Hello,
I can not use a registry with basic authentication for pull image but I have to secure the registry for push.
I have not yet found a solution with registry V2.
My solution is to create two registries locally with same backend storage and two different addresses :
- 1 registry read-only mode, no authentication → for pull image
- 1 registry RW mode, basic authentication → for push image
About the backend storage, I use the “filesystem” storage driver.
About my configuration :
REGISTRY RO mode :
docker run -d
-p 5001:5000
–restart=always
–name registry-ro
-vpwd
/certs:/certs:ro
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key
-e REGISTRY_HTTP_HOST=registry-ro.dock.com
-e REGISTRY_HTTP_SECRET=AAAAAAAA
-v /registry/TEST_RO_RW/:/var/lib/registry:ro
registry:2
REGISTRY RW mode :
docker run -d
-p 5002:5000
–restart=always
–name registry-rw
-vpwd
/auth:/auth:ro
-e “REGISTRY_AUTH=htpasswd”
-e “REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm”
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
-vpwd
/certs:/certs:ro
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key
-e REGISTRY_HTTP_HOST=registry-rw.dock.com
-e REGISTRY_HTTP_SECRET=BBBBBBBB
-v /registry/TEST_RO_RW/:/var/lib/registry
registry:2
Do you think this method can cause problems ? Conflict between the 2 registry ?
Would I have to use specific options about the cache or other ?
Would I have to use the same value for “REGISTRY_HTTP_SECRET” option ?
Thansk,
Best regards