Host your a bare bones Docker Repository on Ubuntu (16.04) with SSL and user authentication.
Install docker
Follow instructions on https://docs.docker.com/install/linux/docker-ce/ubuntu/
Make sure to add current user to the docker group.
Assuming this you are using this server just to host the docker private registry, create everything under the user’s home folder.
~/docker-compose.yml:
registry:
restart: always
image: registry:2
ports:
- 443:5000
environment:
REGISTRY_HTTP_TLS_CERTIFICATE: /letsencrypt/live/your_domain/fullchain.pem
REGISTRY_HTTP_TLS_KEY: /letsencrypt/live/your_domain/privkey.pem
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Docker Registry
volumes:
- ~/registry/data:/var/lib/registry
- ~/letsencrypt:/letsencrypt
- ~/registry/auth:/auth
Let’s Encrypt
You can install certbot on the host or, since you have docker already installed, you can use a docker container and use the DNS challenge.
$ docker run -v ${pwd}/letsencrypt:/etc/letsencrypt -it \
certbot/certbot certonly \
--manual --preferred-challenges dns
Note: On Mac, use ${PWD} (instead of ${pwd})
Follow the on-screen instructions. You will need access to configure the DNS in order to create the TXT record.
Add User Script (~/adduser.sh):
docker run \
--entrypoint htpasswd \
registry:2 -Bbn $1 $2 >> registry/auth/htpasswd
Note: the script assumes it will be in the user’s home folder.
Run the script to add user(s)
$ ./adduser.sh user_name secret_user_password
Start
$ docker-compose up -d
Make into a service?
To be continued….
0 Comments