Running a Secure Docker Registry

Welcome to another Docker day.

Today's task is Deploying a registry server with Native basic auth and accessing it through Nginx.

First we create an auth/htpasswd on the host with the tool htpasswd (which is available in the image registry:2).

$ mkdir auth
$ docker run --entrypoint htpasswd registry:2 -Bbn testuser s3cr3t > auth/htpasswd

This command line looks a bit strange on first sight.

With --entrypoint htpasswd the default command of the image is replaced. If we had htpasswd installed on the host we would have run the command like this:

$ htpassed -Bbn testuser s3cr3t > auth/htpasswd

Either way the result is the file auth/htpasswed (on the host).

With -p 127.0.0.1:5000:5000 we bind the registry to the local network interface only:

$ docker run -d \
  -p 127.0.0.1:5000:5000 \
  --name registry \
  --restart=always \
  --volume `pwd`/data:/var/lib/registry \
  --volume `pwd`/auth:/auth \
  -e "REGISTRY_AUTH=htpasswd" \
  -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
  -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
  registry:2
Show Comments