https://github.com/tg123/docker-wicket

Docker registry auth/index server for both v1 and v2
https://github.com/tg123/docker-wicket

Last synced: 6 months ago
JSON representation

Docker registry auth/index server for both v1 and v2

• Host: GitHub
• URL: https://github.com/tg123/docker-wicket
• Owner: tg123
• License: apache-2.0
• Created: 2015-06-12T15:02:45.000Z (over 10 years ago)
• Default Branch: master
• Last Pushed: 2015-09-23T13:05:07.000Z (about 10 years ago)
• Last Synced: 2025-03-28T07:11:31.719Z (6 months ago)
• Language: Go
• Homepage:
• Size: 160 KB
• Stars: 10
• Watchers: 2
• Forks: 5
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Docker Wicket

Docker registry auth/index server for both v1 and v2.

This project is based on the work of [docker index](https://github.com/ekristen/docker-index) and [docker auth](https://github.com/cesanta/docker_auth).

## Features

  * One authentication service for both v1 and v2 registry

  * Pluggable ACL system

# Quick Start

```

go get github.com/tg123/docker-wicket.git

cd $GOPATH/src/github.com/tg123/docker-wicket/example/all-in-one/

docker-compose up

```

After started, you will get a all-in-one (v1 + v2 + auth) server at `127.0.0.1:5000`

```

docker login 127.0.0.1:5000

docker tag  127.0.0.1:5000/test

docker push 127.0.0.1:5000/test # pre 1.6 => v1  1.6+ => v2

```

## insecure registry error

please add `--insecure-registry 127.0.0.1:5000` to your docker daemon opt.

more: 

# Configuration

## args

```

$ ./docker-wicket -h

Usage of ./docker-wicket:

  --acl_driver=             ACL Driver for Docker Wicket

  --cert=                   Token certificate file path, MUST be in the bundle of registy2

  --expiration=600          how long the token can be treated as valid. (sec)

  --issuer=docker-wicket    Issuer of the token, MUST be same as what in registy2

  --key=                    Key file path to token certificate

  -l, --addr=0.0.0.0        Listening Address

  -p, --port=9999           Listening Port

  --service=registry        Service of the token

  --v1_endpoint=            Endpoint of registry1

  --v1_index_driver=        Index driver of registry1

  --v1_index_file_path=     Path to v1 repo

```

## env

all args can also be set via env.

say, `acl_driver`, can be set via `WICKET_ACL_DRIVER=derelict`

# ACL Drivers

[GoDoc](https://godoc.org/github.com/tg123/docker-wicket/acl)

You can implement your own acl driver and register it with `docker-wicket`. 

For example, adapting to your company's acl system or a MySQL backend.

More drivers, like `ldap`, are on the way. 

PRs are welcomed.

## Built-in Drivers

  * derelict

  

    This driver does nothing but ALLOW any user to access. just for testing purpose.

  

  * interdict

  

    This driver does nothing but DENY any user to access. just for testing purpose.

  * htpasswd

  

    This driver read an [htpasswd](https://en.wikipedia.org/wiki/.htpasswd) file for user authentication. user can only access their own namespaces. For example, user1 can pull from and push to `/user1/*`, but others cannot.

    

    * Specify htpasswd file path

    `--acl_htpasswd_file=/path/to/htpasswd` or `WICKET_ACL_HTPASSWD_FILE=/path/to/htpasswd`

    

    * Auto reload

    Driver will automaticity reload changed `htpasswd` file. No restart is required.

    

# Index Drivers (v1 only)

## Built-in Drivers

  * mem

  

    store index in memory, would lost after restart. just for testing purpose.

  

  * v1file

  

    Go version of .

    store index in json format and is compatible with `docker-registry`'s file storage.