Private Docker Registry Part 2: let’s add basic authentication

Now that we have a basic registry up and running locally, let’s configure the basic authentication.

NOTE: The reference material for this article can be found here

The Services Definition

The docker-compose command allow you to stack docker-compose.yml files to override some services. Those are the overrides for the basic registry created in the previous article.

version: '2'
services:
  registry:
    environment:
      REGISTRY_AUTH: 'htpasswd'
      REGISTRY_AUTH_HTPASSWD_REALM: 'YOUR_DOCKER_REGISTRY_REALM'
      REGISTRY_AUTH_HTPASSWD_PATH: '/httpasswd_storage/htpasswd'
    volumes:
      - ~/htpasswd_backup:/httpasswd_storage

Service Overrides

The registry was overridden to add

• Set environment variables
  REGISTRY_AUTH=htpasswd : sets the authentication method to htpasswd (basic auth)
  REGISTRY_AUTH_HTPASSWD_REALM: “YOUR REALM” : the Realm for your docker registry
  REGISTRY_AUTH_HTPASSWD_PATH: ‘/httpasswd_storage/htpasswd’ : the full path to the htpasswd files containing your user:pass associations. This file will be shared between the host running your service and the service itself using the volumes definition

Generating the htpasswd file

This is how you can add a simple user to a local htpasswd file in ~/htpasswd_backup, which is the one configured in the previous example, using docker

#Create the htpasswd_backup
mkdir -p ~/htpasswd_backup
docker run --rm --entrypoint htpasswd registry:2 -Bbn <username> "<password>" > ~/htpasswd_backup/htpasswd

How to start it

To start the registry locally, simply run this command

docker-compose -f docker-compose.yml \
               -f docker-compose.auth.yml \
               up -d

• The registry is reachable at localhost:5000
• The registry UI is reachable http://localhost:80, but you’ll be asked for a password

IMPORTANT NOTES: The registry is:

1. Running locally
2. Authenticated using basic auth
3. Storing docker images in the container only.
   If you want to persist it for some reason, add this volume to the registry service definition
4. Not using SSL

How to validate it works

• Try to pull the image you pushed in the basic registry

docker pull localhost:5000/<optional-username>/alpine:3.4

You will receive an error:

Pulling repository localhost:5000/<option-username>/alpine
Error: image <option-username>/alpine:3.4 not found

This means the authentication works! Let’s authenticate

docker login -u <username> localhost:5000

You’ll be asked for your password, then you will be authenticated.

Try to pull the image again and it will succeed.

If you want to logout, run this command:

docker logout localhost:5000

You now have a registry with authentication! Now let’s add Azure storage to it: Private Docker Registry Part 3: let’s use Azure Storage