diff --git a/registry/auth_server/config/auth_config.yml b/registry/auth_server/config/auth_config.yml new file mode 100755 index 0000000..3b1b16d --- /dev/null +++ b/registry/auth_server/config/auth_config.yml @@ -0,0 +1,37 @@ +server: # Server settings. + # Address to listen on. + addr: ":5001" + # TLS certificate and key. + certificate: "/ssl/server.pem" + key: "/ssl/server.key" + +token: # Settings for the tokens. + issuer: "Auth Service" # Must match issuer in the Registry config. + expiration: 900 + + +# Static user map. +users: + # Password is specified as a BCrypt hash. Use htpasswd -B to generate. + "admin": + password: "$2y$05$QH.x7wSgRwX/T9LVKwr41e0djC2/2V5uNWPVaIbdssGInvzg.bd8S" + "": {} # Allow anonymous (no "docker login") access. + +acl: + # Admin has full access to everything. + - match: {account: "admin"} + actions: ["*"] + # User "test" has full access to ubuntu image but nothing else. + # - match: {account: "hussien", name: "ubuntu"} + # actions: ["*"] + # - match: {account: "test"} + # actions: [] + # All logged in users can pull all images. + #- match: {account: "/.+/"} + # actions: ["pull"] + # Anonymous users can pull "hello-world". + # ### can pull anything by kennylee ### + - match: {account: ""} + actions: ["pull"] + # Access is denied by default. + diff --git a/registry/auth_server/ssl/server.key b/registry/auth_server/ssl/server.key new file mode 100755 index 0000000..7409f2d --- /dev/null +++ b/registry/auth_server/ssl/server.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2hWVLsYizQz4Q +enhGAJJZfNbtrLdkfmXmi/+jWpmFDH667sgMkraOcg26laHx7HuzYMUYH5pJ75Xd +zI0angIXpZAAzePaZ+NgdJksaJqExK4S7YzAxq8Uy8FiSQzaosrdPOAFpLV5dBh4 +3ldO94VSoGJoYLqoacjcsCCQWpj5kS7U/pSHFeNjnpTwoHWm6cDbQYk8fjAJ5ApH +lqvRh2paaCciD0SL6us5mE7JL763KBaoKb8eJDfHLnj1MGj3lbVVO8PY1W3aWCWB +MSAUOfVrJ+u6Is8bLUZJOaEAY2TkiozngTZoKKRXdjmh0M72EQyYnlunSgRKWZPt +4oV13BUrAgMBAAECggEAQ59upTm0dP4vy3kkgIMLtd3733kDRVdTN7Sc1Q/nGxVD +Cs0XDxl4S5RUI9H2eyRrvEzZGRP0XPpIIzH7AWaTTeGIVdPyXGPrKTxp17s1rIUW +HWsnn/C8w06ualS4T3TLBmbcdRrOJZ5uxrFR1a79FVzYuOVFosn2olUa64C1dpjE +fHzpvM03Ixd0t/dUC10ZLxejQAXKjTlg+qvtCv39jWD1RaKK5147S2Vp3Vime1kX +1SgmYw9Pf3yBlRs4atum15tdEAYkabLThek2doD7tlIRoqDUpoQP7aWrTQlJSgsp +QwZCjyarL+7CkO00Rwh5a30410rHDaaZo7toUD8SMQKBgQDZrWUyPGPKWDK5dzj/ +p3cVvf4X9QL6sbx6oFroJRxWuhCDmhiZu9y/P6aOoiEePL5d5HbufzatOzOg4rnN +RX1o0lmfChqVDFCejN3e7AsL7eKHv0HZejC6Exwy2IpYfA7p2vl/nhyP/28vgf/7 +q/ufGpM7X1m1Iha1k7IwBlZFWQKBgQDWp4bDImEAAFAkJOu5vcXOdrbK047gP/Vk +8+I5SLXthOyxKEEN9k4DuesdvJt5wMBVGMLrUxf7ejbodds6KNT7yiSRz1FxEluF +ztYXi7z6zwPVT/J1UyC6NDivYQ9KODYZ4+Qb0hQm6ig5b13kOtc/4fyH4kOOCwdL +2chK8DAqIwKBgQCTC/+AoCsJVetuPovSqF5Z4a70oB8TG14nuIuwpuEt9SOSw1Y7 +BB1rVKQ/Vmbo9j/jTaLKGkXlYEjQNlktwfOmC/Ne7IRoi5kqgh6fqPUNafXNnfXt +5A1mpeI2tvE+NRAeCj7hZv4EiJmjjj5O1S91m446XX9MTWrp3oxQxPcigQKBgQCz +Zh4ONkxliN1x592PRhjs/nC1QW0W5L1+GwqGH8vU8BQ119PPDHyVRqxHFRvH/R2B +wYkezjqr9a+wRtfrWrbunTpFFsUVQGd3hK+PzD0sTRoCDKgyAEDI/t4lTXRO7n3g +04MQ8VngUDFAF2CcX8UIYiIBm0wkifkWHrT0VJuciwKBgB6XoXReqqWSIaSPZlVL +mFd+HkcUB0F8rBEw/teDxGKA2XL4yPzDh8u0ua8hbBV4ucI/zafybdSRDxoJZnom +C9Z+aecl06t4LHkp6cgzK4r/ivkeSWEMhc45GcMsMRA1RH2BOeFmdlmf5UNe9zhe +umF9gR3xzh4yu+Er1s8a50uQ +-----END PRIVATE KEY----- diff --git a/registry/auth_server/ssl/server.pem b/registry/auth_server/ssl/server.pem new file mode 100755 index 0000000..dd4971d --- /dev/null +++ b/registry/auth_server/ssl/server.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDeTCCAmGgAwIBAgIJAPSq8SDjtexYMA0GCSqGSIb3DQEBCwUAMFMxCzAJBgNV +BAYTAkNOMRAwDgYDVQQIDAdCZWlKaW5nMRIwEAYDVQQHDAlEb25nY2hlbmcxHjAc +BgNVBAMMFWRvY2tlci50aW1la2V5LmNvbS5jbjAeFw0xNTExMjAwMzQyMDJaFw0y +NTExMTcwMzQyMDJaMFMxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdCZWlKaW5nMRIw +EAYDVQQHDAlEb25nY2hlbmcxHjAcBgNVBAMMFWRvY2tlci50aW1la2V5LmNvbS5j +bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALaFZUuxiLNDPhB6eEYA +kll81u2st2R+ZeaL/6NamYUMfrruyAySto5yDbqVofHse7NgxRgfmknvld3MjRqe +AhelkADN49pn42B0mSxomoTErhLtjMDGrxTLwWJJDNqiyt084AWktXl0GHjeV073 +hVKgYmhguqhpyNywIJBamPmRLtT+lIcV42OelPCgdabpwNtBiTx+MAnkCkeWq9GH +alpoJyIPRIvq6zmYTskvvrcoFqgpvx4kN8cuePUwaPeVtVU7w9jVbdpYJYExIBQ5 +9Wsn67oizxstRkk5oQBjZOSKjOeBNmgopFd2OaHQzvYRDJieW6dKBEpZk+3ihXXc +FSsCAwEAAaNQME4wHQYDVR0OBBYEFDfijLCRoCjcN03D3Gv5SBcadQAxMB8GA1Ud +IwQYMBaAFDfijLCRoCjcN03D3Gv5SBcadQAxMAwGA1UdEwQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBADyUk0nZNpRQNVS9W41vqtim6qeGGbYUnHtU806yBHV91eun +FvZQH415glXI3RhA/LCzEpmm54B5LMm55UKsRZ1QroqlDIgzFfES7XbQx5cJamqk +Vz5oJF+IMoQNWe0PNVtwgruuvkX9C/1buBV+WzLz/rGljFgeeN8j3TUFpMeEAga7 +TBVW86m7EtvA193auh/cos8zVPqiZdURFgo8DCMWwHoGPPwD6RWjUUQCDf6/edD6 +jVx5a+rhuFqBDBcsLyd3QnzDJQagccG0sFxnH+RJkAa1m6MFUDz/mrhJ3a1ttSIL +pIMy68lIMnU+FbXFhUhgmfrtUDX1XS3OEVojKW8= +-----END CERTIFICATE----- diff --git a/registry/docker-compose.yml b/registry/docker-compose.yml new file mode 100644 index 0000000..945cf7b --- /dev/null +++ b/registry/docker-compose.yml @@ -0,0 +1,29 @@ +docker_auth: + image: cesanta/docker_auth + container_name: 'docker_auth' + ports: + - "5001:5001" + volumes: + - /home/tkadmin/kennylee/compose/registry/auth_server/config:/config:ro + - /var/log/docker_auth:/logs + - /home/tkadmin/kennylee/compose/registry/auth_server/ssl:/ssl + command: /config/auth_config.yml + restart: always + +timekey_registry: + image: index.alauda.cn/kenny/docker-registry-v2-1-1 + container_name: 'timekey_registry' + ports: + - 5000:5000 + volumes: + - /home/tkadmin/kennylee/compose/registry/auth_server/ssl:/ssl + - /opt/data/registry2:/var/lib/registry + restart: always + environment: + - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry + - REGISTRY_AUTH=token + - REGISTRY_AUTH_TOKEN_REALM=https://192.168.1.96:5001/auth + - REGISTRY_AUTH_TOKEN_SERVICE="Docker registry" + - REGISTRY_AUTH_TOKEN_ISSUER="Auth Service" + - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/ssl/server.pem +