添加配置好验证功能的registry

registry/auth_server/config/auth_config.yml

@@ -0,0 +1,37 @@
+server:  # Server settings.
+  # Address to listen on.
+  addr: ":5001"
+  # TLS certificate and key.
+  certificate: "/ssl/server.pem"
+  key: "/ssl/server.key"
+
+token:  # Settings for the tokens.
+  issuer: "Auth Service"  # Must match issuer in the Registry config.
+  expiration: 900
+
+
+# Static user map. 
+users:
+  # Password is specified as a BCrypt hash. Use htpasswd -B to generate.
+  "admin":
+    password: "$2y$05$QH.x7wSgRwX/T9LVKwr41e0djC2/2V5uNWPVaIbdssGInvzg.bd8S"
+  "": {}  # Allow anonymous (no "docker login") access.
+
+acl:
+  # Admin has full access to everything.
+  - match: {account: "admin"}
+    actions: ["*"]
+  # User "test" has full access to ubuntu image but nothing else.
+  #  - match: {account: "hussien", name: "ubuntu"}
+  #   actions: ["*"]
+  #  - match: {account: "test"}
+  #  actions: []
+  # All logged in users can pull all images.
+  #- match: {account: "/.+/"}
+  #  actions: ["pull"]
+  # Anonymous users can pull "hello-world".
+  # ### can pull anything by kennylee ### 
+  - match: {account: ""} 
+    actions: ["pull"]
+  # Access is denied by default.
+

registry/auth_server/ssl/server.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2hWVLsYizQz4Q
+enhGAJJZfNbtrLdkfmXmi/+jWpmFDH667sgMkraOcg26laHx7HuzYMUYH5pJ75Xd
+zI0angIXpZAAzePaZ+NgdJksaJqExK4S7YzAxq8Uy8FiSQzaosrdPOAFpLV5dBh4
+3ldO94VSoGJoYLqoacjcsCCQWpj5kS7U/pSHFeNjnpTwoHWm6cDbQYk8fjAJ5ApH
+lqvRh2paaCciD0SL6us5mE7JL763KBaoKb8eJDfHLnj1MGj3lbVVO8PY1W3aWCWB
+MSAUOfVrJ+u6Is8bLUZJOaEAY2TkiozngTZoKKRXdjmh0M72EQyYnlunSgRKWZPt
+4oV13BUrAgMBAAECggEAQ59upTm0dP4vy3kkgIMLtd3733kDRVdTN7Sc1Q/nGxVD
+Cs0XDxl4S5RUI9H2eyRrvEzZGRP0XPpIIzH7AWaTTeGIVdPyXGPrKTxp17s1rIUW
+HWsnn/C8w06ualS4T3TLBmbcdRrOJZ5uxrFR1a79FVzYuOVFosn2olUa64C1dpjE
+fHzpvM03Ixd0t/dUC10ZLxejQAXKjTlg+qvtCv39jWD1RaKK5147S2Vp3Vime1kX
+1SgmYw9Pf3yBlRs4atum15tdEAYkabLThek2doD7tlIRoqDUpoQP7aWrTQlJSgsp
+QwZCjyarL+7CkO00Rwh5a30410rHDaaZo7toUD8SMQKBgQDZrWUyPGPKWDK5dzj/
+p3cVvf4X9QL6sbx6oFroJRxWuhCDmhiZu9y/P6aOoiEePL5d5HbufzatOzOg4rnN
+RX1o0lmfChqVDFCejN3e7AsL7eKHv0HZejC6Exwy2IpYfA7p2vl/nhyP/28vgf/7
+q/ufGpM7X1m1Iha1k7IwBlZFWQKBgQDWp4bDImEAAFAkJOu5vcXOdrbK047gP/Vk
+8+I5SLXthOyxKEEN9k4DuesdvJt5wMBVGMLrUxf7ejbodds6KNT7yiSRz1FxEluF
+ztYXi7z6zwPVT/J1UyC6NDivYQ9KODYZ4+Qb0hQm6ig5b13kOtc/4fyH4kOOCwdL
+2chK8DAqIwKBgQCTC/+AoCsJVetuPovSqF5Z4a70oB8TG14nuIuwpuEt9SOSw1Y7
+BB1rVKQ/Vmbo9j/jTaLKGkXlYEjQNlktwfOmC/Ne7IRoi5kqgh6fqPUNafXNnfXt
+5A1mpeI2tvE+NRAeCj7hZv4EiJmjjj5O1S91m446XX9MTWrp3oxQxPcigQKBgQCz
+Zh4ONkxliN1x592PRhjs/nC1QW0W5L1+GwqGH8vU8BQ119PPDHyVRqxHFRvH/R2B
+wYkezjqr9a+wRtfrWrbunTpFFsUVQGd3hK+PzD0sTRoCDKgyAEDI/t4lTXRO7n3g
+04MQ8VngUDFAF2CcX8UIYiIBm0wkifkWHrT0VJuciwKBgB6XoXReqqWSIaSPZlVL
+mFd+HkcUB0F8rBEw/teDxGKA2XL4yPzDh8u0ua8hbBV4ucI/zafybdSRDxoJZnom
+C9Z+aecl06t4LHkp6cgzK4r/ivkeSWEMhc45GcMsMRA1RH2BOeFmdlmf5UNe9zhe
+umF9gR3xzh4yu+Er1s8a50uQ
+-----END PRIVATE KEY-----

registry/auth_server/ssl/server.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDeTCCAmGgAwIBAgIJAPSq8SDjtexYMA0GCSqGSIb3DQEBCwUAMFMxCzAJBgNV
+BAYTAkNOMRAwDgYDVQQIDAdCZWlKaW5nMRIwEAYDVQQHDAlEb25nY2hlbmcxHjAc
+BgNVBAMMFWRvY2tlci50aW1la2V5LmNvbS5jbjAeFw0xNTExMjAwMzQyMDJaFw0y
+NTExMTcwMzQyMDJaMFMxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdCZWlKaW5nMRIw
+EAYDVQQHDAlEb25nY2hlbmcxHjAcBgNVBAMMFWRvY2tlci50aW1la2V5LmNvbS5j
+bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALaFZUuxiLNDPhB6eEYA
+kll81u2st2R+ZeaL/6NamYUMfrruyAySto5yDbqVofHse7NgxRgfmknvld3MjRqe
+AhelkADN49pn42B0mSxomoTErhLtjMDGrxTLwWJJDNqiyt084AWktXl0GHjeV073
+hVKgYmhguqhpyNywIJBamPmRLtT+lIcV42OelPCgdabpwNtBiTx+MAnkCkeWq9GH
+alpoJyIPRIvq6zmYTskvvrcoFqgpvx4kN8cuePUwaPeVtVU7w9jVbdpYJYExIBQ5
+9Wsn67oizxstRkk5oQBjZOSKjOeBNmgopFd2OaHQzvYRDJieW6dKBEpZk+3ihXXc
+FSsCAwEAAaNQME4wHQYDVR0OBBYEFDfijLCRoCjcN03D3Gv5SBcadQAxMB8GA1Ud
+IwQYMBaAFDfijLCRoCjcN03D3Gv5SBcadQAxMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBADyUk0nZNpRQNVS9W41vqtim6qeGGbYUnHtU806yBHV91eun
+FvZQH415glXI3RhA/LCzEpmm54B5LMm55UKsRZ1QroqlDIgzFfES7XbQx5cJamqk
+Vz5oJF+IMoQNWe0PNVtwgruuvkX9C/1buBV+WzLz/rGljFgeeN8j3TUFpMeEAga7
+TBVW86m7EtvA193auh/cos8zVPqiZdURFgo8DCMWwHoGPPwD6RWjUUQCDf6/edD6
+jVx5a+rhuFqBDBcsLyd3QnzDJQagccG0sFxnH+RJkAa1m6MFUDz/mrhJ3a1ttSIL
+pIMy68lIMnU+FbXFhUhgmfrtUDX1XS3OEVojKW8=
+-----END CERTIFICATE-----

registry/docker-compose.yml

@@ -0,0 +1,29 @@
+docker_auth:
+  image: cesanta/docker_auth
+  container_name: 'docker_auth'
+  ports:
+    - "5001:5001"
+  volumes:
+    - /home/tkadmin/kennylee/compose/registry/auth_server/config:/config:ro
+    - /var/log/docker_auth:/logs
+    - /home/tkadmin/kennylee/compose/registry/auth_server/ssl:/ssl
+  command: /config/auth_config.yml
+  restart: always
+
+timekey_registry:
+    image: index.alauda.cn/kenny/docker-registry-v2-1-1
+    container_name: 'timekey_registry'
+    ports:
+        - 5000:5000
+    volumes:
+        - /home/tkadmin/kennylee/compose/registry/auth_server/ssl:/ssl
+        - /opt/data/registry2:/var/lib/registry
+    restart: always
+    environment:
+        - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry
+        - REGISTRY_AUTH=token
+        - REGISTRY_AUTH_TOKEN_REALM=https://192.168.1.96:5001/auth
+        - REGISTRY_AUTH_TOKEN_SERVICE="Docker registry"
+        - REGISTRY_AUTH_TOKEN_ISSUER="Auth Service"
+        - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/ssl/server.pem
+