I’m often using various docker registries and pulling down from the web, but whenever i’m trying to develop automation tasks, often the difference between reaching out to the web for container images and having some available on a local network means a difference of 30 minutes or more of downloads.
Now with the release of Openshift 4.2 it is possible to mirror images in a locally accessible docker registry, which is one of the functions I am using my QNAP NAS for. The requirements for Openshift 4 is to have a registry with authentication and a certificate.
More information about container station can be found here https://www.qnap.com/solution/container_station/en/
Create the Registry App
In container station we are able to “Create” and find a registry app available:
Container station will then prompt with a message showing usage instructions:
Now we are able to follow these instructions and curl the registry catalog:
It can be seen that when creating this we get a new set of containers running in container station:
We are also able to see the configuration of the registry app by editing the app.
If we look at this closer it gives some insights as to where the configuration of the application is on the NAS.
We can also inspect the volumes in the application:
By ssh’ing into the QNAP we are able to see that the folder for the registry exists (for me anyway) at: /share/CACHEDEV1_DATA/Container/container-station-data/application/registry
[/share/CACHEDEV1_DATA/Container/container-station-data/application/registry] # find
.
./wizard
./wizard/description
./wizard/description/eng.md
./nginx
./nginx/win-utf
./nginx/uwsgi_params
./nginx/scgi_params
./nginx/nginx.conf
./nginx/mime.types
./nginx/koi-win
./nginx/koi-utf
./nginx/fastcgi_params
./nginx/docker-registry.htpasswd
./nginx/docker-registry.conf
./nginx/conf.d
./nginx/conf.d/registry.conf
./nginx/conf.d/example_ssl.conf
./nginx/conf.d/default.conf
./docker-compose.yml
./app.js
./qnap.json
We can also see in the ./nginx/conf.d/registry.conf that the basic authentication is commented out.
Adding Authentication to the registry
We need to ensure that the nginx configuration is changed so that we need to authenticate. So we need to:
. Create a new htpasswd file with a username and password
. Copy this over and replace the docker-registry.htpasswd file
. Uncomment the auth_basic section in the registry.conf file
. restart the containers
Create a new htpasswd file and copy over
Uncomment the auth_basic in registry.conf
Modify the file at /share/CACHEDEV1_DATA/Container/container-station-data/application/registry/nginx/conf.d/registry.conf
location / {
auth_basic "Docker Registry";
auth_basic_user_file docker-registry.htpasswd;
include docker-registry.conf;
}
Test the configuration
We should now need the user to connect:
When we add the username and password to a curl request we can see this is successful
