Secure a Private Docker Registry with Authentication

What is a Docker Registry:

A Docker registry is organized into Docker repositories?, where a repository holds all the versions of a specific image. The registry allows Docker users to pull images locally, as well as push new images to the registry (given adequate access permissions when applicable.

Docker - Private Registries

Registry is?the container managed by Docker which can be used to host private repositories. The port number exposed by the container is 5000. Hence with the –p command, we are mapping the same port number to the 5000 port number on our localhost.

?Docker info command:

Step 1 : Configure a Private Docker Registry

Add the following configuration in the?/etc/docker/daemon.json:

{
      "insecure-registries":["localhost:5001" ]
}
        

Local IP - : 192.168.43.151

Step2: Protect the Private Docker Registry with authentication

The newly created private registry is insecure, as anyone can access it and push/pull images. You need to add the authentication feature to it. To do this, use the?htpasswd?command with the?httpd?image. Use the credentials with the username as?admin?and password as?Password. Create and store the credentials in the?htpasswd?file under?auth?folder. Finally, check the repositories list by executing an HTTP request for?GET .../v2/_catalog?endpoint.

Create a folder to store the user credentials

mkdir auth
        

Next, store the user credentials in a password file. To do this, use the?htpasswd?command in the HTTPd server by passing the username as?admin?and password as?Password@123. The httpd image gets downloaded and creates the htpasswd file under the auth folder.

docker run --entrypoint htpasswd httpd:2 -Bbn admin Password@123 > auth/htpasswd        

dokcer ps         

Start a new registry instance using the?docker run?command by passing the user credentials file. Press the?Enter?key after pasting the below command to execute it.

To do this, you use the following flags:

1. -v:?Map the volume with the host folder auth in the current working directory to the auth folder in the container.
2. REGISTRY_AUTH: Environment variable to set the authentication scheme as HTTP authentication.
3. REGISTRY_AUTH_HTPASSWD_REALM: Environment variable to set the name of the realm.
4. REGISTRY_AUTH_HTPASSWD_PATH: Environment variable to specify the path of the authentication file.

Step 3: create private docker container registry

docker run -d \
-p 5001:5000 \
--restart=always \
--name brezy-registry \
-v "$(pwd)"/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
registry:2        

Verify the registry configuration by checking the list of available images through the following command. It returns an error code as?UNAUTHORIZED, as the registry is now protected with authentication.

Step:4 Pushing a Docker Image to a Private Repository

curl https://localhost:5001/v2/_catalog        

Push the image from the local Docker Registry. An error message with?no basic auth credentials?appears. This happens due to the registry being protected with authentication requirement

?docker image push localhost:5001/ubuntu:v1        

Log in to the local registry using the?docker login?command (1). The credentials prompt appears. Enter the?username?as?admin?followed by the?password?as?Password@123?(2). Press the?Enter?key. The successful login message appears

docker login localhost:5001        

Retry pushing the image to the local Docker Registry. This time the image gets pushed to the private registry.

Step 5: Pull an Image from a Private Registry without internet

Thank you !!!