2 registries, same backend storage (Advices/Opinions)

Hello,

I can not use a registry with basic authentication for pull image but I have to secure the registry for push.
I have not yet found a solution with registry V2.

My solution is to create two registries locally with same backend storage and two different addresses :

  • 1 registry read-only mode, no authentication → for pull image
  • 1 registry RW mode, basic authentication → for push image

About the backend storage, I use the “filesystem” storage driver.

About my configuration :
REGISTRY RO mode :

docker run -d
-p 5001:5000
–restart=always
–name registry-ro
-v pwd/certs:/certs:ro
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key
-e REGISTRY_HTTP_HOST=registry-ro.dock.com
-e REGISTRY_HTTP_SECRET=AAAAAAAA
-v /registry/TEST_RO_RW/:/var/lib/registry:ro
registry:2

REGISTRY RW mode :

docker run -d
-p 5002:5000
–restart=always
–name registry-rw
-v pwd/auth:/auth:ro
-e “REGISTRY_AUTH=htpasswd”
-e “REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm”
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
-v pwd/certs:/certs:ro
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key
-e REGISTRY_HTTP_HOST=registry-rw.dock.com
-e REGISTRY_HTTP_SECRET=BBBBBBBB
-v /registry/TEST_RO_RW/:/var/lib/registry
registry:2

Do you think this method can cause problems ? Conflict between the 2 registry ?
Would I have to use specific options about the cache or other ?
Would I have to use the same value for “REGISTRY_HTTP_SECRET” option ?

Thansk,
Best regards

Hello,

Please, do you have any advice?
Do you think this method can cause problems ? Conflict between the 2 registries or another ?
Do I have to use a specific option ?

Thansk,
Best regards

Hello,

Nobody ?
Please, do you have any advice ?

Thanks !