Lead Image © Viktoriya Malova, 123RF.com

Registry for Docker images

Repository D

Article from ADMIN 52/2019

By Oliver Frommel

Running your own registry for Docker images is not difficult. We'll show you how to get started using the free docker_auth software.

If you create Docker images yourself, you also need your own registry. Although registries are available as Docker images, their functionality is limited, whereas adding an authentication (auth) server gives you a useful repository for images.

With no offense intended, the release of the Docker software was quick and dirty. Only later were many desperately needed features introduced. One example is the registry – the storage space for Docker images – which did not even have a mechanism for authentication. Later, the image format was changed and Registry 2.0 (a.k.a., "Docker Distribution") was released, which cleared up many limitations. At least it now has a basic authentication mechanism, although it is limited to the htpasswd files known from Apache.

Restricting Access and Controlling Privileges

Unfortunately, the Docker mechanism is limited to authentication. It does not provide granular authorization of authenticated users for individual resources (i.e., read/write access to images). For many users who just want to try out Docker, and teams in which everyone is allowed to do everything, this is perfectly okay. You can just add a user to the htpasswd file and start the registry container, where you mount the directory with the password file. Next, you pass in the authentication settings as environment variables (Listing 1).

Listing 1

Authentication Settings

$ sudo mkdir /etc/docker-registry
$ htpasswd -Bbn oliver T0Ps3crEt | sudo tee /etc/docker-registry/htpasswd
oliver:$2y$05$lAmkjHRcR0.TK52/rHR/Pe86AGZqpRleXenHVT/eabFe8He5UZiPu
$ docker run -p 5000:5000 --name registry -v /etc/docker-registry/:/auth -e "REGISTRY_AUTH=htpasswd" -e

...

Use Express-Checkout link below to read the full article (PDF).