Skip to content

Instantly share code, notes, and snippets.

@vermotr
Created February 7, 2017 15:56
Show Gist options
  • Save vermotr/6dca637866528d2e95e2a7265c4082b6 to your computer and use it in GitHub Desktop.
Save vermotr/6dca637866528d2e95e2a7265c4082b6 to your computer and use it in GitHub Desktop.
Docker Registry with Basic Auth Nginx Server and Let's Encrypt certificate
registry:
restart: always
image: registry:2
ports:
- 127.0.0.1:5000:5000
volumes:
- registry:/var/lib/registry
registry_ui:
restart: always
image: konradkleine/docker-registry-frontend:v2
ports:
- 127.0.0.1:8081:80
environment:
ENV_DOCKER_REGISTRY_HOST: localhost
ENV_DOCKER_REGISTRY_PORT: 5000
ENV_REGISTRY_PROXY_FQDN: docker.example.com
ENV_REGISTRY_PROXY_PORT: 443

Docker Registry

A simple Docker Registry with Basic Auth Nginx Server and Let's Encrypt certificate

How to use

You have to create a .htpasswd file and you can use the following command:

htpasswd -c registry.htpasswd username

License

The MIT License (MIT)

server {
listen 443 ssl;
server_name docker.example.com;
# To add Let's Encrypt certificate
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
proxy_set_header Host $http_host; # required for Docker client sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client IP
client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads
chunked_transfer_encoding on;
location / {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/conf.d/registry.htpasswd;
proxy_pass http://localhost:8081;
}
location /v2 {
if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*\$" ) {
return 404;
}
# To add basic authentication to v2 use auth_basic setting plus add_header
auth_basic "Registry realm";
auth_basic_user_file /etc/nginx/conf.d/registry.htpasswd;
add_header 'Docker-Distribution-Api-Version' 'registry/2.0';
proxy_pass http://localhost:5000;
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
location /v1/_ping {
proxy_pass http://localhost:5000;
auth_basic off;
}
location /v1/search {
proxy_pass http://localhost:5000;
auth_basic off;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment