v1.1 - 2016-04-08
A docker registry stack using the Docker Distribution registry v2, Apache with mod_auth_kerb for authentication, and a Redis cache for metadata objects.
These containers should work out of the box, with the exception of a few changes to the config files for Apache (see below).
Note: The Docker Registry image in this stack is entirely identical to the upstream. The Dockerfile to build it just adds a custom config.yml. You could also just volume mount the file in a container created from Docker.io's registry:2 image (to /etc/docker/registry/config.yml).
After building the Docker images, run the stack:
docker run --name registry-redis \
--restart always \
-d registry-redis
docker run --name registry \
--restart always \
--link registry-redis:redis \
-v <LOCAL STORAGE VOLUME>:/var/lib/registry \
-d registry-v2
docker run --name registry-web \
--restart always \
--link registry:registry \
-v <LOCAL CONFIG DIR>:/conf \
-p 443:443 \
-e SITENAME=<URL OF YOUR REGISTRY> \
-d registry-web
SSL
SSL is on by default, but you need to supply your own SSL certificates. The <LOCAL CONFIG DIR>
for the registry-web container should contain the ssl certs and keys, named like so:
- SSL Certificate:
localhost.crt
- SSL Key:
localhost.key
- (Optional) CA Intermediate Certificate:
ca-cert.crt
Kerberos
Kerberos and mod_auth_kerb are installed, but you'll need to edit the vhost.conf and krb5.conf files with your own Kerberos information. Alternatively, you can comment out the Kerberos stuff from the vhost.conf file and uncomment the basic authentication stuff, and use that.
v1.1 - 2016-04-08
Changed config.yml to use addr: 0.0.0.0:5000
instead of addr: localhost:5000
for the http section, to fix 503 errors from registry. Should allow for linking correctly (no variables required) without any security issues as long as port 5000 is never mapped by the registry container.