溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
這篇文章將為大家詳細講解有關Docker如何搭建基于Token認證的的Registry服務,小編覺得挺實用的,因此分享給大家做個參考,希望大家閱讀完這篇文章后可以有所收獲。
mkdir -p {/data/volume/{auth_server/{config,ssl},docker_registry/data}}如果有現成的認證文件,將文件拷貝至ssl文件夾下,文件包括( server.key, server.pem )
如果沒有認證文件,使用下面的指令生成臨時文件
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.pem
在目錄(/data/volumes/auth_server/config)下創建配置文件(auth_config.yml)
server: # Server settings.
# Address to listen on.
addr: ":5001"
# TLS certificate and key.
certificate: "/ssl/server.pem"
key: "/ssl/server.key"
token: # Settings for the tokens.
issuer: "Auth Service" # Must match issuer in the Registry config.
expiration: 900
# Static user map.
users:
# Password is specified as a BCrypt hash. Use htpasswd -B to generate.
"admin":
password: "$2y$05$B.x046DV3bvuwFgn0I42F.W/SbRU5fUoCbCGtjFl7S33aCUHNBxbq"
"reader":
password: "$2y$05$xN3hNmNlBIYpST7UzqwK/O5T1/JyXDGuJgKJzf4XuILmvX7L5ensa"
"": {} # Allow anonymous (no "docker login") access.
acl:
# Admin has full access to everything.
- match: {account: "admin"}
actions: ["*"]
- match: {account: "reader", name: "nginx"}
actions: ["pull"]采用compose模式搭建,創建compose文件(registry-auth.yml)
dockerauth: image: cesanta/docker_auth:stable container_name: docker_auth ports: - "5001:5001" volumes: - /data/volumes/auth_server/config:/config:ro - /var/log/docker_auth:/logs - /data/volumes/auth_server/ssl:/ssl command: /config/auth_config.yml restart: always registry: image: registry:2 container_name: docker_registry ports: - "5000:5000" volumes: - /data/volumes/auth_server/ssl:/ssl - /data/volumes/docker_registry/data:/var/lib/registry restart: always environment: - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry - REGISTRY_AUTH=token - REGISTRY_AUTH_TOKEN_REALM=https://registry.sky.com:5001/auth - REGISTRY_AUTH_TOKEN_SERVICE="Docker registry" - REGISTRY_AUTH_TOKEN_ISSUER="Auth Service" - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/ssl/server.pem - REGISTRY_HTTP_TLS_CERTIFICATE=/ssl/server.pem - REGISTRY_HTTP_TLS_KEY=/ssl/server.key
執行指令
docker-compose -f registry-auth.yml up
找一個安裝了docker的服務器
執行登錄指令docker login registry.sky.com:5000
輸入用戶名和密碼
Username (reader): Password: Login Succeeded
根據前面的權限配置,reader用戶只有pull權限,無法push操作
$ docker tag nginx registry.sky.com:5000/nginx $ docker push registry.sky.com:5000/nginx The push refers to a repository [registry.sky.com:5000/nginx] 5f70bf18a086: Preparing bbf4634aee1a: Preparing 64d0c8aee4b0: Preparing 4dcab49015d4: Preparing unauthorized: authentication required
測試成功,無法提交
重新采用admin用戶登錄
docker push registry.sky.com:5000/nginx The push refers to a repository [registry.sky.com:5000/nginx] 5f70bf18a086: Pushed bbf4634aee1a: Pushed 64d0c8aee4b0: Pushed 4dcab49015d4: Pushed latest: digest: sha256:e2ba8f461c877d3bbe0294dcce6398b085a19117d73e0ae1d75f9b412cab8c2e size: 1978
關于“Docker如何搭建基于Token認證的的Registry服務”這篇文章就分享到這里了,希望以上內容可以對大家有一定的幫助,使各位可以學到更多知識,如果覺得文章不錯,請把它分享出去讓更多的人看到。
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
