Code Monkey home page Code Monkey logo

docker-token-auth's Introduction

Authorization server for version 2 of the Docker registry API.

NOTE Work in progress, untested.

Getting started

Setup authorizations

The authorization.yml contains a list of accounts and the repositories that they have access to.

The authorization.yml.template contains some examples to get started. You can copy it to authorization.yml and adjust it to your own needs.

Configure registry

The Docker registry should be configured to use token authentication using this server. An example:

auth:
  token:
    realm: https://auth.docker.com/v2/token/
    service: registry.docker.com
    issuer: auth.docker.com
    rootcertbundle: <path-to-cert-bundle>

The auth.token.realm setting should be set to the url on which the authorization can be reached. The auth.token.issuer setting should match the TOKEN_ISSUER variable used in the authorization server.

See https://github.com/docker/distribution/blob/master/docs/configuration.md#auth for more information on configuring the registry.

Run Authorization server

Start the server using:

$ TOKEN_ISSUER=auth.example.com PRIVATE_KEY_PATY=<private-key-path> bundle exec ruby server.rb

Log in to registry

Run the following command from a Docker client:

$ docker login registry.example.com

You'll need to provide a username, password and e-mail that will be stored in the .dockercfg file in the current user's home directory.

The Docker client will send the following request to the authorization server:

GET /v2/token/?account=bob&service=registry.example.com

The authorization server will return a token if the user is authorized.

The same steps are performed when users perform a push or pull command on the registry.

Configuration

Authorization server

The following environment variables are required when running the server:

  • TOKEN_ISSUER: The issuer of the token, typically the fqdn of the authorization server.
  • PRIVATE_KEY_PATH: Path to private key which was used to sign the token.

Authorizations

TODO Add some examples.

Development

TODO Add specs, etc.

Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request

docker-token-auth's People

Contributors

robinroestenburg avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.