Private Docker Registry Part 2: let’s add basic authentication
Now that we have a basic registry up and running locally, let’s configure the basic authentication.
NOTE: The reference material for this article can be found here
The Services Definition
The docker-compose command allow you to stack docker-compose.yml files to override some services. Those are the overrides for the basic registry created in the previous article.
The registry was overridden to add
- Set environment variables
REGISTRY_AUTH=htpasswd : sets the authentication method to htpasswd (basic auth)
REGISTRY_AUTH_HTPASSWD_REALM: “YOUR REALM” : the Realm for your docker registry
REGISTRY_AUTH_HTPASSWD_PATH: ‘/httpasswd_storage/htpasswd’ : the full path to the htpasswd files containing your user:pass associations. This file will be shared between the host running your service and the service itself using the volumes definition
Generating the htpasswd file
This is how you can add a simple user to a local htpasswd file in ~/htpasswd_backup, which is the one configured in the previous example, using docker
#Create the htpasswd_backup
mkdir -p ~/htpasswd_backup
docker run --rm --entrypoint htpasswd registry:2 -Bbn <username> "<password>" > ~/htpasswd_backup/htpasswd
How to start it
To start the registry locally, simply run this command
docker-compose -f docker-compose.yml \
-f docker-compose.auth.yml \
- The registry is reachable at localhost:5000
- The registry UI is reachable http://localhost:80, but you’ll be asked for a password
IMPORTANT NOTES: The registry is:
- Running locally
- Authenticated using basic auth
- Storing docker images in the container only.
If you want to persist it for some reason, add this volume to the registry service definition
- Not using SSL
How to validate it works
- Try to pull the image you pushed in the basic registry
docker pull localhost:5000/<optional-username>/alpine:3.4
You will receive an error:
Pulling repository localhost:5000/<option-username>/alpine
Error: image <option-username>/alpine:3.4 not found
This means the authentication works! Let’s authenticate
docker login -u <username> localhost:5000
You’ll be asked for your password, then you will be authenticated.
Try to pull the image again and it will succeed.
If you want to logout, run this command:
docker logout localhost:5000
You now have a registry with authentication! Now let’s add Azure storage to it: Private Docker Registry Part 3: let’s use Azure Storage