In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/01 Report--
This article will explain in detail how Docker builds Registry services based on Token authentication. The editor thinks it is very practical, so I share it with you for reference. I hope you can get something after reading this article.
Build Registry service for Token authentication 1. Create the directory mkdir-p {/ data/volume/ {auth_server/ {config,ssl}, docker_registry/data} 2. Copy the certification file
If there is a ready-made certification file, copy the file to the ssl folder, including (server.key, server.pem)
If there is no authentication file, use the following instructions to generate a temporary file
Openssl req-x509-nodes-days 365-newkey rsa:2048-keyout server.key-out server.pem3. Configure the configuration file for the authentication service
Create a configuration file (auth_config.yml) under the directory (/ data/volumes/auth_server/config)
Server: # Server settings. # Address to listen on. Addr: "5001" # TLS certificate and key. Certificate: "/ ssl/server.pem" key: "/ ssl/server.key" token: # Settings for the tokens Issuer: "Auth Service" # Must match issuer in the Registry config. Expiration: 900# Static user map. Users: # Password is specified as a BCrypt hash. Use htpasswd-B to generate. "admin": password: "$2y$05$ B.x046DV3bvuwFgn0I42F.W/SbRU5fUoCbCGtjFl7S33aCUHNBxbq"reader": password: "$2y$05 $xN3hNmNlBIYpST7UzqwK/O5T1/JyXDGuJgKJzf4XuILmvX7L5ensa": {} # Allow anonymous (no "docker login") access.acl: # Admin has full access to everything. -match: {account: "admin"} actions: ["*"]-match: {account: "reader", name: "nginx"} actions: ["pull"] 4. Build registry and auth services
Use compose mode to build and create compose file (registry-auth.yml)
Dockerauth: image: cesanta/docker_auth:stable container_name: docker_auth ports:-"5001cesanta/docker_auth:stable container_name 5001" volumes:-/ data/volumes/auth_server/config:/config:ro-/ var/log/docker_auth:/logs-/ data/volumes/auth_server/ssl:/ssl command: / config/auth_config.yml restart: alwaysregistry: image: registry:2 container_name: docker_registry ports:-"5000 : 5000 "volumes:-/ data/volumes/auth_server/ssl:/ssl-/ data/volumes/docker_registry/data:/var/lib/registry restart: always environment:-REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry-REGISTRY_AUTH=token-REGISTRY_AUTH_TOKEN_REALM= https://registry.sky.com:5001/auth-REGISTRY_AUTH_TOKEN_SERVICE=" Docker registry "- REGISTRY_AUTH_TOKEN_ISSUER=" Auth Service "- REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/ssl/server.pem-REGISTRY_HTTP_TLS_CERTIFICATE=/ssl/server.pem-REGISTRY_HTTP_TLS_KEY=/ssl/server.key
Execute instruction
Docker-compose-f registry-auth.yml up5. Online testing
Find a server with docker installed
Execute login instruction docker login registry.sky.com:5000
Enter user name and password
Username (reader): Password: Login Succeeded
According to the previous permission configuration, reader users only have pull permissions and cannot operate push
$docker tag nginx registry.sky.com:5000/nginx$ docker push registry.sky.com:5000/nginxThe push refers to a repository [registry.sky.com:5000/nginx] 5f70bf18a086: Preparing bbf4634aee1a: Preparing 64d0c8aee4b0: Preparing 4dcab49015d4: Preparing unauthorized: authentication required
The test was successful and could not be submitted
Re-adopt admin user login
Docker push registry.sky.com:5000/nginx The push refers to a repository [registry.sky.com:5000/nginx] 5f70bf18a086: Pushed bbf4634aee1a: Pushed 64d0c8aee4b0: Pushed 4dcab49015d4: Pushed latest: digest: sha256:e2ba8f461c877d3bbe0294dcce6398b085a19117d73e0ae1d75f9b412cab8c2e size: 1978 this is the end of the article on "how Docker builds Registry services based on Token authentication". I hope the above content can be of some help to you, so that you can learn more knowledge, if you think the article is good. Please share it for more people to see.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.