Docker registry auth/index server for both v1 and v2.
- One authentication service for both v1 and v2 registry
- Pluggable ACL system
go get github.com/tg123/docker-wicket.git cd $GOPATH/src/github.com/tg123/docker-wicket/example/all-in-one/ docker-compose up
After started, you will get a all-in-one (v1 + v2 + auth) server at
docker login 127.0.0.1:5000 <any name and password are accepted> docker tag <YOUR IMAGE> 127.0.0.1:5000/test docker push 127.0.0.1:5000/test # pre 1.6 => v1 1.6+ => v2
insecure registry error
--insecure-registry 127.0.0.1:5000 to your docker daemon opt.
$ ./docker-wicket -h Usage of ./docker-wicket: --acl_driver= ACL Driver for Docker Wicket --cert= Token certificate file path, MUST be in the bundle of registy2 --expiration=600 how long the token can be treated as valid. (sec) --issuer=docker-wicket Issuer of the token, MUST be same as what in registy2 --key= Key file path to token certificate -l, --addr=0.0.0.0 Listening Address -p, --port=9999 Listening Port --service=registry Service of the token --v1_endpoint= Endpoint of registry1 --v1_index_driver= Index driver of registry1 --v1_index_file_path= Path to v1 repo
all args can also be set via env.
acl_driver, can be set via
You can implement your own acl driver and register it with
For example, adapting to your company's acl system or a MySQL backend.
More drivers, like
ldap, are on the way.
PRs are welcomed.
This driver does nothing but ALLOW any user to access. just for testing purpose.
This driver does nothing but DENY any user to access. just for testing purpose.
This driver read an htpasswd file for user authentication. user can only access their own namespaces. For example, user1 can pull from and push to
/user1/*, but others cannot.
Specify htpasswd file path
Driver will automaticity reload changed
htpasswdfile. No restart is required.
Index Drivers (v1 only)
store index in memory, would lost after restart. just for testing purpose.
Go version of https://github.com/docker/docker-registry/blob/0.9.1/docker_registry/index.py.
store index in json format and is compatible with
docker-registry's file storage.