Creating a Registry and TLS-encrypt with Traefik (Let’s Encrypt) and use Native Basic Auth
Authentication
We are configured with Traefik as a proxy with TLS so we can use Native basic auth
Perhaps it would be possible to use Traefik to work as an Authentication Proxy, but alas I have a good authentication solution that give me nothing. For the time being… Let’s keep things simple shall we?
Native basic auth
Create a htpasswd secret. Run ./create-secret-htpasswd.sh
#!/bin/bash
echo "**** Private Docker Registry ****"
echo "User" && read user
echo "Password" && read -s pw
docker run --entrypoint htpasswd registry:2.6 -Bbn ${user} ${pw} \
| docker secret create registry_htpasswd -
Factoid: You can not update them as secrets are immutable by design. It has benefits when doing rollbacks.
Deploy
docker stack deploy -c compose-registry.yml hub
# docker stack deploy -c compose-registry.yml hub
version: '3.5'
services:
registry:
image: registry:2.6
volumes:
- ~/volume/registry_data:/var/lib/registry
networks:
- traefik-ingress
secrets:
- registry_htpasswd
environment:
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
REGISTRY_AUTH_HTPASSWD_PATH: /run/secrets/registry_htpasswd
deploy:
replicas: 1
labels:
- "traefik.port=5000"
- "traefik.frontend.rule=Host:hub.hammar.org"
- "traefik.enable=true"
networks:
traefik-ingress:
external: true
secrets:
registry_htpasswd:
external: true