-
Notifications
You must be signed in to change notification settings - Fork 20
Private Docker Registry Build Log
Chris Cuming edited this page Oct 12, 2015
·
3 revisions
- DNS:
dochub.ironmann.io
- Address:
162.243.141.92
- OS: CentOS 7
- User:
root
- Set
PasswordAuthentication
to no. - Set
MaxAuthTries
to 10.
Configured shell to flush history on login/out by appending cat /dev/null > ~/.bash_history
to:
/root/.bashrc
/root/.bash_logout
$ yum update # Update packages.
$ yum install -y htop # Better top, YMMV.
$ rpm --import http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 # Import EPEL GPG key.
$ yum install -y epel-release # Enable EPEL.
$ curl -sSL https://get.docker.com/ | sh # Install Docker.
$ systemctl start docker # Start Docker.
$ systemctl enable docker # Start Docker on boot.
$ docker run hello-world # Test Docker install.
NOTE: Configure to use AWS S3.
Config File Example:
# /root/config.yml
version: 0.1
log:
fields:
service: registry
storage:
s3:
accesskey: # AWS Key ID
secretkey: # AWS Secret Key
region: us-west-1
bucket: ironmann-docker
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
- User:
jarvis
- Pass:
HotShinyFr3shIm4ges!
$ mkdir auth
$ docker run --entrypoint htpasswd registry:2 -Bbn jarvis HotShinyFr3shIm4ges! > auth/htpasswd
# Auth and TLS information are included in the container as mounted volumes.
$ docker run -d -p 5000:5000 --restart=always --name registry \
-v `pwd`/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-v /root/config.yml:/etc/docker/registry/config.yml \
-v /root/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/dochub.ironmann.io.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/dochub.ironmann.io.key \
registry:2
# Stop the registry container:
$ docker stop registry
# Remove the registry container:
$ docker rm registry
# Add the new user:
docker run --entrypoint htpasswd registry:2 -Bbn newuser newpass >> auth/htpasswd
# Rebuild the registry container:
$ docker run -d -p 5000:5000 --restart=always --name registry \
-v `pwd`/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-v /root/config.yml:/etc/docker/registry/config.yml \
-v /root/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/dochub.ironmann.io.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/dochub.ironmann.io.key \
registry:2
Just remove a given user's entry from the /root/auth/htpasswd
file.
NOTE: See Using Docker for information on how to work with the registry container.