SlideShare una empresa de Scribd logo

Docker Registry + Basic Auth

R
Remotty

Docker Registry + Basic Auth 10월 15일 Docker Korea Casual Talk #1 안수찬 님 발표자료

Tecnología
1 de 63
Descargar para leer sin conexión
Docker Registry + Basic Auth @dobestan
빌드빌드
개꿀
미래창조과학부 대략 3000만원 지원금
개꿀
화려한시작
최소한 [Deis] 정도는 만들겠지...
[Mesosphere] 를 만들어볼까?
잘하면 [Kubernetes] 정도는 만들어야지...
현재
흐긓그느ㅡㅎ그흑느흐그흐느흐ㅡㄲ느흐느ㅡㅎㄱ
제발 빌드만이라도 가능하길 ...
빌드빌드 제발 빌드만이라도 되길 ...
Docker Registry + Basic Auth @dobestan
Docker Registry Docker Registry is Private Docker Repository
로컬
docker pull registry $ docker pull registry Pulling repository registry e42d15ec8417: Download complete 3511136a3c5a: Download complete ... CMD Result
docker run registry $ docker run -­‐-­‐name local-­‐registry -­‐d -­‐p 5000:5000 registry d530e2564a47a8d5d42a6e2aa65dc9ab6975e5ff48d5602bfb9f6c524 CMD Result
$ docker ps docker ps IMAGE PORTS NAMES registry:0.8.1 0.0.0.0:5000-­‐>5000/tcp local-­‐registry CMD Result
curl localhost:5000 $ curl localhost:5000 -­‐i HTTP/1.1 200 OK Server: gunicorn/18.0 Content-­‐Type: application/json X-­‐Docker-­‐Registry-­‐Version: 0.8.1 X-­‐Docker-­‐Registry-­‐Config: dev ! "docker-­‐registry server (dev) (v0.8.1)" CMD Result
hello world FROM busybox MAINTAINER dobestan <dobestan@gmail.com> CMD /bin/echo "hello world" Dockerfile
docker build $ docker build -­‐t dobestan/hello_world . Sending build context to Docker daemon 2.56 kB Sending build context to Docker daemon Step 0 : FROM busybox -­‐-­‐-­‐> a9eb17255234 Step 1 : MAINTAINER dobestan <dobestan@gmail.com> -­‐-­‐-­‐> Running in 28d0d8946c86 -­‐-­‐-­‐> 1ca10bda6835 Removing intermediate container 28d0d8946c86 Step 2 : CMD /bin/echo "hello world" -­‐-­‐-­‐> Running in 1d1c96781eae -­‐-­‐-­‐> 82bdf77324c2 Removing intermediate container 1d1c96781eae Successfully built 82bdf77324c2 CMD Result
docker run $ docker run dobestan/hello_world hello world CMD Result
docker push $ docker push localhost:5000/hello_world Result The push refers to a repository [localhost:5000/hello_world] Sending image list Pushing repository localhost:5000/hello_world (1 tags) 511136ea3c5a: Image successfully pushed 42eed7f1bf2a: Image successfully pushed 120e218dd395: Image successfully pushed a9eb17255234: Image successfully pushed 1ca10bda6835: Image successfully pushed 82bdf77324c2: Image successfully pushed Pushing tag for rev [82bdf77324c2] on {http://localhost:5000/v1/ repositories/hello_world/tags/latest} CMD
curl $ curl http://localhost:5000/v1/repositories/hello_world/tags/ "82bdf77324c2f24758372d4bc36c72be41718d10503495139968" CMD Result
docker run $ docker run localhost:5000/hello_world Unable to find image 'localhost:5000/hello_world' locally Pulling repository localhost:5000/hello_world 82bdf77324c2: Download complete 511136ea3c5a: Download complete 42eed7f1bf2a: Download complete 120e218dd395: Download complete a9eb17255234: Download complete 1ca10bda6835: Download complete hello world CMD Result
로컬끝
AWSEC2 + S3
로컬과 거의 동일함
거의 같으니 빠르게 ...
CloudInit * cloud-­‐init is the Ubuntu package that handles early initialization of a cloud instance.
S3 Bucket
docker pull registry $ docker pull registry Pulling repository registry e42d15ec8417: Download complete 3511136a3c5a: Download complete ... CMD Result
docker run registry $ docker run -­‐-­‐name local-­‐registry -­‐d -­‐p 5000:5000 -­‐e SETTINGS_FLAVOR=s3 -­‐e AWS_BUCKET=dobestan-­‐docker-­‐registry -­‐e STORAGE_PATH=/registry -­‐e AWS_KEY=QWERASCBCRTUN46NHTA -­‐e AWS_SECRET=GXzD8MWdh6KdYaB2wWkJJ9PcUENK3a registry d530e2564a47a8d5d42a6e2aa65dc9ab6975e5ff48d5602bfb9f6c524 CMD Result
docker pull nginx $ docker pull nginx Pulling repository registry 61e8f94e1d65: Download complete 511136ea3c5a: Download complete ... CMD Result
http { ... server { listen 80; server_name registry.dobestan.com; location { proxy_pass http://docker-­‐registry:5000; } ... } ... } nginx.conf nginx.conf https://gist.github.com/dobestan/953b146f324f1a1e46fa
docker run nginx $ docker run -­‐-­‐name nginx-­‐registry -­‐d -­‐v ~/nginx.conf:/etc/nginx.conf # 설정 파일 -­‐-­‐link docker-­‐registry:docker-­‐registry # 컨테이너 링킹 -­‐p 80:80 nginx 1fa1eeaa48975680315d73b1499883bc416bdbba63adf4a94b913e377 CMD Result
docker push $ docker push registry.dobestan.com/hello_world CMD The push refers to a repository [registry.dobestan.com:5000/ Result hello_world] Sending image list Pushing repository registry.dobestan.com/hello_world (1 tags) 511136ea3c5a: Image successfully pushed 42eed7f1bf2a: Image successfully pushed 120e218dd395: Image successfully pushed a9eb17255234: Image successfully pushed 1ca10bda6835: Image successfully pushed 82bdf77324c2: Image successfully pushed Pushing tag for rev [82bdf77324c2] on {http://registry.dobestan.com/ v1/repositories/hello_world/tags/latest}
S3 Bucket
AWS끝 EC2 + S3
AUTH
HTTP + User Auth
htpasswd .htpasswd is a flat-­‐file used to store usernames and password for basic authentication on an Apache HTTP Server $ sudo apt-­‐get -­‐y install apache2-­‐utils CMD
htpasswd $ htpasswd -­‐c .htpasswd dobestan New password: Re-­‐type new password: Adding password for user dobestan CMD Result $ cat .htpasswd dobestan:$apr1$mtXLPDLn$YXdZDqy8Rrbtq39iieV2B0 CMD Result
... location / { proxy_pass http://docker-­‐registry:5000; proxy_set_header Host $host; proxy_read_timeout 900; ! auth_basic "Restricted"; auth_basic_user_file ~/.htpasswd; } ... nginx.conf nginx.conf https://gist.github.com/dobestan/953b146f324f1a1e46fa
docker push $ docker push 54.64.158.154/hello_world CMD Result The push refers to a repository [54.64.158.154/hello_world] Sending image list Pushing repository 54.64.158.154/hello_world (1 tags) 511136ea3c5a: Pushing 2014/09/20 23:36:39 HTTP code 401, Docker will not send auth headers over HTTP.
Docker will not send auth headers over HTTP.
HTTPS HTTP + User Auth
Self Signed Certi $ openssl genrsa -­‐out private_key.pem 2048 CMD 1. 개인키 생성하기
Self Signed Certi $ openssl req -­‐new -­‐key private_key.pem -­‐out server.csr Country Name (2 letter code) [AU]:KO State or Province Name (full name) [Some-­‐State]:Seoul Locality Name (eg, city) []:Seoul Organization Name (eg, company):Dreampic Organizational Unit Name (eg, section) []:Dev Common Name (e.g. server FQDN or YOUR name) []:54.64.158.154 Email Address []:dobestan@gmail.com CMD Result 2. CSR 생성하기
Self Signed Certi 3. $ openssl x509 -­‐req -­‐days 365 -­‐in server.csr -­‐signkey private_key.pem -­‐out server.crt CMD Result 인증서 발급하기 Signature ok subject=/C=KO/ST=Seoul/L=Seoul/O=Dreampic/OU=Dev/CN=54.64.158.154/ emailAddress=dobestan@gmail.com Getting Private key
Self Signed Certi 4. 인증서 설치하기 $ sudo cp server.crt /usr/share/ca-­‐certificates/ CMD $ echo "server.crt" | sudo tee -­‐a /etc/ca-­‐certificates.conf CMD $ sudo update-­‐ca-­‐certificates CMD Result ! Updating certificates in /etc/ssl/certs... 1 added, 0 removed; done. Running hooks in /etc/ca-­‐certificates/update.d....done.
docker login $ docker login 54.64.158.154 CMD Result Username: dobestan Password: Email: dobestan@gmail.com 2014/09/25 14:16:25 Error response from daemon: Invalid Registry endpoint: Get https://54.64.158.154/v1/_ping: x509: cannot validate certificate for 54.64.158.154 because it doesn't contain any IP SANs
Error response from daemon: Invalid Registry endpoint x509: cannot validate certificate for it doesn't contain any IP SANs
HTTPS HTTP + User Auth + Domain Name
/etc/hosts ... 127.0.0.1 localhost 54.64.158.154 registry.dobestan.com ... /etc/hosts
Self Signed Certi $ openssl req -­‐new -­‐key private_key.pem -­‐out server.csr Country Name (2 letter code) [AU]:KO State or Province Name (full name) [Some-­‐State]:Seoul Locality Name (eg, city) []:Seoul Organization Name (eg, company):Dreampic Organizational Unit Name (eg, section) []:Dev Common Name : registry.dobestan.com Email Address []:dobestan@gmail.com CMD Result 2. CSR 생성하기 : 도메인 이름으로
docker login $ docker login https://registry.ansuchan.com Username: dobestan Password: Email: dobestan@gmail.com Login Succeeded CMD Result
AUTH끝 진짜끝
결론 열심히 사설 인증서 만들고 가짜 도 메인도 추가하고 해서 무조건 인증을 받도록 하자.
결론 열심히 사설 인증서 만들고 도메인도 추가하고 해서 인증하자 공인 SSL인증서를 구매하거나... 접속 IP 제한을 걸던가 ... 더 편한 방법을 찾자
감사합니다

Recomendados

A new model for Docker image distribution
A new model for Docker image distributionA new model for Docker image distribution
A new model for Docker image distributionDocker, Inc.
 
Docker Hub: Past, Present and Future by Ken Cochrane & BC Wong
Docker Hub: Past, Present and Future by Ken Cochrane & BC WongDocker Hub: Past, Present and Future by Ken Cochrane & BC Wong
Docker Hub: Past, Present and Future by Ken Cochrane & BC WongDocker, Inc.
 
Oracle database on Docker Container
Oracle database on Docker ContainerOracle database on Docker Container
Oracle database on Docker ContainerJesus Guzman
 
Docker, the Future of DevOps
Docker, the Future of DevOpsDocker, the Future of DevOps
Docker, the Future of DevOpsandersjanmyr
 
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...Patrick Chanezon
 
Docker Hub Breakout Session at DockerCon by Ken Cochrane
Docker Hub Breakout Session at DockerCon by Ken CochraneDocker Hub Breakout Session at DockerCon by Ken Cochrane
Docker Hub Breakout Session at DockerCon by Ken CochraneDocker, Inc.
 
Docker Container As A Service - March 2016
Docker Container As A Service - March 2016Docker Container As A Service - March 2016
Docker Container As A Service - March 2016Patrick Chanezon
 
Architecting .NET Applications for Docker and Container Based Deployments
Architecting .NET Applications for Docker and Container Based DeploymentsArchitecting .NET Applications for Docker and Container Based Deployments
Architecting .NET Applications for Docker and Container Based DeploymentsBen Hall
 

Recomendados

A new model for Docker image distribution
A new model for Docker image distributionA new model for Docker image distribution
A new model for Docker image distributionDocker, Inc.
 
Docker Hub: Past, Present and Future by Ken Cochrane & BC Wong
Docker Hub: Past, Present and Future by Ken Cochrane & BC WongDocker Hub: Past, Present and Future by Ken Cochrane & BC Wong
Docker Hub: Past, Present and Future by Ken Cochrane & BC WongDocker, Inc.
 
Oracle database on Docker Container
Oracle database on Docker ContainerOracle database on Docker Container
Oracle database on Docker ContainerJesus Guzman
 
Docker, the Future of DevOps
Docker, the Future of DevOpsDocker, the Future of DevOps
Docker, the Future of DevOpsandersjanmyr
 
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...Patrick Chanezon
 
Docker Hub Breakout Session at DockerCon by Ken Cochrane
Docker Hub Breakout Session at DockerCon by Ken CochraneDocker Hub Breakout Session at DockerCon by Ken Cochrane
Docker Hub Breakout Session at DockerCon by Ken CochraneDocker, Inc.
 
Docker Container As A Service - March 2016
Docker Container As A Service - March 2016Docker Container As A Service - March 2016
Docker Container As A Service - March 2016Patrick Chanezon
 
Architecting .NET Applications for Docker and Container Based Deployments
Architecting .NET Applications for Docker and Container Based DeploymentsArchitecting .NET Applications for Docker and Container Based Deployments
Architecting .NET Applications for Docker and Container Based DeploymentsBen Hall
 
Running the Oracle SOA Suite Environment in a Docker Container
Running the Oracle SOA Suite Environment in a Docker ContainerRunning the Oracle SOA Suite Environment in a Docker Container
Running the Oracle SOA Suite Environment in a Docker ContainerGuido Schmutz
 
Docker HK Meetup - 201707
Docker HK Meetup - 201707Docker HK Meetup - 201707
Docker HK Meetup - 201707Clarence Ho
 
DockerCon EU 2015: Persistent, stateful services with docker cluster, namespa...
DockerCon EU 2015: Persistent, stateful services with docker cluster, namespa...DockerCon EU 2015: Persistent, stateful services with docker cluster, namespa...
DockerCon EU 2015: Persistent, stateful services with docker cluster, namespa...Docker, Inc.
 
Docker and containers - For Boston Docker Meetup Workshop in March 2015
Docker and containers - For Boston Docker Meetup Workshop in March 2015Docker and containers - For Boston Docker Meetup Workshop in March 2015
Docker and containers - For Boston Docker Meetup Workshop in March 2015Jonas Rosland
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionPeng Xiao
 
Shipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with DockerShipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with DockerJérôme Petazzoni
 
Oscon London 2016 - Docker from Development to Production
Oscon London 2016 - Docker from Development to ProductionOscon London 2016 - Docker from Development to Production
Oscon London 2016 - Docker from Development to ProductionPatrick Chanezon
 
Docker, LinuX Container
Docker, LinuX ContainerDocker, LinuX Container
Docker, LinuX ContainerAraf Karsh Hamid
 
Docker 101 Checonf 2016
Docker 101 Checonf 2016Docker 101 Checonf 2016
Docker 101 Checonf 2016Patrick Chanezon
 
Docker Birthday #3 - Intro to Docker Slides
Docker Birthday #3 - Intro to Docker SlidesDocker Birthday #3 - Intro to Docker Slides
Docker Birthday #3 - Intro to Docker SlidesDocker, Inc.
 
Introduction To Docker
Introduction To DockerIntroduction To Docker
Introduction To DockerDr. Syed Hassan Amin
 
Docker and stuff
Docker and stuffDocker and stuff
Docker and stuffVarun Sharma
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionHao Fan
 
Docker by Example - Basics
Docker by Example - Basics Docker by Example - Basics
Docker by Example - Basics Ganesh Samarthyam
 
Intro Docker october 2013
Intro Docker october 2013Intro Docker october 2013
Intro Docker october 2013dotCloud
 
Docker - The Linux Container
Docker - The Linux ContainerDocker - The Linux Container
Docker - The Linux ContainerBalaji Rajan
 
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and moreAll Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and moreAll Things Open
 
DockerCon Keynote Ben Golub
DockerCon Keynote Ben GolubDockerCon Keynote Ben Golub
DockerCon Keynote Ben GolubdotCloud
 
Docker for the new Era: Introducing Docker,its components and tools
Docker for the new Era: Introducing Docker,its components and toolsDocker for the new Era: Introducing Docker,its components and tools
Docker for the new Era: Introducing Docker,its components and toolsRamit Surana
 
Monitoring Dell Infrastructure using Docker & Microservices
Monitoring Dell Infrastructure using Docker & MicroservicesMonitoring Dell Infrastructure using Docker & Microservices
Monitoring Dell Infrastructure using Docker & MicroservicesAjeet Singh Raina
 
Pre pagina
Pre paginaPre pagina
Pre paginabarbieyken
 
Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016Phil Estes
 

Más contenido relacionado

La actualidad más candente

Running the Oracle SOA Suite Environment in a Docker Container
Running the Oracle SOA Suite Environment in a Docker ContainerRunning the Oracle SOA Suite Environment in a Docker Container
Running the Oracle SOA Suite Environment in a Docker ContainerGuido Schmutz
 
Docker HK Meetup - 201707
Docker HK Meetup - 201707Docker HK Meetup - 201707
Docker HK Meetup - 201707Clarence Ho
 
DockerCon EU 2015: Persistent, stateful services with docker cluster, namespa...
DockerCon EU 2015: Persistent, stateful services with docker cluster, namespa...DockerCon EU 2015: Persistent, stateful services with docker cluster, namespa...
DockerCon EU 2015: Persistent, stateful services with docker cluster, namespa...Docker, Inc.
 
Docker and containers - For Boston Docker Meetup Workshop in March 2015
Docker and containers - For Boston Docker Meetup Workshop in March 2015Docker and containers - For Boston Docker Meetup Workshop in March 2015
Docker and containers - For Boston Docker Meetup Workshop in March 2015Jonas Rosland
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionPeng Xiao
 
Shipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with DockerShipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with DockerJérôme Petazzoni
 
Oscon London 2016 - Docker from Development to Production
Oscon London 2016 - Docker from Development to ProductionOscon London 2016 - Docker from Development to Production
Oscon London 2016 - Docker from Development to ProductionPatrick Chanezon
 
Docker Birthday #3 - Intro to Docker Slides
Docker Birthday #3 - Intro to Docker SlidesDocker Birthday #3 - Intro to Docker Slides
Docker Birthday #3 - Intro to Docker SlidesDocker, Inc.
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionHao Fan
 
Intro Docker october 2013
Intro Docker october 2013Intro Docker october 2013
Intro Docker october 2013dotCloud
 
Docker - The Linux Container
Docker - The Linux ContainerDocker - The Linux Container
Docker - The Linux ContainerBalaji Rajan
 
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and moreAll Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and moreAll Things Open
 
DockerCon Keynote Ben Golub
DockerCon Keynote Ben GolubDockerCon Keynote Ben Golub
DockerCon Keynote Ben GolubdotCloud
 
Docker for the new Era: Introducing Docker,its components and tools
Docker for the new Era: Introducing Docker,its components and toolsDocker for the new Era: Introducing Docker,its components and tools
Docker for the new Era: Introducing Docker,its components and toolsRamit Surana
 
Monitoring Dell Infrastructure using Docker & Microservices
Monitoring Dell Infrastructure using Docker & MicroservicesMonitoring Dell Infrastructure using Docker & Microservices
Monitoring Dell Infrastructure using Docker & MicroservicesAjeet Singh Raina
 

La actualidad más candente (20)

Running the Oracle SOA Suite Environment in a Docker Container
Running the Oracle SOA Suite Environment in a Docker ContainerRunning the Oracle SOA Suite Environment in a Docker Container
Running the Oracle SOA Suite Environment in a Docker Container
 
Docker HK Meetup - 201707
Docker HK Meetup - 201707Docker HK Meetup - 201707
Docker HK Meetup - 201707
 
DockerCon EU 2015: Persistent, stateful services with docker cluster, namespa...
DockerCon EU 2015: Persistent, stateful services with docker cluster, namespa...DockerCon EU 2015: Persistent, stateful services with docker cluster, namespa...
DockerCon EU 2015: Persistent, stateful services with docker cluster, namespa...
 
Docker and containers - For Boston Docker Meetup Workshop in March 2015
Docker and containers - For Boston Docker Meetup Workshop in March 2015Docker and containers - For Boston Docker Meetup Workshop in March 2015
Docker and containers - For Boston Docker Meetup Workshop in March 2015
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
 
Shipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with DockerShipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with Docker
 
Oscon London 2016 - Docker from Development to Production
Oscon London 2016 - Docker from Development to ProductionOscon London 2016 - Docker from Development to Production
Oscon London 2016 - Docker from Development to Production
 
Docker, LinuX Container
Docker, LinuX ContainerDocker, LinuX Container
Docker, LinuX Container
 
Docker 101 Checonf 2016
Docker 101 Checonf 2016Docker 101 Checonf 2016
Docker 101 Checonf 2016
 
Docker Birthday #3 - Intro to Docker Slides
Docker Birthday #3 - Intro to Docker SlidesDocker Birthday #3 - Intro to Docker Slides
Docker Birthday #3 - Intro to Docker Slides
 
Introduction To Docker
Introduction To DockerIntroduction To Docker
Introduction To Docker
 
Docker and stuff
Docker and stuffDocker and stuff
Docker and stuff
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
 
Docker by Example - Basics
Docker by Example - Basics Docker by Example - Basics
Docker by Example - Basics
 
Intro Docker october 2013
Intro Docker october 2013Intro Docker october 2013
Intro Docker october 2013
 
Docker - The Linux Container
Docker - The Linux ContainerDocker - The Linux Container
Docker - The Linux Container
 
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and moreAll Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
 
DockerCon Keynote Ben Golub
DockerCon Keynote Ben GolubDockerCon Keynote Ben Golub
DockerCon Keynote Ben Golub
 
Docker for the new Era: Introducing Docker,its components and tools
Docker for the new Era: Introducing Docker,its components and toolsDocker for the new Era: Introducing Docker,its components and tools
Docker for the new Era: Introducing Docker,its components and tools
 
Monitoring Dell Infrastructure using Docker & Microservices
Monitoring Dell Infrastructure using Docker & MicroservicesMonitoring Dell Infrastructure using Docker & Microservices
Monitoring Dell Infrastructure using Docker & Microservices
 

Destacado

Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016Phil Estes
 
Meetup docker paris
Meetup docker parisMeetup docker paris
Meetup docker parisAliou BA
 
Raspberry pi 개발환경 구축
Raspberry pi 개발환경 구축Raspberry pi 개발환경 구축
Raspberry pi 개발환경 구축MoamBae
 
MIT App Inventor + Arduino + Bluetooth
MIT App Inventor + Arduino + BluetoothMIT App Inventor + Arduino + Bluetooth
MIT App Inventor + Arduino + Bluetoothmike parks
 
Docker Compose and Panamax - ContainerDays Boston - June 2015
Docker Compose and Panamax - ContainerDays Boston - June 2015Docker Compose and Panamax - ContainerDays Boston - June 2015
Docker Compose and Panamax - ContainerDays Boston - June 2015Jonas Rosland
 
DockerCon EU 2015: What's New with Docker Trusted Registry
DockerCon EU 2015: What's New with Docker Trusted RegistryDockerCon EU 2015: What's New with Docker Trusted Registry
DockerCon EU 2015: What's New with Docker Trusted RegistryDocker, Inc.
 
The Future of Everything
The Future of EverythingThe Future of Everything
The Future of EverythingMichael Ducy
 

Destacado (11)

Pre pagina
Pre paginaPre pagina
Pre pagina
 
Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016
 
Arduino Top 10
Arduino Top 10Arduino Top 10
Arduino Top 10
 
Meetup docker paris
Meetup docker parisMeetup docker paris
Meetup docker paris
 
Portainer
PortainerPortainer
Portainer
 
Raspberry pi 개발환경 구축
Raspberry pi 개발환경 구축Raspberry pi 개발환경 구축
Raspberry pi 개발환경 구축
 
MIT App Inventor + Arduino + Bluetooth
MIT App Inventor + Arduino + BluetoothMIT App Inventor + Arduino + Bluetooth
MIT App Inventor + Arduino + Bluetooth
 
Docker Compose and Panamax - ContainerDays Boston - June 2015
Docker Compose and Panamax - ContainerDays Boston - June 2015Docker Compose and Panamax - ContainerDays Boston - June 2015
Docker Compose and Panamax - ContainerDays Boston - June 2015
 
DockerCon EU 2015: What's New with Docker Trusted Registry
DockerCon EU 2015: What's New with Docker Trusted RegistryDockerCon EU 2015: What's New with Docker Trusted Registry
DockerCon EU 2015: What's New with Docker Trusted Registry
 
Libro basico de arduino
Libro basico de arduinoLibro basico de arduino
Libro basico de arduino
 
The Future of Everything
The Future of EverythingThe Future of Everything
The Future of Everything
 

Similar a Docker Registry + Basic Auth

Docker orchestration v4
Docker orchestration v4Docker orchestration v4
Docker orchestration v4Hojin Kim
 
AWS와 Docker Swarm을 이용한 쉽고 빠른 컨테이너 오케스트레이션 - AWS Summit Seoul 2017
AWS와 Docker Swarm을 이용한 쉽고 빠른 컨테이너 오케스트레이션 - AWS Summit Seoul 2017AWS와 Docker Swarm을 이용한 쉽고 빠른 컨테이너 오케스트레이션 - AWS Summit Seoul 2017
AWS와 Docker Swarm을 이용한 쉽고 빠른 컨테이너 오케스트레이션 - AWS Summit Seoul 2017Amazon Web Services Korea
 
Docker Security workshop slides
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slidesDocker, Inc.
 
Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)Ben Hall
 
Docker in Action
Docker in ActionDocker in Action
Docker in ActionSimon Su
 
DeveloperWeek 2015: A Practical Introduction to Docker
DeveloperWeek 2015: A Practical Introduction to DockerDeveloperWeek 2015: A Practical Introduction to Docker
DeveloperWeek 2015: A Practical Introduction to DockerSteve Smith
 
Azure from scratch part 5 By Girish Kalamati
Azure from scratch part 5 By Girish KalamatiAzure from scratch part 5 By Girish Kalamati
Azure from scratch part 5 By Girish KalamatiGirish Kalamati
 
파이썬 개발환경 구성하기의 끝판왕 - Docker Compose
파이썬 개발환경 구성하기의 끝판왕 - Docker Compose파이썬 개발환경 구성하기의 끝판왕 - Docker Compose
파이썬 개발환경 구성하기의 끝판왕 - Docker Composeraccoony
 
How to create your own hack environment
How to create your own hack environmentHow to create your own hack environment
How to create your own hack environmentSumedt Jitpukdebodin
 
AtlasCamp 2015 Docker continuous integration training
AtlasCamp 2015 Docker continuous integration trainingAtlasCamp 2015 Docker continuous integration training
AtlasCamp 2015 Docker continuous integration trainingSteve Smith
 
Docker security
Docker securityDocker security
Docker securityJanos Suto
 
Things I've learned working with Docker Support
Things I've learned working with Docker SupportThings I've learned working with Docker Support
Things I've learned working with Docker SupportSujay Pillai
 
The How and Why of Windows containers
The How and Why of Windows containersThe How and Why of Windows containers
The How and Why of Windows containersBen Hall
 
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...Puppet
 
Challenges of container configuration
Challenges of container configurationChallenges of container configuration
Challenges of container configurationlutter
 
Docker Introductory workshop
Docker Introductory workshopDocker Introductory workshop
Docker Introductory workshopRuncy Oommen
 
Real World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionReal World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionBen Hall
 

Similar a Docker Registry + Basic Auth (20)

Docker by Example - Basics
Docker by Example - Basics Docker by Example - Basics
Docker by Example - Basics
 
Docker orchestration v4
Docker orchestration v4Docker orchestration v4
Docker orchestration v4
 
Docker orchestration
Docker orchestrationDocker orchestration
Docker orchestration
 
AWS와 Docker Swarm을 이용한 쉽고 빠른 컨테이너 오케스트레이션 - AWS Summit Seoul 2017
AWS와 Docker Swarm을 이용한 쉽고 빠른 컨테이너 오케스트레이션 - AWS Summit Seoul 2017AWS와 Docker Swarm을 이용한 쉽고 빠른 컨테이너 오케스트레이션 - AWS Summit Seoul 2017
AWS와 Docker Swarm을 이용한 쉽고 빠른 컨테이너 오케스트레이션 - AWS Summit Seoul 2017
 
Docker Security workshop slides
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slides
 
Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)
 
Docker in Action
Docker in ActionDocker in Action
Docker in Action
 
DeveloperWeek 2015: A Practical Introduction to Docker
DeveloperWeek 2015: A Practical Introduction to DockerDeveloperWeek 2015: A Practical Introduction to Docker
DeveloperWeek 2015: A Practical Introduction to Docker
 
Azure from scratch part 5 By Girish Kalamati
Azure from scratch part 5 By Girish KalamatiAzure from scratch part 5 By Girish Kalamati
Azure from scratch part 5 By Girish Kalamati
 
파이썬 개발환경 구성하기의 끝판왕 - Docker Compose
파이썬 개발환경 구성하기의 끝판왕 - Docker Compose파이썬 개발환경 구성하기의 끝판왕 - Docker Compose
파이썬 개발환경 구성하기의 끝판왕 - Docker Compose
 
How to create your own hack environment
How to create your own hack environmentHow to create your own hack environment
How to create your own hack environment
 
AtlasCamp 2015 Docker continuous integration training
AtlasCamp 2015 Docker continuous integration trainingAtlasCamp 2015 Docker continuous integration training
AtlasCamp 2015 Docker continuous integration training
 
Docker security
Docker securityDocker security
Docker security
 
Things I've learned working with Docker Support
Things I've learned working with Docker SupportThings I've learned working with Docker Support
Things I've learned working with Docker Support
 
The How and Why of Windows containers
The How and Why of Windows containersThe How and Why of Windows containers
The How and Why of Windows containers
 
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
 
Challenges of container configuration
Challenges of container configurationChallenges of container configuration
Challenges of container configuration
 
Learning Docker with Thomas
Learning Docker with ThomasLearning Docker with Thomas
Learning Docker with Thomas
 
Docker Introductory workshop
Docker Introductory workshopDocker Introductory workshop
Docker Introductory workshop
 
Real World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionReal World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and Production
 

Último

Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Último (20)

Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

Docker Registry + Basic Auth

  • 1. Docker Registry + Basic Auth @dobestan
  • 7. 최소한 [Deis] 정도는 만들겠지...
  • 9. 잘하면 [Kubernetes] 정도는 만들어야지...
  • 14. Docker Registry + Basic Auth @dobestan
  • 15. Docker Registry Docker Registry is Private Docker Repository
  • 17. docker pull registry $ docker pull registry Pulling repository registry e42d15ec8417: Download complete 3511136a3c5a: Download complete ... CMD Result
  • 18. docker run registry $ docker run -­‐-­‐name local-­‐registry -­‐d -­‐p 5000:5000 registry d530e2564a47a8d5d42a6e2aa65dc9ab6975e5ff48d5602bfb9f6c524 CMD Result
  • 19. $ docker ps docker ps IMAGE PORTS NAMES registry:0.8.1 0.0.0.0:5000-­‐>5000/tcp local-­‐registry CMD Result
  • 20. curl localhost:5000 $ curl localhost:5000 -­‐i HTTP/1.1 200 OK Server: gunicorn/18.0 Content-­‐Type: application/json X-­‐Docker-­‐Registry-­‐Version: 0.8.1 X-­‐Docker-­‐Registry-­‐Config: dev ! "docker-­‐registry server (dev) (v0.8.1)" CMD Result
  • 21. hello world FROM busybox MAINTAINER dobestan <dobestan@gmail.com> CMD /bin/echo "hello world" Dockerfile
  • 22. docker build $ docker build -­‐t dobestan/hello_world . Sending build context to Docker daemon 2.56 kB Sending build context to Docker daemon Step 0 : FROM busybox -­‐-­‐-­‐> a9eb17255234 Step 1 : MAINTAINER dobestan <dobestan@gmail.com> -­‐-­‐-­‐> Running in 28d0d8946c86 -­‐-­‐-­‐> 1ca10bda6835 Removing intermediate container 28d0d8946c86 Step 2 : CMD /bin/echo "hello world" -­‐-­‐-­‐> Running in 1d1c96781eae -­‐-­‐-­‐> 82bdf77324c2 Removing intermediate container 1d1c96781eae Successfully built 82bdf77324c2 CMD Result
  • 23. docker run $ docker run dobestan/hello_world hello world CMD Result
  • 24. docker push $ docker push localhost:5000/hello_world Result The push refers to a repository [localhost:5000/hello_world] Sending image list Pushing repository localhost:5000/hello_world (1 tags) 511136ea3c5a: Image successfully pushed 42eed7f1bf2a: Image successfully pushed 120e218dd395: Image successfully pushed a9eb17255234: Image successfully pushed 1ca10bda6835: Image successfully pushed 82bdf77324c2: Image successfully pushed Pushing tag for rev [82bdf77324c2] on {http://localhost:5000/v1/ repositories/hello_world/tags/latest} CMD
  • 25. curl $ curl http://localhost:5000/v1/repositories/hello_world/tags/ "82bdf77324c2f24758372d4bc36c72be41718d10503495139968" CMD Result
  • 26. docker run $ docker run localhost:5000/hello_world Unable to find image 'localhost:5000/hello_world' locally Pulling repository localhost:5000/hello_world 82bdf77324c2: Download complete 511136ea3c5a: Download complete 42eed7f1bf2a: Download complete 120e218dd395: Download complete a9eb17255234: Download complete 1ca10bda6835: Download complete hello world CMD Result
  • 31. CloudInit * cloud-­‐init is the Ubuntu package that handles early initialization of a cloud instance.
  • 33. docker pull registry $ docker pull registry Pulling repository registry e42d15ec8417: Download complete 3511136a3c5a: Download complete ... CMD Result
  • 34. docker run registry $ docker run -­‐-­‐name local-­‐registry -­‐d -­‐p 5000:5000 -­‐e SETTINGS_FLAVOR=s3 -­‐e AWS_BUCKET=dobestan-­‐docker-­‐registry -­‐e STORAGE_PATH=/registry -­‐e AWS_KEY=QWERASCBCRTUN46NHTA -­‐e AWS_SECRET=GXzD8MWdh6KdYaB2wWkJJ9PcUENK3a registry d530e2564a47a8d5d42a6e2aa65dc9ab6975e5ff48d5602bfb9f6c524 CMD Result
  • 35. docker pull nginx $ docker pull nginx Pulling repository registry 61e8f94e1d65: Download complete 511136ea3c5a: Download complete ... CMD Result
  • 36. http { ... server { listen 80; server_name registry.dobestan.com; location { proxy_pass http://docker-­‐registry:5000; } ... } ... } nginx.conf nginx.conf https://gist.github.com/dobestan/953b146f324f1a1e46fa
  • 37. docker run nginx $ docker run -­‐-­‐name nginx-­‐registry -­‐d -­‐v ~/nginx.conf:/etc/nginx.conf # 설정 파일 -­‐-­‐link docker-­‐registry:docker-­‐registry # 컨테이너 링킹 -­‐p 80:80 nginx 1fa1eeaa48975680315d73b1499883bc416bdbba63adf4a94b913e377 CMD Result
  • 38. docker push $ docker push registry.dobestan.com/hello_world CMD The push refers to a repository [registry.dobestan.com:5000/ Result hello_world] Sending image list Pushing repository registry.dobestan.com/hello_world (1 tags) 511136ea3c5a: Image successfully pushed 42eed7f1bf2a: Image successfully pushed 120e218dd395: Image successfully pushed a9eb17255234: Image successfully pushed 1ca10bda6835: Image successfully pushed 82bdf77324c2: Image successfully pushed Pushing tag for rev [82bdf77324c2] on {http://registry.dobestan.com/ v1/repositories/hello_world/tags/latest}
  • 41.
  • 42. AUTH
  • 43. HTTP + User Auth
  • 44. htpasswd .htpasswd is a flat-­‐file used to store usernames and password for basic authentication on an Apache HTTP Server $ sudo apt-­‐get -­‐y install apache2-­‐utils CMD
  • 45. htpasswd $ htpasswd -­‐c .htpasswd dobestan New password: Re-­‐type new password: Adding password for user dobestan CMD Result $ cat .htpasswd dobestan:$apr1$mtXLPDLn$YXdZDqy8Rrbtq39iieV2B0 CMD Result
  • 46. ... location / { proxy_pass http://docker-­‐registry:5000; proxy_set_header Host $host; proxy_read_timeout 900; ! auth_basic "Restricted"; auth_basic_user_file ~/.htpasswd; } ... nginx.conf nginx.conf https://gist.github.com/dobestan/953b146f324f1a1e46fa
  • 47. docker push $ docker push 54.64.158.154/hello_world CMD Result The push refers to a repository [54.64.158.154/hello_world] Sending image list Pushing repository 54.64.158.154/hello_world (1 tags) 511136ea3c5a: Pushing 2014/09/20 23:36:39 HTTP code 401, Docker will not send auth headers over HTTP.
  • 48. Docker will not send auth headers over HTTP.
  • 49. HTTPS HTTP + User Auth
  • 50. Self Signed Certi $ openssl genrsa -­‐out private_key.pem 2048 CMD 1. 개인키 생성하기
  • 51. Self Signed Certi $ openssl req -­‐new -­‐key private_key.pem -­‐out server.csr Country Name (2 letter code) [AU]:KO State or Province Name (full name) [Some-­‐State]:Seoul Locality Name (eg, city) []:Seoul Organization Name (eg, company):Dreampic Organizational Unit Name (eg, section) []:Dev Common Name (e.g. server FQDN or YOUR name) []:54.64.158.154 Email Address []:dobestan@gmail.com CMD Result 2. CSR 생성하기
  • 52. Self Signed Certi 3. $ openssl x509 -­‐req -­‐days 365 -­‐in server.csr -­‐signkey private_key.pem -­‐out server.crt CMD Result 인증서 발급하기 Signature ok subject=/C=KO/ST=Seoul/L=Seoul/O=Dreampic/OU=Dev/CN=54.64.158.154/ emailAddress=dobestan@gmail.com Getting Private key
  • 53. Self Signed Certi 4. 인증서 설치하기 $ sudo cp server.crt /usr/share/ca-­‐certificates/ CMD $ echo "server.crt" | sudo tee -­‐a /etc/ca-­‐certificates.conf CMD $ sudo update-­‐ca-­‐certificates CMD Result ! Updating certificates in /etc/ssl/certs... 1 added, 0 removed; done. Running hooks in /etc/ca-­‐certificates/update.d....done.
  • 54. docker login $ docker login 54.64.158.154 CMD Result Username: dobestan Password: Email: dobestan@gmail.com 2014/09/25 14:16:25 Error response from daemon: Invalid Registry endpoint: Get https://54.64.158.154/v1/_ping: x509: cannot validate certificate for 54.64.158.154 because it doesn't contain any IP SANs
  • 55. Error response from daemon: Invalid Registry endpoint x509: cannot validate certificate for it doesn't contain any IP SANs
  • 56. HTTPS HTTP + User Auth + Domain Name
  • 57. /etc/hosts ... 127.0.0.1 localhost 54.64.158.154 registry.dobestan.com ... /etc/hosts
  • 58. Self Signed Certi $ openssl req -­‐new -­‐key private_key.pem -­‐out server.csr Country Name (2 letter code) [AU]:KO State or Province Name (full name) [Some-­‐State]:Seoul Locality Name (eg, city) []:Seoul Organization Name (eg, company):Dreampic Organizational Unit Name (eg, section) []:Dev Common Name : registry.dobestan.com Email Address []:dobestan@gmail.com CMD Result 2. CSR 생성하기 : 도메인 이름으로
  • 59. docker login $ docker login https://registry.ansuchan.com Username: dobestan Password: Email: dobestan@gmail.com Login Succeeded CMD Result
  • 61. 결론 열심히 사설 인증서 만들고 가짜 도 메인도 추가하고 해서 무조건 인증을 받도록 하자.
  • 62. 결론 열심히 사설 인증서 만들고 도메인도 추가하고 해서 인증하자 공인 SSL인증서를 구매하거나... 접속 IP 제한을 걸던가 ... 더 편한 방법을 찾자