How To Secure Private Docker Registry

We have already set up and hosted a private docker registry. This article demonstrates how to secure a private docker registry by implementing basic authentication. Here we will add a username and password to our hosting server so that it will be secure with credentials.

Related article:

How To Setup And Host A Private Docker Registry

Let’s follow series of steps to enforce authentication. The assumption here is that we already do SSH to registry server to perform this configuration.

STEP 1 - Update and install local packages

sudo apt update
sudo apt install apache2-utils -y

STEP 2 - Create a directory to store auth credentials

mkdir ~/docker-registry/auth
cd ~/docker-registry/auth

STEP 3 - Generating the htpasswd file

Make sure to replace the username with the username you want to add. Once you hit enter here it will ask to enter a password that you want to set.

 htpasswd -Bc registry.password <<user_name>>

How To Secure Private Docker Registry

STEP 4 - Modify docker-compose.yml

Let’s modify docker compose file using below command. The assumption here is that registry server docker compose file is present in docker-registry.

nano ~/docker-registry/docker-compose.yml

How To Secure Private Docker Registry

Below environment variables need to be set:

REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry
REGISTRY_AUTH_HTPASSWD_PATH: /auth/registry.password

And auth volume set properly.

 - ./auth:/auth

STEP 5 - Run docker compose

Let’s run the docker-compose using the below command.

sudo docker-compose -f docker-compose.yml up -d

How To Secure Private Docker Registry

To make sure that the registry is running, a simple docker ps should display the running containers.

STEP 6 - How to validate it works

Now go to browser http://20.198.70.230:8080/repositories/, note 20.198.70.230 is public IP address of Linux VM where the registry is hosted. It’s asking credentials to enter to access repositories.

How To Secure Private Docker Registry

As we enforced HTTP authentication, we need to login to registry before pushing the image.

Let’s try with sample image:

sudo docker pull alpine

sudo docker tag alpine:latest 20.198.70.230:5000/alpine

sudo docker login 20.198.70.230:5000

sudo docker push 20.198.70.230:5000/alpine

In case of error while logging in, Error response from daemon: Get "https://20.198.70.230:5000/v2/": http: server gave HTTP response to HTTPS client, follow steps 5 in How To Setup And Host A Private Docker Registry

Awesome! Authentication works with private docker registry.

Happy Learning!