Menu
When I directly run docker run -d -p 5000:5000 --restart=always --name registry registry:2, I could access registry with curl localhost:5000/v2/_catalog. But after I secured registry using TLS reference to https://docs.docker.com/registry/deploying/ . The command like curl localhost:5000/v2/_catalog could not be use. So how could I access registry with curl? Should some options be added? Like if I want to use docker remote api, I could use curl --insecure --cert ~/cert.pem --key ~/key.pem https://$host:2376/_ping.
673
Curl like curl --cacert domain.crt https://myregistry.com:5000/v2/_catalog will work.
100
If you are familiar with httpparty / ruby you can have a look at this implementation : https://github.com/EugenMayer/docker_registry_cli/blob/master/requests/DockerRegistryRequest.rb
Depending on the auth mechanism you have on your registry, you will either need to add basic-auth informartions or, if Bearer Tokens are used, you need to authenticate every request, see https://github.com/EugenMayer/docker_registry_cli/tree/master/auth
This means, you first send a GET request, if you get a 401, you send the scope parameter with the credentials to the server: https://github.com/EugenMayer/docker_registry_cli/blob/master/requests/DockerRegistryRequest.rb#L52
Its more or less the usual JWT token implementation. Thus, you will need to add basic-auth headers to curl, or JWT tokens per scope ( 2 curl request per intent required ).
For the JWT token auth also see https://docs.docker.com/registry/spec/auth/jwt/
For basic-auth, this header is needed: https://github.com/EugenMayer/docker_registry_cli/blob/master/auth/BasicAuthService.rb#L27
35
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
