docker_auth_runner

command module
v0.0.0-...-5230ad2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 3, 2021 License: MIT Imports: 13 Imported by: 0

README 

# Development on this repository has been frozen.

Rather than bodge this into running how I'd like, I wrote my own https://github.com/greboid/registryauth/[auth server] instead.

=== Docker Auth Runner

This is a config generator and runner for https://github.com/cesanta/docker_auth[cessanta/docker_auth].

Note: The auth server will need to be available publically and will require https, SSL termination will need to be
handled externally.

You should pre-generate a certificate and key, the cert will need to be available to the registry and this generator,
the key is required by this generator, these are required to sign the tokens.

 - `/certs/server.pem`
 - `/certs/key.pem`

The two environmental variables below are required:

 - `REGISTRY_LISTEN_ADDRESS`: This should be set to port the server should listen on
 - `REGISTRY_ISSUER`: This should be set to the same issuer as the configured in the registry config.

You can configure individual users that will have full access to the registry, these are configured by creating a bcrypt
username password string, as output from `htpasswd -nB <username>`, the output from this should be put in an
environmental variable `REGISTRY_USER_X` where X is unique.

You can enable a `<mirror hostname>/public` to require no auth by adding `REGISTRY_PUBLIC_FOLDER=true`
and/or a publically available `<mirror hostname>/mirror` folder by adding `REGISTRY_PUBLIC_MIRROR=true`


====  Example config snippet for the registry

The registry should be configured with a block similar to the below, this can also be configured with environment
variables

....
  auth:
    token:
      realm: "https://<docker auth hostname>:5001/auth"
      service: "Docker registry"
      issuer: "Acme auth server" #Should match REGISTRY_ISSUER
      rootcertbundle: "/certs/server.pem" #Should be the same as the auth runner
....

==== Generating certificates

You can generate the certificates with certstrap using the below commands

```
docker run --rm -it -v $PWD/out:/out squareup/certstrap --depot-path /out init --common-name "ca"
docker run --rm -it -v $PWD/out:/out squareup/certstrap --depot-path /out request-cert --passphrase "" --common-name "registry" --domain "registry"
docker run --rm -it -v $PWD/out:/out squareup/certstrap --depot-path /out sign --CA "ca" "registry"
```

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.