We have already set up and hosted a private docker registry. This article demonstrates how to secure a private docker registry by implementing basic authentication. Here we will add a username and password to our hosting server so that it will be secure with credentials.
Related article:
How To Setup And Host A Private Docker Registry
Let’s follow series of steps to enforce authentication. The assumption here is that we already do SSH to registry server to perform this configuration.
STEP 1 - Update and install local packages
sudo apt update
sudo apt install apache2-utils -y
STEP 2 - Create a directory to store auth credentials
mkdir ~/docker-registry/auth
cd ~/docker-registry/auth
STEP 3 - Generating the htpasswd file
Make sure to replace the username with the username you want to add. Once you hit enter here it will ask to enter a password that you want to set.
htpasswd -Bc registry.password <<user_name>>
![How To Secure Private Docker Registry]()
STEP 4 - Modify docker-compose.yml
Let’s modify docker compose file using below command. The assumption here is that registry server docker compose file is present in docker-registry.
nano ~/docker-registry/docker-compose.yml
![How To Secure Private Docker Registry]()
Below environment variables need to be set:
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry
REGISTRY_AUTH_HTPASSWD_PATH: /auth/registry.password
And auth volume set properly.
- ./auth:/auth
STEP 5 - Run docker compose
Let’s run the docker-compose using the below command.
sudo docker-compose -f docker-compose.yml up -d
![How To Secure Private Docker Registry]()
To make sure that the registry is running, a simple docker ps should display the running containers.
STEP 6 - How to validate it works
Now go to browser http://20.198.70.230:8080/repositories/, note 20.198.70.230 is public IP address of Linux VM where the registry is hosted. It’s asking credentials to enter to access repositories.
![How To Secure Private Docker Registry]()
As we enforced HTTP authentication, we need to login to registry before pushing the image.
Let’s try with sample image:
sudo docker pull alpine
sudo docker tag alpine:latest 20.198.70.230:5000/alpine
sudo docker login 20.198.70.230:5000
sudo docker push 20.198.70.230:5000/alpine
In case of error while logging in, Error response from daemon: Get "https://20.198.70.230:5000/v2/": http: server gave HTTP response to HTTPS client, follow steps 5 in How To Setup And Host A Private Docker Registry
Awesome! Authentication works with private docker registry.
Happy Learning!