我们的Docker私有仓库Registry服务只有加了认证机制之后我们的Registry服务才会更加的安全可靠。赶快跟随以下步骤来增加认证机制吧。
- 创建docker registry工作目录
mkdir -p /data/docker.registry
- 创建将保存凭据的文件夹
mkdir -p /data/docker.registry/etc/registry/auth
- 安装htpasswd工具。
yum -y install httpd-tools
创建管理员admin,存入/data/docker.registry/etc/registry/auth/passwd里面,此passwd文件将包含登录凭据和加密的passwd
htpasswd -Bbn admin qdfsdFGC > /data/docker.registry/etc/registry/auth/passwd
- 验证密码
cat /data/docker.registry/etc/registry/auth/passwd
admin:$2y$05$3R0Y9nlTM.DQEAgSrGCdp.zFMkeRr8ILeK6kW/o0kvlagZLlpUmDG
- 密码创建完成,将凭据添加到注册表中。在这里,将auth目录挂载到容器中:
docker run -d -p 5000:5000
–restart=always
–name registry_private
-v /data/docker.registry/etc/registry/auth:/etc/registry/auth
-v /data/docker.registry/var/lib/registry:/var/lib/registry
-e “REGISTRY_AUTH=htpasswd”
-e “REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm”
-e “REGISTRY_AUTH_HTPASSWD_PATH=/etc/registry/auth/passwd”
registry:latest
- 测试
[root@test data]# docker tag registry:latest 127.0.0.1:5000/registry:latest
[root@test data]# docker push 127.0.0.1:5000/registry
The push refers to repository [127.0.0.1:5000/registry]
fb6b1a93008f: Preparing
6d2d8cb41f01: Preparing
4f5aa08c5eaa: Preparing
8ebb9d6ed165: Preparing
0fcbbeeeb0d7: Preparing
no basic auth credentials
- 认证
[root@test data]# docker login 127.0.0.1:5000
Username (): admin
Password:
Login Succeeded
- 重试推送
[root@test data]# docker push 127.0.0.1:5000/registry
The push refers to repository [127.0.0.1:5000/registry]
fb6b1a93008f: Pushed
6d2d8cb41f01: Pushed
4f5aa08c5eaa: Pushed
8ebb9d6ed165: Pushed
0fcbbeeeb0d7: Pushed
latest: digest: sha256:a0dd61073ad21122e5f1517682800272ef29df52041aaea7ee29e92a5d22aa28 size: 1363
- 凭据保存在 .docker/config.json中:
[root@test data]# cat ~/.docker/config.json
{
“auths”: {
“127.0.0.1:5000”: {
“auth”: “YWRtaW46ZkZHHGGluVDQ1SA==”
}
}
}
注意: 在使用凭据时建议使用https.
- 使用
登录
docker login 172.16.0.19:5000
输入用户名密码 admin/xxx
查看镜像
http:// 127.0.0.1:5000/v2/_catalog
查询镜像标签列表
curl -u admin:xxx ‘http:// 127.0.0.1:5000/v2/qingzhu-backend-gray/tags/list’