I’m often using various docker registries and pulling down from the web, but whenever i’m trying to develop automation tasks, often the difference between reaching out to the web for container images and having some available on a local network means a difference of 30 minutes or more of downloads.

Now with the release of Openshift 4.2 it is possible to mirror images in a locally accessible docker registry, which is one of the functions I am using my QNAP NAS for. The requirements for Openshift 4 is to have a registry with authentication and a certificate.

More information about container station can be found here https://www.qnap.com/solution/container_station/en/

Create the Registry App

In container station we are able to “Create” and find a registry app available:

Create registry app

Container station will then prompt with a message showing usage instructions:

Now we are able to follow these instructions and curl the registry catalog:

It can be seen that when creating this we get a new set of containers running in container station:

registry running

We are also able to see the configuration of the registry app by editing the app.

registry app config

If we look at this closer it gives some insights as to where the configuration of the application is on the NAS.

We can also inspect the volumes in the application:

registry volumes

By ssh’ing into the QNAP we are able to see that the folder for the registry exists (for me anyway) at: /share/CACHEDEV1_DATA/Container/container-station-data/application/registry

[/share/CACHEDEV1_DATA/Container/container-station-data/application/registry] # find

We can also see in the ./nginx/conf.d/registry.conf that the basic authentication is commented out.

Adding Authentication to the registry

We need to ensure that the nginx configuration is changed so that we need to authenticate. So we need to:

. Create a new htpasswd file with a username and password . Copy this over and replace the docker-registry.htpasswd file . Uncomment the auth_basic section in the registry.conf file . restart the containers

Create a new htpasswd file and copy over

Uncomment the auth_basic in registry.conf

Modify the file at /share/CACHEDEV1_DATA/Container/container-station-data/application/registry/nginx/conf.d/registry.conf

  location / {
    auth_basic "Docker Registry";
    auth_basic_user_file docker-registry.htpasswd;

    include docker-registry.conf;

Test the configuration

We should now need the user to connect:

When we add the username and password to a curl request we can see this is successful