> # Run the registry on the server, allow only localhost connection
> docker run -p 127.0.0.1:5000:5000 registry
>
> # On the client, setup ssh tunneling
> ssh -N -L 5000:localhost:5000 user@server
> standalone: boolean, run the server in stand-alone mode. This means that the Index service on index.docker.io will not be used for anything. This implies disable_token_auth.
> index_endpoint: string, configures the hostname of the Index endpoint. This is used to verify passwords of users that log in. It defaults to https://index.docker.io. You should probably leave this to its default.
> disable_token_auth: boolean, disable checking of tokens with the Docker index. You should provide your own method of authentication (such as Basic auth).
4 个回复
DockOne - DockOne官方账号
赞同来自: KiwenLau
可以参考这个开源项目(https://github.com/larrycai/nginx-registry),它是一个简易的docker private registry前端认证模块。
daozhao
赞同来自:
自己搜索了一下,大多数人用Nginx在前端做代理,使用Nginx做认证。
还有是使用ssh的,不过比较少。而且可以控制的会少点。
Nginx参考下边的文章
https://www.digitalocean.com/c ... 14-04
https://docker.cn/p/private-do ... nginx
ssh的参考
http://stackoverflow.com/quest ... istry
> # Run the registry on the server, allow only localhost connection
> docker run -p 127.0.0.1:5000:5000 registry
>
> # On the client, setup ssh tunneling
> ssh -N -L 5000:localhost:5000 user@server
新版本好像提供了认证支持,不过没有看明白是如何设置。
> Authentication options
> standalone: boolean, run the server in stand-alone mode. This means that the Index service on index.docker.io will not be used for anything. This implies disable_token_auth.
> index_endpoint: string, configures the hostname of the Index endpoint. This is used to verify passwords of users that log in. It defaults to https://index.docker.io. You should probably leave this to its default.
> disable_token_auth: boolean, disable checking of tokens with the Docker index. You should provide your own method of authentication (such as Basic auth).
难易 - PaaS开发者
赞同来自:
Nginx是个简单方案,你可以看下我写的registry架构图,真正的权限需要用一个Docker Hub(index)来实现。
xds2000 - 数人科技CTO
赞同来自:
@难易 你写的registry架构图在哪里?