Comments (6)
Thanks for question, @bergtwvd.
The easiest way to secure both registry and frontend is to use Nginx as reverse proxy.
You can find example configs here.
To enable HTTPS on nginx you need to change Nginx config and supply ssl.key
and ssl.cert
to the nginx container.
Feel free to ask me if you need further assistance.
from docker-registry-web.
Thanks, I will have a try.
Any good pointer on how to generate these ssl key/cert for nginx?
from docker-registry-web.
There is a good howto on setting up Nginx with free StartSSL certificate: https://finiteheap.com/webdev/2015/12/06/nginx-startssl-aplus.html
from docker-registry-web.
On the end I configured the containers such that only port 443 is accessible from the "outside". port 8080 and 5000 are only accessible on the internal registry-net.
The registry auth realm is set to https://< hostname >:443/api/auth
Docker-file:
version: '2'
services:
nginx:
image: nginx:1.10
ports:
- 443:443
volumes:
- ./conf/nginx:/etc/nginx/conf.d/:ro
networks:
- registry-net
depends_on:
- registry
- registry-web
registry-web:
image: hyper/docker-registry-web:v0.1.0
ports:
- 8080
volumes:
- ./conf/registry-web:/conf:ro
- ./db:/data
networks:
- registry-net
depends_on:
- registry
registry:
image: registry:2.4.1
ports:
- 5000
volumes:
- ./conf/registry:/etc/docker/registry:ro
- ./registry:/var/lib/registry
networks:
- registry-net
networks:
registry-net:
from docker-registry-web.
It's better to bind exposed ports to localhost:
ports:
- 127.0.0.1:8080:8080
ports:
- 127.0.0.1:5000:5000
Otherwise, docker will assign random ports to them and bind these ports to every host interface.
from docker-registry-web.
I think this issue can be closed, from my point of view it is resolved.
from docker-registry-web.
Related Issues (20)
- registry -e REGISTRY_AUTH_HTPASSWD_REALM=Registry_Realm
- Api for adding a user
- Cannot get property 'Cmd' on null object. Stacktrace follows: HOT 2
- Can I save & road the login account information?
- server gave HTTP response to HTTPS client
- javax.net.ssl.SSLException: Received fatal alert: protocol_version HOT 2
- Docker Login Issue
- [Feature] Implement LDAP authentication
- how to allow anonymous user to pull images
- [ Error ] Building using Dockerfile - org.grails.wrapper.GrailsWrapper
- Able to delete multiple image tags
- denied: requested access to the resource is denied HOT 2
- v2 scheme imageId HOT 1
- Admin access does not work
- invalid translation for Estonian
- use gitlab registry
- Is this project stop ???
- Error in Web UI with basic authentication HOT 6
- The password change function does not work HOT 1
- curl UNAUTHORIZED HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-registry-web.