Docker image of nginx reverse proxy for docker-registry.
- Add Basic Authentication
- account information derived from Redis
- Access control
- SSL endpoint
- select upstream server according to authenticated user
- performance tuning
- prepare certificate files
$ mkdir ssl
$ cd ssl
$ echo 01 > ca.srl
$ openssl genrsa -des3 -out ca-key.pem 2048
$ openssl req -new -x509 -days 365 -key ca-key.pem -out ca.pem
$ openssl genrsa -des3 -out docker-registry-key.pem 2048
$ openssl req -subj '/CN=<Your Hostname Here>' -new -key docker-registry-key.pem -out server.csr
$ openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem -out docker-registry-cert.pem
$ openssl rsa -in docker-registry-key.pem -out docker-registry-key.pem
$ cd ../
- start containers
$ docker run -d -p 6379:6379 redis:latest
$ docker run -d -p 5000:5000 registry
$ docker run -d -v `pwd`/ssl -p 443:443 -e REDIS_HOST=172.17.42.1 -e DIGEST_SALT=salt nagachika/nginx-docker-registry
- prepare account information & proxy upstream
# get digest string for the password
$ ruby -rdigest -e 'puts Digest::SHA1.hexdigest("salt:password")'
(copy digest string)
$ redis-cli
> hset docker-registry:passwords user1 (copied digest string)
> lpush docker-registry:backends 172.17.42.1:5000