docker-registry-ui icon indicating copy to clipboard operation
docker-registry-ui copied to clipboard
verified publisher icon Joxit

need a login authentication system also with ui that connected with backend registry, as in docker hub

Open arunk-tx opened this issue 3 years ago • 3 comments

need a login authentication system also with ui that connected with backend registry, as in docker hub, so that to track more info on the user that pushed the image,

only logged in user should push image-> docker login {ip} ... where its hosted user can register with email id to create account for login purpose

arunk-tx avatar Oct 07 '22 05:10 arunk-tx

You could use some oauth-proxy sidecar, or whatever reverse proxy you would like with whatever auth mechanism suits you. oidc, saml, lemonldap-ng, okta, specific endpoints, custom certificates, ... handling just all use cases is quite a vast topic. Maybe out of scope here (?)

faust64 avatar Oct 07 '22 17:10 faust64

Hi @arunk-tx and thank you for using my project :smile:

I agree with @faust64 my project, this is out of the scope of the project. I created this project in order to have a simple UI to manage my docker registry servers. An interface that requires nothing more than the docker registry server.

But, if you need to connect a base of users (from LDAP or whatever), since 2.0.0 I do support Docker Token Authentication Specification which is supported by Keycloak (see https://github.com/Joxit/docker-registry-ui/pull/167)

As an option you can also, as @faust64 says, use some great projects such as oauth2-proxy in front of your UI and registry.

Now, if you really want something more powerful with insights and stats from your users, this requires a new project that I could start only by having monthly sponsors that cover the time spent on the project.

Note, the description of the project:

The simplest and most complete UI for your private registry

Joxit avatar Oct 07 '22 22:10 Joxit

Hi @arunk-tx, @Joxit

I have created a token mapper plugin for keycloak 21+ that works on the docker v2 protocol in Keycloak (OIDC provider). You can setup groups and roles for users which the mapper checks against the registry scope. I use it in combination with docker-registry-ui and group my users into admin, editor and user. I can also let my users access the catalog scope, so they can browse my registry with docker-registry-ui but are only allowed to check details if they belong to the repository (e.g. registry.com/mycompany/alpine:2.1-custom) by being assigned to a group called registry-mycompany

Check this out if it suits your needs: https://github.com/alexanderwolz/keycloak-docker-group-role-mapper

alexanderwolz avatar May 18 '23 06:05 alexanderwolz