Public | Automated Build

Last pushed: 3 years ago
Short Description
Short description is empty for this repo.
Full Description

Docker Wicket

Docker registry auth/index server for both v1 and v2.

This project is based on the work of docker index and docker auth.


  • One authentication service for both v1 and v2 registry
  • Pluggable ACL system

Quick Start

go get
cd $GOPATH/src/

docker-compose up

After started, you will get a all-in-one (v1 + v2 + auth) server at

docker login
<any name and password are accepted>

docker tag <YOUR IMAGE>

docker push # pre 1.6 => v1  1.6+ => v2

insecure registry error

please add --insecure-registry to your docker daemon opt.




$ ./docker-wicket -h
Usage of ./docker-wicket:

  --acl_driver=             ACL Driver for Docker Wicket
  --cert=                   Token certificate file path, MUST be in the bundle of registy2
  --expiration=600          how long the token can be treated as valid. (sec)
  --issuer=docker-wicket    Issuer of the token, MUST be same as what in registy2
  --key=                    Key file path to token certificate
  -l, --addr=        Listening Address
  -p, --port=9999           Listening Port
  --service=registry        Service of the token
  --v1_endpoint=            Endpoint of registry1
  --v1_index_driver=        Index driver of registry1
  --v1_index_file_path=     Path to v1 repo


all args can also be set via env.

say, acl_driver, can be set via WICKET_ACL_DRIVER=derelict

ACL Drivers


You can implement your own acl driver and register it with docker-wicket.
For example, adapting to your company's acl system or a MySQL backend.

More drivers, like ldap, are on the way.
PRs are welcomed.

Built-in Drivers

  • derelict

    This driver does nothing but ALLOW any user to access. just for testing purpose.

  • interdict

    This driver does nothing but DENY any user to access. just for testing purpose.

  • htpasswd

    This driver read an htpasswd file for user authentication. user can only access their own namespaces. For example, user1 can pull from and push to /user1/*, but others cannot.

    • Specify htpasswd file path
      --acl_htpasswd_file=/path/to/htpasswd or WICKET_ACL_HTPASSWD_FILE=/path/to/htpasswd

    • Auto reload
      Driver will automaticity reload changed htpasswd file. No restart is required.

Index Drivers (v1 only)

Built-in Drivers

Docker Pull Command
Source Repository