Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Anonymous pull on docker repo in artifactory

Tags:

authentication

docker

artifactory

I am on artifactory version 4.6 and have the following requirement on the docker registry.

Allow anonymous pulls on docker repository Force authentication on the SAME docker repository

I know this is avaliable out of the box on the later versions of artifactory. However upgrading isnt an option for us for a while.

Does the following work around work?

  1. Create a virtual docker repository on port 8443 and don't force authentication , call it docker-virtual
  2. Create a local docker repository and force authentication, call it docker-local on port 8444

  3. Configure 'docker-virtual' with the default deployment directory as 'docker-local'

    docker pull docker-virtual should work docker push docker-virtual should ask for credentials

Upon failure , I should be able to docker login docker-virtual and docker push docker-virtual/myImage

like image 350
user_mda Avatar asked Jul 11 '16 15:07

user_mda

People also ask

How do I pull a private Docker image?

In order to pull images from your private repository, you'll need to login to Docker. If no registry URI is specified, Docker will assume you intend to use or log out from Docker Hub. Triton comes with several images built-in. You can view the available list with triton images .

Can we store Docker images in Artifactory?

Artifactory places no limitations and lets you set up any number of Docker registries, through the use of local, remote and virtual Docker repositories, and works transparently with the Docker client to manage all your Docker images, whether created internally or downloaded from remote Docker resources such as Docker ...

1 Answers

Not sure about the artifactory side, but perhaps the following Docker advice helps.

You can start run two registries, one RW with authentication, and a second RO without any authentication, in Docker:

docker run -d -p 5000:5000 --restart=always --name registry \
  -v `pwd`/certs:/certs:ro \
  -v `pwd`/auth/htpasswd:/auth/htpasswd:ro \
  -v `pwd`/registry:/var/lib/registry \
  -e "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/host-cert.pem" \
  -e "REGISTRY_HTTP_TLS_KEY=/certs/host-key.pem" \
  -e "REGISTRY_AUTH=htpasswd" \
  -e "REGISTRY_AUTH_HTPASSWD_REALM=My Registry" \
  -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" \
  -e "REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry" \
  registry:2

docker run -d -p 5001:5000 --restart=always --name registry-ro \
  -v `pwd`/certs:/certs:ro \
  -v `pwd`/auth/htpasswd:/auth/htpasswd:ro \
  -v `pwd`/registry:/var/lib/registry:ro \
  -e "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/host-cert.pem" \
  -e "REGISTRY_HTTP_TLS_KEY=/certs/host-key.pem" \
  -e "REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry" \
  registry:2

Note the volume settings for /var/lib/registry in each container. Then to pull from the anonymous registry, you'd just need to change the port. Since the filesystem is RO, any attempt to push to 5001 will fail.

like image 134
BMitch Avatar answered Sep 16 '22 20:09

BMitch
Sign in to Comment

Related questions

Optionally accept client certificates in a self-hosted WCF service
nodejs web site with active directory permissions
Postgres User Authentication on web app through LoginRoles Vs Table
Authenticate Multiple Private Channels in One Authentication call in pusher.com
Preemptive Proxy Authentication with HTTP Tunnel / HTTPS Connection in Apache HttpClient 4.3.1
Microsoft Enhanced redirection security with OWIN/MVC5 auth
Server is unwilling to perform. LDAP in PHP
Windows Authentication behind AWS Elastic Load Balancer (ELB) not working
How to force re-authentication of credentials in Spring Security?
Adding Claims in the MVC 5 app with Owin and windows authentication
Using both LDAP and DB authentication with Spring Security
Difference between HTTP Authorization header and Query string parameters
Simple authentication in Flask not working under Apache
password protect prometheus access
How to add token validation only for protected actions in ASP.NET 5 (ASP.NET Core)
How to Optionally Protect a Resource with Custom Dropwizard Filter
Security for "Private" REST API
How can I use bcrypt/scrypt on appengine for Python?
How to set the <img> tag with basic authentication
Mysql 8 remote access

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!