Setup secure Docker Registry with Nginx and SSL

Prerequisites

  1. Docker v1.12 installed. (though you could try it with lower version)
  2. Docker Compose v1.6 installed.
  3. apache2-utils are installed.
  4. Ubuntu (but it very similar for other distro).
  5. A domain name to run the docker registry. (a subdomain would work too).
  6. SSL certificate for the domain to run the docker registry on.

Step 1: create docker-compose.yml

Create a directory registry and under it create a docker-compose.yml.

This docker-compose file create a registry container using the registry:2 image and also a front-end proxy using the nginx:1.10.1 image.

The registry container is configured to expose it's port 5000 to other container that links to it (in this case, the proxy container can access the registry via that port)

The proxy container is configured to listen to port 80 and 443 on the host. Other nginx configuration are stores under the conf.d directory that are mapped as volume.


REGISTRY_HTTP_SECRETSet a secret text for the http header. You can put any text you want.
Volumes Set the path to both your SSL cert and key.

The file also refer to `config.yml`, `conf.d` and `html` which we're going to create later

Step 2: create config.yml

Under the same registry directory. create a config.yml file.

The config.yml configure how the docker registry needs to be setup to run. In this configuration, I setup the registry to use the local file system as the storage. It can be configured to use other storage engine, e.g. this one configures it to use Azure Blob Storage https://gist.github.com/kwokhou/f20defbfc34b1bf86c6e6e9e6aa7fda4 

Full list of the configuration can be found here.

Step 3: create proxy.conf

Create a subdirectory nginx and under it create a file proxy.conf.  The nginx is configured to upstream the traffic to the docker registry on port 5000, and it is also configured to perform basic authentication via the htpasswd file (next step)

Remember to change the server_name.

Step 4: create basic authentication file htpasswd

Finally, create a htpasswd file under the nginx directory.

Once apache2-utils installed (sudo apt-get install apache2-utils on Ubuntu). Run htpasswd -c htpasswd john under the nginx directory, to create an access for john.

Comments

Popular posts from this blog

Generating INSERT statement from SELECT using SQuirreL SQL

OneNote: We need the password to sync this notebook (Error code: 0xE4010643)

Built-in UITableViewCell's Styles (UITableViewCellStyle)