Skip to content

A Docker Nginx Reverse Proxy to secure your private Docker Registry using SSL and HTTP BASIC AUTH

License

Notifications You must be signed in to change notification settings

cloudfleet/docker-nginx-registry-proxy

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Docker Registry Reverse Proxy with Basic Auth Nginx Server (marvambass/nginx-registry-proxy)

maintained by MarvAmBass

FAQ - All you need to know about the marvambass Containers

What is it

This Dockerfile (available as marvambass/nginx-registry-proxy) gives you a nginx reverse proxy with SSL and Basic Auth to use with your Docker Registry (registry)

View in Docker Registry marvambass/nginx-registry-proxy

View in GitHub MarvAmBass/docker-nginx-registry-proxy

Running marvambass/nginx-registry-proxy Container

To run this container, you need a running registry with the name registry for example:

docker run -d --name registry \
-v $YOUR_REGISTRY_DIR:/registry \
-e "SETTINGS_FLAVOR=local" \
-e "STORAGE_PATH=/registry" \
registry

You also need a htpasswd-file howto and a ssl keypair howto

Put the new files in a folder to get a result like this:

~/your/path/external$ ls
cert.pem  docker-registry.htpasswd  key.pem

You're now ready to run the nginx-registry-proxy Server ;)

docker run -d -p 443:443 \
-v $PATH\_TO\_YOUR/external:/etc/nginx/external \
--link registry:registry --name nginx-registry-proxy \
marvambass/nginx-registry-proxy

Use your private Docker Registry

Let's asume, you followed all steps until now. You've a Server (https://mydockerreg.com:443) with https on port 443 and a basicauth user named tom with the password jerry.

Let's check if the Server is available by opening this URL https://mydockerreg.com:443/v1/\_ping. If the Server returns true your Registry is up and running.

Let's get a new Docker Image from the offical Registry, rename it, and publish it into your private Registry.

$ docker pull scratch # this pulls the scratch image from the offical registry

Now we have the image named scratch in our local Docker Image Registry. You can check that with the command:

$ docker images
scratch              latest              511136ea3c5a        16 months ago       0 B

Let's rename the Image and publish it into your private Registry

$ docker tag scratch mydockerreg.com:443/scratch

Now the command docker images will show another Image

scratch              latest              511136ea3c5a        16 months ago       0 B
mydockerreg.com:443/scratch             latest              511136ea3c5a        16 months ago       0 B

At this Point we're able to publish it into your private Registry but first we need to login into the server

$ docker login https://mydockerreg.com:443
Username: tom
Password: jerry
Email: 
$ docker push mydockerreg.com:443/scratch

You're successfully published you're first Image into your private Registry. Note that you need docker login on every Server (you can also use arguments for password and username, but this is not secure because of the process list of linux ps aux or the bash history)

Download the uploaded Image:

$ docker login https://mydockerreg.com:443
Username: tom
Password: jerry
Email: 
$ docker pull mydockerreg.com:443/scratch

That's it - Have fun!

Based on

This Dockerfile bases on the marvambass/nginx-ssl-secure Image.

I got inspired by the following DigitalOcean Tutorial https://www.digitalocean.com/community/tutorials/how-to-set-up-a-private-docker-registry-on-ubuntu-14-04

Building the Dockerfile yourself

Just use the following command to build and publish your/this Docker Container.

docker build -t username/nginx-registry-proxy .
docker push username/nginx-registry-proxy

Cheat Sheet

Creating a self-signed ssl cert

Please note, that the Common Name (CN) is important and should be the FQDN to the secured server:

openssl req -x509 -newkey rsa:4086 -keyout key.pem -out cert.pem -days 3650 -nodes

Creating a htpasswd file

You need the htpasswd command (on Ubuntu you can simply install it with sudo apt-get install -y apache2-utils)

The first time you wanna create the htpasswd-file, you need to use the -c parameter (it stands for create).

htpasswd -c docker-registry.htpasswd user1

Any other new User you want to add, simply use the following command:

htpasswd docker-registry.htpasswd userN

if you use the -c on a existing htpasswd-file, all existing user will be deleted and you create a new file which only contains the new user

About

A Docker Nginx Reverse Proxy to secure your private Docker Registry using SSL and HTTP BASIC AUTH

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published