Introduction

This tutorial aims to guide you through the process of securing your private container registries with authentication. We will be focusing on Docker registries, and you will learn how to restrict access to your Docker images to authorized users only.

By the end of this tutorial, you will be able to:
- Understand the importance of securing your private registries
- Set up basic authentication for your private Docker registry
- Verify the setup

Prerequisites

• Basic understanding of Docker
• Docker installed on your system
• Familiarity with the command line

Step-by-Step Guide

Securing your private Docker registry involves creating a password file for authentication and running your registry with additional parameters to use this password file.

Step 1: Create a Password File

First, you'll need to create a password file using htpasswd. You can install it with apt-get if you're on a Debian-based system:

sudo apt-get install apache2-utils

Then, create a password for a user. For example, to create a user named testuser:

htpasswd -Bc .htpasswd testuser

You'll be prompted to enter and confirm your password.

Step 2: Run Your Registry with Authentication

Next, start your registry with additional parameters to use the .htpasswd file:

docker run -d -p 5000:5000 --restart=always --name registry -v `pwd`/.htpasswd:/auth/.htpasswd -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/.htpasswd registry:2

This command tells Docker to run the registry and use the htpasswd file for authentication.

Step 3: Verify Your Setup

Finally, try to pull an image from your registry. If your setup is correct, it should prompt you for the username and password:

docker pull localhost:5000/my-image

Code Examples

Let's put everything together:

# Install htpasswd
sudo apt-get install apache2-utils

# Create a password file
htpasswd -Bc .htpasswd testuser

# Run Docker registry with authentication
docker run -d -p 5000:5000 --restart=always --name registry -v `pwd`/.htpasswd:/auth/.htpasswd -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/.htpasswd registry:2

# Try to pull an image
docker pull localhost:5000/my-image

Summary

In this tutorial, we've learned how to secure a private Docker registry with basic authentication. We created a password file with htpasswd, ran our Docker registry with additional parameters to use this password file, and verified our setup.

To continue your learning, consider exploring more advanced forms of authentication, like token-based authentication.

Practice Exercises

1. Exercise 1: Set up a private Docker registry without authentication and try to pull an image from it. What happens?

2. Exercise 2: Now secure your registry with authentication. Try to pull an image without providing a username and password. What happens?

3. Exercise 3: Try to pull an image after providing the correct username and password. What happens?

Solutions

1. Solution 1: Without authentication, Docker allows you to pull the image without any prompts.
2. Solution 2: If you try to pull an image from a secured registry without providing a username and password, Docker will give an error.
3. Solution 3: If you provide the correct username and password, Docker will allow you to pull the image.