docker-registry-web icon indicating copy to clipboard operation
docker-registry-web copied to clipboard
verified publisher icon mkuchin

How to configure access when registry configured with another token auth server

Open vpusher opened this issue 9 years ago • 2 comments

I have a Docker Registry behind a Gitlab token authentication system. How can I configure docker-registry-web to login via the Gitlab token auth in order to access registry data ?

vpusher avatar Sep 06 '16 08:09 vpusher

Yes it would be create if this web project could be a token client.

The only workaround I have is to supply a static long lived token injected by nginx... 😩

server {
    server_name localhost;
    listen 5080;
    # Readonly Registry API for the web
    location /readonlyhack/v2/ {
      proxy_pass                          http://docker-registry;
      proxy_set_header  Authorization     "Bearer eyJ0eXAiOiJKV1QiLCJhbGc...";

registry:
  url: http://nginx:5080/v2 # readonly registry
  name: localhost
  readonly: true
  auth:
    enabled: false

I bumped the token expiry by a few decades and it almost works, but on top of registry catalog access you need to specify each repository name as a scope because it needs pull access! A wildcard did not work.

/auth?service=Docker registry&scope=registry:catalog:*&scope=repository:docker_auth:pull&scope=repository:docker-registry-web:pull

kcd83 avatar Mar 02 '17 03:03 kcd83

+1 for this, I also have my own token authentication server and would love to use docker-registry-web with my registry but cannot since docker-registry-web cannot access the catalog.

Zirk40 avatar May 15 '17 21:05 Zirk40