKEN_SERVICE=" Docker registry "- REGISTRY_AUTH_TOKEN_ISSUER=" Auth Service "- REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/ssl/server.pem-REGISTRY_HTTP_TLS_CERTIFICATE=/ssl/server.pem-REGISTRY_HTTP_TLS_KEY=/ssl/server.key

Execute instruction

Docker-compose-f registry-auth.yml up5. Online testing

Find a server with docker installed

Execute login instruction docker login registry.sky.com:5000

Enter user name and password

Username (reader): Password: Login Succeeded

According to the previous permission configuration, reader users only have pull permissions and cannot operate push

$docker tag nginx registry.sky.com:5000/nginx$ docker push registry.sky.com:5000/nginxThe push refers to a repository [registry.sky.com:5000/nginx] 5f70bf18a086: Preparing bbf4634aee1a: Preparing 64d0c8aee4b0: Preparing 4dcab49015d4: Preparing unauthorized: authentication required

The test was successful and could not be submitted

Re-adopt admin user login

Docker push registry.sky.com:5000/nginx The push refers to a repository [registry.sky.com:5000/nginx] 5f70bf18a086: Pushed bbf4634aee1a: Pushed 64d0c8aee4b0: Pushed 4dcab49015d4: Pushed latest: digest: sha256:e2ba8f461c877d3bbe0294dcce6398b085a19117d73e0ae1d75f9b412cab8c2e size: 1978 this is the end of the article on "how Docker builds Registry services based on Token authentication". I hope the above content can be of some help to you, so that you can learn more knowledge, if you think the article is good. Please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report