Docker：什么是最简单的方式来保护私有注册表？ [英] Docker: What is the simplest way to secure a private registry?

问题描述

我们的Docker图像发送封闭的源代码，我们需要使用自己的专用Docker注册表将它们存储在某个安全的地方。
我们搜索使用简单认证层部署私有Docker注册表的最简单方法

我发现：

• 此手册方式 http://www.activestate.com/blog/2014/01/deploying-your-own-private-docker-registry


• 和 shipyard / docker-private-registry 基于stackbrew /注册表的Docker映像，并通过Nginx添加基本身份验证 - https://github.com/shipyard/docker-private-registry

我认为使用

解决方案

我还在学习如何运行和使用Docker，考虑一下这个想法：

 ＃在服务器上运行注册表，只允许localhost连接
 doc ker run -p 127.0.0.1:5000:5000注册表
 
＃在客户端上，安装ssh隧道
 ssh -N -L 5000：localhost：5000 user @ server 
  

然后，可以通过localhost：5000访问注册表，通过您可能已经知道和使用的ssh来完成身份验证。 >

资料来源：

• https://blog.codecentric.de/en/2014/02/docker-registry-run- private-docker-image-repository /


• https ：//docs.docker.com/userguide/dockerlinks/

Our Docker images ship closed sources, we need to store them somewhere safe, using own private docker registry. We search the simplest way to deploy a private docker registry with a simple authentication layer.

I found :

• this manual way http://www.activestate.com/blog/2014/01/deploying-your-own-private-docker-registry
• and the shipyard/docker-private-registry docker image based on stackbrew/registry and adding basic auth via Nginx - https://github.com/shipyard/docker-private-registry

I think use shipyard/docker-private-registry, but is there one another best way?

解决方案

I'm still learning how to run and use Docker, consider this an idea:

# Run the registry on the server, allow only localhost connection
docker run -p 127.0.0.1:5000:5000 registry

# On the client, setup ssh tunneling
ssh -N -L 5000:localhost:5000 user@server

The registry is then accessible at localhost:5000, authentication is done through ssh that you probably already know and use.

Sources:

• https://blog.codecentric.de/en/2014/02/docker-registry-run-private-docker-image-repository/
• https://docs.docker.com/userguide/dockerlinks/

这篇关于Docker：什么是最简单的方式来保护私有注册表？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！