From 1543b0b4d807273938746dbf23a9e6533bd50dc9 Mon Sep 17 00:00:00 2001 From: Alex Collins Date: Sun, 2 Nov 2014 17:16:03 +0000 Subject: [PATCH 01/18] first draft of support for pulling and pushing from a private, authenticate repository --- README.md | 12 ++- .../dockerjava/api/command/PullImageCmd.java | 12 ++- .../dockerjava/api/model/AuthConfig.java | 13 +++- .../dockerjava/core/DockerClientConfig.java | 25 ++++++- .../dockerjava/core/DockerClientImpl.java | 4 +- .../core/command/PullImageCmdImpl.java | 20 ++++- .../dockerjava/jaxrs/PullImageCmdExec.java | 26 ++++--- src/main/resources/docker.io.properties | 4 +- .../dockerjava/api/model/AuthConfigTest.java | 31 ++++++++ .../dockerjava/api/model/PortsTest.java | 73 +++++++++---------- .../core/DockerClientConfigTest.java | 10 ++- .../dockerjava/core/DockerClientImplTest.java | 36 +++++++++ .../core/command/PullImageCmdImplTest.java | 48 +++++++----- .../core/command/PushImageCmdImplTest.java | 23 ++---- 14 files changed, 239 insertions(+), 98 deletions(-) create mode 100644 src/test/java/com/github/dockerjava/api/model/AuthConfigTest.java create mode 100644 src/test/java/com/github/dockerjava/core/DockerClientImplTest.java diff --git a/README.md b/README.md index 8eff82a21..3b04aa02e 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,11 @@ Developer forum for [docker-java](https://groups.google.com/forum/?hl=de#!forum/ * Java 1.6 * Maven 3.0.5 * Docker daemon running +* Docker private repository running (see below). + +You'll need to be running a local private registry, as per [the quick start instructions](https://github.com/docker/docker-registry): + + docker run -p 5000:5000 registry The Maven build includes integration tests which are using a localhost instance of Docker and require manual setup. Make sure you have a local Docker daemon running and then provide your https://registry.hub.docker.com/account/login/ information via system properties: @@ -56,7 +61,7 @@ Run build without integration tests: com.github.docker-java docker-java - 0.10.2 + RELEASE ### Latest SNAPSHOT version @@ -64,7 +69,7 @@ Run build without integration tests: com.github.docker-java docker-java - 0.10.3-SNAPSHOT + LATEST Latest SNAPSHOT is published to maven repo: https://oss.sonatype.org/content/groups/public via ![Build on CloudBees](http://cloudbees.prod.acquia-sites.com/sites/default/files/styles/large/public/Button-Powered-by-CB.png?itok=uMDWINfY) @@ -82,6 +87,7 @@ There are a couple of configuration items, all of which have sensible defaults: * `username` Your repository username (required to push containers). * `password` Your repository password. * `email` Your repository email. +* `serverAddress` Your repository's address. * `dockerCertPath` Path to the docker certs. There are three ways to configure, in descending order of precedence: @@ -95,6 +101,7 @@ In your application, e.g. .withUsername("dockeruser") .withPassword("ilovedocker") .withEmail("dockeruser@github.com") + .withServerAddress("https://index.docker.io/v1/") .withDockerCertPath("/home/user/.docker") .build(); DockerClient docker = DockerClientBuilder.getInstance(config).build(); @@ -106,6 +113,7 @@ In your application, e.g. docker.io.username=dockeruser docker.io.password=ilovedocker docker.io.email=dockeruser@github.com + docker.io.serverAddress=https://index.docker.io/v1/ docker.io.dockerCertPath=/home/user/.docker diff --git a/src/main/java/com/github/dockerjava/api/command/PullImageCmd.java b/src/main/java/com/github/dockerjava/api/command/PullImageCmd.java index f938542da..27d5b978a 100644 --- a/src/main/java/com/github/dockerjava/api/command/PullImageCmd.java +++ b/src/main/java/com/github/dockerjava/api/command/PullImageCmd.java @@ -1,5 +1,7 @@ package com.github.dockerjava.api.command; +import com.github.dockerjava.api.model.AuthConfig; + import java.io.InputStream; /** @@ -15,13 +17,17 @@ public interface PullImageCmd extends DockerCmd{ public String getRegistry(); - public PullImageCmd withRepository(String repository); + public AuthConfig getAuthConfig(); + + public PullImageCmd withRepository(String repository); public PullImageCmd withTag(String tag); public PullImageCmd withRegistry(String registry); - - public static interface Exec extends DockerCmdExec { + + public PullImageCmd withAuthConfig(AuthConfig authConfig); + + public static interface Exec extends DockerCmdExec { } } \ No newline at end of file diff --git a/src/main/java/com/github/dockerjava/api/model/AuthConfig.java b/src/main/java/com/github/dockerjava/api/model/AuthConfig.java index 7212d8234..d7f0deab3 100644 --- a/src/main/java/com/github/dockerjava/api/model/AuthConfig.java +++ b/src/main/java/com/github/dockerjava/api/model/AuthConfig.java @@ -3,8 +3,15 @@ import com.fasterxml.jackson.annotation.JsonProperty; public class AuthConfig { - - @JsonProperty + + /** + * For backwards compatibility. Make sure you update the properties if you change this. + * + * @see /docker.io.properties + */ + public static final String DEFAULT_SERVER_ADDRESS = "https://index.docker.io/v1/"; + + @JsonProperty private String username; @JsonProperty @@ -14,7 +21,7 @@ public class AuthConfig { private String email; @JsonProperty("serveraddress") - private String serverAddress = "https://index.docker.io/v1/"; + private String serverAddress = DEFAULT_SERVER_ADDRESS; public String getUsername() { return username; diff --git a/src/main/java/com/github/dockerjava/core/DockerClientConfig.java b/src/main/java/com/github/dockerjava/core/DockerClientConfig.java index c12585a54..9f1694b5e 100644 --- a/src/main/java/com/github/dockerjava/core/DockerClientConfig.java +++ b/src/main/java/com/github/dockerjava/core/DockerClientConfig.java @@ -18,6 +18,7 @@ public class DockerClientConfig { private static final String DOCKER_IO_USERNAME_PROPERTY = "docker.io.username"; private static final String DOCKER_IO_PASSWORD_PROPERTY = "docker.io.password"; private static final String DOCKER_IO_EMAIL_PROPERTY = "docker.io.email"; + private static final String DOCKER_IO_SERVER_ADDRESS_PROPERTY = "docker.io.serverAddress"; private static final String DOCKER_IO_READ_TIMEOUT_PROPERTY = "docker.io.readTimeout"; // this is really confusing, as there are two ways to spell it private static final String DOCKER_IO_ENABLE_LOGGING_FILTER_PROPERTY = "docker.io.enableLoggingFilter"; @@ -31,22 +32,24 @@ public class DockerClientConfig { .put("DOCKER_USERNAME", DOCKER_IO_USERNAME_PROPERTY) .put("DOCKER_PASSWORD", DOCKER_IO_PASSWORD_PROPERTY) .put("DOCKER_EMAIL", DOCKER_IO_EMAIL_PROPERTY) + .put("DOCKER_SERVER_ADDRESS", DOCKER_IO_SERVER_ADDRESS_PROPERTY) .put("DOCKER_READ_TIMEOUT", DOCKER_IO_READ_TIMEOUT_PROPERTY) .put("DOCKER_LOGGING_FILTER_ENABLED", DOCKER_IO_ENABLE_LOGGING_FILTER_PROPERTY) .put(DOCKER_CERT_PATH_PROPERTY, DOCKER_IO_DOCKER_CERT_PATH_PROPERTY) .build(); private static final String DOCKER_IO_PROPERTIES_PROPERTY = "docker.io.properties"; private final URI uri; - private final String version, username, password, email, dockerCertPath; + private final String version, username, password, email, serverAddress, dockerCertPath; private final Integer readTimeout; private final boolean loggingFilterEnabled; - DockerClientConfig(URI uri, String version, String username, String password, String email, String dockerCertPath, Integer readTimeout, boolean loggingFilterEnabled) { + DockerClientConfig(URI uri, String version, String username, String password, String email, String serverAddress, String dockerCertPath, Integer readTimeout, boolean loggingFilterEnabled) { this.uri = uri; this.version = version; this.username = username; this.password = password; this.email = email; + this.serverAddress = serverAddress; this.dockerCertPath = dockerCertPath; this.readTimeout = readTimeout; this.loggingFilterEnabled = loggingFilterEnabled; @@ -146,6 +149,7 @@ private static Properties overrideDockerPropertiesWithSystemProperties(Propertie DOCKER_IO_USERNAME_PROPERTY, DOCKER_IO_PASSWORD_PROPERTY, DOCKER_IO_EMAIL_PROPERTY, + DOCKER_IO_SERVER_ADDRESS_PROPERTY, DOCKER_IO_READ_TIMEOUT_PROPERTY, DOCKER_IO_ENABLE_LOGGING_FILTER_PROPERTY, DOCKER_IO_DOCKER_CERT_PATH_PROPERTY, @@ -192,6 +196,10 @@ public String getEmail() { return email; } + public String getServerAddress() { + return serverAddress; + } + public Integer getReadTimeout() { return readTimeout; } @@ -217,6 +225,8 @@ public boolean equals(Object o) { if (email != null ? !email.equals(that.email) : that.email != null) return false; if (password != null ? !password.equals(that.password) : that.password != null) return false; if (readTimeout != null ? !readTimeout.equals(that.readTimeout) : that.readTimeout != null) return false; + if (serverAddress != null ? !serverAddress.equals(that.serverAddress) : that.serverAddress != null) + return false; if (uri != null ? !uri.equals(that.uri) : that.uri != null) return false; if (username != null ? !username.equals(that.username) : that.username != null) return false; if (version != null ? !version.equals(that.version) : that.version != null) return false; @@ -231,6 +241,7 @@ public int hashCode() { result = 31 * result + (username != null ? username.hashCode() : 0); result = 31 * result + (password != null ? password.hashCode() : 0); result = 31 * result + (email != null ? email.hashCode() : 0); + result = 31 * result + (serverAddress != null ? serverAddress.hashCode() : 0); result = 31 * result + (dockerCertPath != null ? dockerCertPath.hashCode() : 0); result = 31 * result + (readTimeout != null ? readTimeout.hashCode() : 0); result = 31 * result + (loggingFilterEnabled ? 1 : 0); @@ -245,6 +256,7 @@ public String toString() { ", username='" + username + '\'' + ", password='" + password + '\'' + ", email='" + email + '\'' + + ", serverAddress='" + serverAddress + '\'' + ", dockerCertPath='" + dockerCertPath + '\'' + ", readTimeout=" + readTimeout + ", loggingFilterEnabled=" + loggingFilterEnabled + @@ -253,7 +265,7 @@ public String toString() { public static class DockerClientConfigBuilder { private URI uri; - private String version, username, password, email, dockerCertPath; + private String version, username, password, email, serverAddress, dockerCertPath; private Integer readTimeout; private boolean loggingFilterEnabled; @@ -269,6 +281,7 @@ public DockerClientConfigBuilder withProperties(Properties p) { .withUsername(p.getProperty(DOCKER_IO_USERNAME_PROPERTY)) .withPassword(p.getProperty(DOCKER_IO_PASSWORD_PROPERTY)) .withEmail(p.getProperty(DOCKER_IO_EMAIL_PROPERTY)) + .withServerAddress(p.getProperty(DOCKER_IO_SERVER_ADDRESS_PROPERTY)) .withReadTimeout(Integer.valueOf(p.getProperty(DOCKER_IO_READ_TIMEOUT_PROPERTY, "0"))) .withLoggingFilter(Boolean.valueOf(p.getProperty(DOCKER_IO_ENABLE_LOGGING_FILTER_PROPERTY, "true"))) .withDockerCertPath(p.getProperty(DOCKER_IO_DOCKER_CERT_PATH_PROPERTY)); @@ -300,6 +313,11 @@ public final DockerClientConfigBuilder withEmail(String email) { return this; } + public DockerClientConfigBuilder withServerAddress(String serverAddress) { + this.serverAddress = serverAddress; + return this; + } + public final DockerClientConfigBuilder withReadTimeout(Integer readTimeout) { this.readTimeout = readTimeout; return this; @@ -322,6 +340,7 @@ public DockerClientConfig build() { username, password, email, + serverAddress, dockerCertPath, readTimeout, loggingFilterEnabled diff --git a/src/main/java/com/github/dockerjava/core/DockerClientImpl.java b/src/main/java/com/github/dockerjava/core/DockerClientImpl.java index 5dfb4c13f..4d88651ee 100644 --- a/src/main/java/com/github/dockerjava/core/DockerClientImpl.java +++ b/src/main/java/com/github/dockerjava/core/DockerClientImpl.java @@ -73,12 +73,14 @@ public AuthConfig authConfig() { checkNotNull(dockerClientConfig.getUsername(), "Configured username is null."); checkNotNull(dockerClientConfig.getPassword(), "Configured password is null."); checkNotNull(dockerClientConfig.getEmail(), "Configured email is null."); + checkNotNull(dockerClientConfig.getServerAddress(), "Configured serverAddress is null."); AuthConfig authConfig = new AuthConfig(); authConfig.setUsername(dockerClientConfig.getUsername()); authConfig.setPassword(dockerClientConfig.getPassword()); authConfig.setEmail(dockerClientConfig.getEmail()); - // TODO Make the registry address configurable + authConfig.setServerAddress(dockerClientConfig.getServerAddress()); + return authConfig; } diff --git a/src/main/java/com/github/dockerjava/core/command/PullImageCmdImpl.java b/src/main/java/com/github/dockerjava/core/command/PullImageCmdImpl.java index b0ec02514..ed045878d 100644 --- a/src/main/java/com/github/dockerjava/core/command/PullImageCmdImpl.java +++ b/src/main/java/com/github/dockerjava/core/command/PullImageCmdImpl.java @@ -1,11 +1,11 @@ package com.github.dockerjava.core.command; -import java.io.InputStream; - import com.github.dockerjava.api.command.PullImageCmd; - +import com.github.dockerjava.api.model.AuthConfig; import com.google.common.base.Preconditions; +import java.io.InputStream; + /** * * Pull image from repository. @@ -13,7 +13,8 @@ */ public class PullImageCmdImpl extends AbstrDockerCmd implements PullImageCmd { - private String repository, tag, registry; + private String repository, tag, registry; + private AuthConfig authConfig; public PullImageCmdImpl(PullImageCmd.Exec exec, String repository) { super(exec); @@ -35,6 +36,10 @@ public String getRegistry() { return registry; } + public AuthConfig getAuthConfig() { + return authConfig; + } + @Override public PullImageCmd withRepository(String repository) { Preconditions.checkNotNull(repository, "repository was not specified"); @@ -56,6 +61,13 @@ public PullImageCmd withRegistry(String registry) { return this; } + @Override + public PullImageCmd withAuthConfig(AuthConfig authConfig) { + Preconditions.checkNotNull(authConfig, "authConfig was not specified"); + this.authConfig = authConfig; + return this; + } + @Override public String toString() { return new StringBuilder("pull ") diff --git a/src/main/java/com/github/dockerjava/jaxrs/PullImageCmdExec.java b/src/main/java/com/github/dockerjava/jaxrs/PullImageCmdExec.java index 4ac190be4..dea72f429 100644 --- a/src/main/java/com/github/dockerjava/jaxrs/PullImageCmdExec.java +++ b/src/main/java/com/github/dockerjava/jaxrs/PullImageCmdExec.java @@ -1,17 +1,17 @@ package com.github.dockerjava.jaxrs; -import static javax.ws.rs.client.Entity.entity; - -import java.io.InputStream; +import com.github.dockerjava.api.command.PullImageCmd; +import com.github.dockerjava.api.model.AuthConfig; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import javax.ws.rs.client.Invocation; import javax.ws.rs.client.WebTarget; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; +import java.io.InputStream; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.github.dockerjava.api.command.PullImageCmd; +import static javax.ws.rs.client.Entity.entity; public class PullImageCmdExec extends AbstrDockerCmdExec implements PullImageCmd.Exec { @@ -27,11 +27,19 @@ protected InputStream execute(PullImageCmd command) { .queryParam("tag", command.getTag()) .queryParam("fromImage", command.getRepository()) .queryParam("registry", command.getRegistry()); - + LOGGER.trace("POST: {}", webResource); - return webResource.request() + return resourceWithOptionalAuthConfig(command, webResource.request()) .accept(MediaType.APPLICATION_OCTET_STREAM_TYPE) .post(entity(Response.class, MediaType.APPLICATION_JSON)).readEntity(InputStream.class); } + private Invocation.Builder resourceWithOptionalAuthConfig(PullImageCmd command, Invocation.Builder request) { + AuthConfig authConfig = command.getAuthConfig(); + if (authConfig != null) { + request = request.header("X-Registry-Auth", registryAuth(authConfig)); + } + return request; + } + } diff --git a/src/main/resources/docker.io.properties b/src/main/resources/docker.io.properties index f4d699537..3d9c7149e 100644 --- a/src/main/resources/docker.io.properties +++ b/src/main/resources/docker.io.properties @@ -1,4 +1,6 @@ docker.io.url=https://localhost:2376 docker.io.version=1.15 docker.io.enableLoggingFilter=true -docker.io.dockerCertPath=${user.home}/.docker \ No newline at end of file +docker.io.dockerCertPath=${user.home}/.docker +docker.io.username=${user.name} +docker.io.serverAddress=https://index.docker.io/v1/ \ No newline at end of file diff --git a/src/test/java/com/github/dockerjava/api/model/AuthConfigTest.java b/src/test/java/com/github/dockerjava/api/model/AuthConfigTest.java new file mode 100644 index 000000000..1ed618ed7 --- /dev/null +++ b/src/test/java/com/github/dockerjava/api/model/AuthConfigTest.java @@ -0,0 +1,31 @@ +package com.github.dockerjava.api.model; + +import org.testng.annotations.BeforeMethod; +import org.testng.annotations.Test; + +import static org.testng.Assert.assertEquals; + +public class AuthConfigTest { + + private AuthConfig authConfig; + + @BeforeMethod + public void setUp() throws Exception { + authConfig = new AuthConfig(); + authConfig.setEmail("foo"); + authConfig.setPassword("bar"); + authConfig.setServerAddress("baz"); + authConfig.setUsername("qux"); + } + + @Test + public void string() throws Exception { + assertEquals(authConfig.toString(), + "AuthConfig{username='qux', password='bar', email='foo', serverAddress='baz'}"); + } + + @Test + public void defaultServerAddress() throws Exception { + assertEquals(new AuthConfig().getServerAddress(), "https://index.docker.io/v1/"); + } +} \ No newline at end of file diff --git a/src/test/java/com/github/dockerjava/api/model/PortsTest.java b/src/test/java/com/github/dockerjava/api/model/PortsTest.java index 6a6c5e44e..dea43aa70 100644 --- a/src/test/java/com/github/dockerjava/api/model/PortsTest.java +++ b/src/test/java/com/github/dockerjava/api/model/PortsTest.java @@ -1,37 +1,36 @@ -package com.github.dockerjava.api.model; - -import static org.testng.Assert.assertEquals; - -import java.util.Map; - -import org.testng.annotations.Test; - -import com.fasterxml.jackson.databind.ObjectMapper; -import com.github.dockerjava.api.model.Ports.Binding; - -public class PortsTest { - private final ObjectMapper objectMapper = new ObjectMapper(); - private final String jsonWithDoubleBindingForOnePort = - "{\"80/tcp\":[{\"HostIp\":\"10.0.0.1\",\"HostPort\":\"80\"},{\"HostIp\":\"10.0.0.2\",\"HostPort\":\"80\"}]}"; - - @Test - public void deserializingPortWithMultipleBindings() throws Exception { - Ports ports = objectMapper.readValue(jsonWithDoubleBindingForOnePort, Ports.class); - Map map = ports.getBindings(); - assertEquals(map.size(), 1); - - Binding[] bindings = map.get(ExposedPort.tcp(80)); - assertEquals(bindings.length, 2); - assertEquals(bindings[0], new Binding("10.0.0.1", 80)); - assertEquals(bindings[1], new Binding("10.0.0.2", 80)); - } - - @Test - public void serializingPortWithMultipleBindings() throws Exception { - Ports ports = new Ports(); - ports.bind(ExposedPort.tcp(80), new Binding("10.0.0.1", 80)); - ports.bind(ExposedPort.tcp(80), new Binding("10.0.0.2", 80)); - assertEquals(objectMapper.writeValueAsString(ports), jsonWithDoubleBindingForOnePort); - } - -} +package com.github.dockerjava.api.model; + +import com.fasterxml.jackson.databind.ObjectMapper; +import com.github.dockerjava.api.model.Ports.Binding; +import org.testng.annotations.Test; + +import java.util.Map; + +import static org.testng.Assert.assertEquals; + +public class PortsTest { + private final ObjectMapper objectMapper = new ObjectMapper(); + private final String jsonWithDoubleBindingForOnePort = + "{\"80/tcp\":[{\"HostIp\":\"10.0.0.1\",\"HostPort\":\"80\"},{\"HostIp\":\"10.0.0.2\",\"HostPort\":\"80\"}]}"; + + @Test + public void deserializingPortWithMultipleBindings() throws Exception { + Ports ports = objectMapper.readValue(jsonWithDoubleBindingForOnePort, Ports.class); + Map map = ports.getBindings(); + assertEquals(map.size(), 1); + + Binding[] bindings = map.get(ExposedPort.tcp(80)); + assertEquals(bindings.length, 2); + assertEquals(bindings[0], new Binding("10.0.0.1", 80)); + assertEquals(bindings[1], new Binding("10.0.0.2", 80)); + } + + @Test + public void serializingPortWithMultipleBindings() throws Exception { + Ports ports = new Ports(); + ports.bind(ExposedPort.tcp(80), new Binding("10.0.0.1", 80)); + ports.bind(ExposedPort.tcp(80), new Binding("10.0.0.2", 80)); + assertEquals(objectMapper.writeValueAsString(ports), jsonWithDoubleBindingForOnePort); + } + +} diff --git a/src/test/java/com/github/dockerjava/core/DockerClientConfigTest.java b/src/test/java/com/github/dockerjava/core/DockerClientConfigTest.java index b0747e68e..b05d8c6b7 100644 --- a/src/test/java/com/github/dockerjava/core/DockerClientConfigTest.java +++ b/src/test/java/com/github/dockerjava/core/DockerClientConfigTest.java @@ -1,5 +1,6 @@ package com.github.dockerjava.core; +import com.github.dockerjava.api.model.AuthConfig; import org.testng.annotations.Test; import java.net.URI; @@ -15,12 +16,12 @@ public class DockerClientConfigTest { public static final DockerClientConfig EXAMPLE_CONFIG = newExampleConfig(); private static DockerClientConfig newExampleConfig() { - return new DockerClientConfig(URI.create("http://foo"), "bar", "baz", "qux", "blam", "flim", 877, false); + return new DockerClientConfig(URI.create("http://foo"), "bar", "baz", "qux", "blam", "wham", "flim", 877, false); } @Test public void string() throws Exception { - assertEquals("DockerClientConfig{uri=http://foo, version='bar', username='baz', password='qux', email='blam', dockerCertPath='flim', readTimeout=877, loggingFilterEnabled=false}", + assertEquals("DockerClientConfig{uri=http://foo, version='bar', username='baz', password='qux', email='blam', serverAddress='wham', dockerCertPath='flim', readTimeout=877, loggingFilterEnabled=false}", EXAMPLE_CONFIG.toString()); } @@ -69,6 +70,7 @@ public void environment() throws Exception { env.put("DOCKER_USERNAME", "baz"); env.put("DOCKER_PASSWORD", "qux"); env.put("DOCKER_EMAIL", "blam"); + env.put("DOCKER_SERVER_ADDRESS", "wham"); env.put("DOCKER_CERT_PATH", "flim"); env.put("DOCKER_READ_TIMEOUT", "877"); env.put("DOCKER_LOGGING_FILTER_ENABLED", "false"); @@ -89,6 +91,7 @@ public void defaults() throws Exception { // given default cert path Properties systemProperties = new Properties(); + systemProperties.setProperty("user.name", "someUserName"); systemProperties.setProperty("user.home", "someHomeDir"); // when you build config @@ -96,6 +99,8 @@ public void defaults() throws Exception { // then the cert path is as expected assertEquals(config.getUri(), URI.create("https://localhost:2376")); + assertEquals(config.getUsername(), "someUserName"); + assertEquals(config.getServerAddress(), AuthConfig.DEFAULT_SERVER_ADDRESS); assertEquals(config.getVersion(), "1.15"); assertEquals(config.isLoggingFilterEnabled(), true); assertEquals(config.getDockerCertPath(), "someHomeDir/.docker"); @@ -111,6 +116,7 @@ public void systemProperties() throws Exception { systemProperties.setProperty("docker.io.username", "baz"); systemProperties.setProperty("docker.io.password", "qux"); systemProperties.setProperty("docker.io.email", "blam"); + systemProperties.setProperty("docker.io.serverAddress", "wham"); systemProperties.setProperty("docker.io.dockerCertPath", "flim"); systemProperties.setProperty("docker.io.readTimeout", "877"); systemProperties.setProperty("docker.io.enableLoggingFilter", "false"); diff --git a/src/test/java/com/github/dockerjava/core/DockerClientImplTest.java b/src/test/java/com/github/dockerjava/core/DockerClientImplTest.java new file mode 100644 index 000000000..da1d7f8e4 --- /dev/null +++ b/src/test/java/com/github/dockerjava/core/DockerClientImplTest.java @@ -0,0 +1,36 @@ +package com.github.dockerjava.core; + +import org.testng.annotations.Test; + +import static org.testng.Assert.assertEquals; +import static org.testng.AssertJUnit.fail; + +public class DockerClientImplTest { + + @Test + public void configuredInstanceAuthConfig() throws Exception { + // given a config with null serverAddress + DockerClientConfig dockerClientConfig = new DockerClientConfig(null, null, "", "", "", null, null, 0, false); + DockerClientImpl dockerClient = DockerClientImpl.getInstance(dockerClientConfig); + + // when we get the auth config + try { + dockerClient.authConfig(); + fail(); + } catch (NullPointerException e) { + // then we get a NPE with expected message + assertEquals(e.getMessage(), "Configured serverAddress is null."); + } + } + + @Test + public void defaultInstanceAuthConfig() throws Exception { + // given a default client + DockerClientImpl dockerClient = DockerClientImpl.getInstance(); + + // when we get the auth config + dockerClient.authConfig(); + + // then we do not get an exception + } +} \ No newline at end of file diff --git a/src/test/java/com/github/dockerjava/core/command/PullImageCmdImplTest.java b/src/test/java/com/github/dockerjava/core/command/PullImageCmdImplTest.java index 84af9e72d..461bf6945 100644 --- a/src/test/java/com/github/dockerjava/core/command/PullImageCmdImplTest.java +++ b/src/test/java/com/github/dockerjava/core/command/PullImageCmdImplTest.java @@ -1,32 +1,33 @@ package com.github.dockerjava.core.command; -import static org.hamcrest.MatcherAssert.assertThat; -import static org.hamcrest.Matchers.containsString; -import static org.hamcrest.Matchers.lessThanOrEqualTo; -import static org.hamcrest.Matchers.notNullValue; - -import java.io.IOException; -import java.io.InputStream; -import java.lang.reflect.Method; - -import org.testng.ITestResult; -import org.testng.annotations.AfterMethod; -import org.testng.annotations.AfterTest; -import org.testng.annotations.BeforeMethod; -import org.testng.annotations.BeforeTest; -import org.testng.annotations.Test; - import com.github.dockerjava.api.DockerException; import com.github.dockerjava.api.InternalServerErrorException; import com.github.dockerjava.api.NotFoundException; import com.github.dockerjava.api.command.InspectImageResponse; +import com.github.dockerjava.api.command.PullImageCmd; import com.github.dockerjava.api.model.Info; import com.github.dockerjava.client.AbstractDockerClientTest; +import org.testng.ITestResult; +import org.testng.annotations.*; + +import java.io.IOException; +import java.io.InputStream; +import java.lang.reflect.Method; + +import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.*; @Test(groups = "integration") public class PullImageCmdImplTest extends AbstractDockerClientTest { - @BeforeTest + private static final PullImageCmd.Exec NOP_EXEC = new PullImageCmd.Exec() { + @Override + public InputStream exec(PullImageCmd command) { + return null; + } + }; + + @BeforeTest public void beforeTest() throws DockerException { super.beforeTest(); } @@ -46,7 +47,18 @@ public void afterMethod(ITestResult result) { super.afterMethod(result); } - @Test + @Test + public void nullAuthConfig() throws Exception { + PullImageCmdImpl pullImageCmd = new PullImageCmdImpl(NOP_EXEC, ""); + try { + pullImageCmd.withAuthConfig(null); + fail(); + } catch (Exception e) { + assertEquals(e.getMessage(), "authConfig was not specified"); + } + } + + @Test public void testPullImage() throws DockerException, IOException { Info info = dockerClient.infoCmd().exec(); LOG.info("Client info: {}", info.toString()); diff --git a/src/test/java/com/github/dockerjava/core/command/PushImageCmdImplTest.java b/src/test/java/com/github/dockerjava/core/command/PushImageCmdImplTest.java index b12ac4ec2..e64aaa7be 100644 --- a/src/test/java/com/github/dockerjava/core/command/PushImageCmdImplTest.java +++ b/src/test/java/com/github/dockerjava/core/command/PushImageCmdImplTest.java @@ -1,24 +1,17 @@ package com.github.dockerjava.core.command; -import static org.hamcrest.MatcherAssert.assertThat; -import static org.hamcrest.Matchers.containsString; -import static org.hamcrest.Matchers.isEmptyString; -import static org.hamcrest.Matchers.not; - -import java.lang.reflect.Method; - +import com.github.dockerjava.api.DockerException; +import com.github.dockerjava.api.command.CreateContainerResponse; +import com.github.dockerjava.client.AbstractDockerClientTest; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.testng.ITestResult; -import org.testng.annotations.AfterMethod; -import org.testng.annotations.AfterTest; -import org.testng.annotations.BeforeMethod; -import org.testng.annotations.BeforeTest; -import org.testng.annotations.Test; +import org.testng.annotations.*; -import com.github.dockerjava.api.DockerException; -import com.github.dockerjava.api.command.CreateContainerResponse; -import com.github.dockerjava.client.AbstractDockerClientTest; +import java.lang.reflect.Method; + +import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.*; @Test(groups = "integration") public class PushImageCmdImplTest extends AbstractDockerClientTest { From 60dee43ad1f03baaf846048e7b14dccac204092d Mon Sep 17 00:00:00 2001 From: Alex Collins Date: Sun, 2 Nov 2014 19:39:40 +0000 Subject: [PATCH 02/18] AuthCmd now returns AuthResponse so you can tell if you need to authorise you newly registered account --- README.md | 14 ++++++--- .../dockerjava/api/command/AuthCmd.java | 14 ++++++--- .../dockerjava/api/model/AuthResponse.java | 12 +++++++ .../dockerjava/core/command/AuthCmdImpl.java | 9 +++--- .../github/dockerjava/jaxrs/AuthCmdExec.java | 26 +++++++++------- .../client/AbstractDockerClientTest.java | 31 ++++++++++++------- .../core/command/AuthCmdImplTest.java | 24 +++++++------- 7 files changed, 83 insertions(+), 47 deletions(-) create mode 100644 src/main/java/com/github/dockerjava/api/model/AuthResponse.java diff --git a/README.md b/README.md index 3b04aa02e..38cd47fbe 100644 --- a/README.md +++ b/README.md @@ -19,13 +19,19 @@ Developer forum for [docker-java](https://groups.google.com/forum/?hl=de#!forum/ You'll need to be running a local private registry, as per [the quick start instructions](https://github.com/docker/docker-registry): - docker run -p 5000:5000 registry + $ docker run -p 5000:5000 registry + + If you're using boot2docker, set-up a port forward: + + $ VBoxManage controlvm boot2docker-vm natpf1 "5000,tcp,127.0.0.1,5000,,5000" + +You can remove this forward later using: + + $ VBoxManage controlvm boot2docker-vm natpf1 delete 5000 The Maven build includes integration tests which are using a localhost instance of Docker and require manual setup. Make sure you have a local Docker daemon running and then provide your https://registry.hub.docker.com/account/login/ information via system properties: - $ mvn clean install -Ddocker.io.username=... -Ddocker.io.password=... -Ddocker.io.email=... - -_If your Docker server is remote, add its URL like this: `-Ddocker.io.url=https://...:2376`._ + $ mvn clean install If you do not have access to a Docker server or just want to execute the build quickly, you can run the build without the integration tests: diff --git a/src/main/java/com/github/dockerjava/api/command/AuthCmd.java b/src/main/java/com/github/dockerjava/api/command/AuthCmd.java index f71a132be..3c5922583 100644 --- a/src/main/java/com/github/dockerjava/api/command/AuthCmd.java +++ b/src/main/java/com/github/dockerjava/api/command/AuthCmd.java @@ -2,22 +2,28 @@ import com.github.dockerjava.api.UnauthorizedException; import com.github.dockerjava.api.model.AuthConfig; +import com.github.dockerjava.api.model.AuthResponse; /** * * Authenticate with the server, useful for checking authentication. * */ -public interface AuthCmd extends DockerCmd { +public interface AuthCmd extends DockerCmd { public AuthConfig getAuthConfig(); public AuthCmd withAuthConfig(AuthConfig authConfig); - + + /** + * @return The status. Based on it's value you may mean you need to authorise your account, e.g.: + * "Account created. Please see the documentation of the registry http://localhost:5000/v1/ for instructions how to activate it." + * @throws UnauthorizedException If you're not authorised (e.g. bad password). + */ @Override - public Void exec() throws UnauthorizedException; + public AuthResponse exec() throws UnauthorizedException; - public static interface Exec extends DockerCmdExec { + public static interface Exec extends DockerCmdExec { } } \ No newline at end of file diff --git a/src/main/java/com/github/dockerjava/api/model/AuthResponse.java b/src/main/java/com/github/dockerjava/api/model/AuthResponse.java new file mode 100644 index 000000000..cb5d9df80 --- /dev/null +++ b/src/main/java/com/github/dockerjava/api/model/AuthResponse.java @@ -0,0 +1,12 @@ +package com.github.dockerjava.api.model; + +import com.fasterxml.jackson.annotation.JsonProperty; + +public class AuthResponse { + @JsonProperty("Status") + private String status; + + public String getStatus() { + return status; + } +} diff --git a/src/main/java/com/github/dockerjava/core/command/AuthCmdImpl.java b/src/main/java/com/github/dockerjava/core/command/AuthCmdImpl.java index 259333e5b..0da0da3c3 100644 --- a/src/main/java/com/github/dockerjava/core/command/AuthCmdImpl.java +++ b/src/main/java/com/github/dockerjava/core/command/AuthCmdImpl.java @@ -3,24 +3,25 @@ import com.github.dockerjava.api.UnauthorizedException; import com.github.dockerjava.api.command.AuthCmd; import com.github.dockerjava.api.model.AuthConfig; +import com.github.dockerjava.api.model.AuthResponse; /** * * Authenticate with the server, useful for checking authentication. * */ -public class AuthCmdImpl extends AbstrAuthCfgDockerCmd implements AuthCmd { +public class AuthCmdImpl extends AbstrAuthCfgDockerCmd implements AuthCmd { public AuthCmdImpl(AuthCmd.Exec exec, AuthConfig authConfig) { super(exec); withAuthConfig(authConfig); } - + @Override - public Void exec() throws UnauthorizedException { + public AuthResponse exec() throws UnauthorizedException { return super.exec(); } - + @Override public String toString() { return "authenticate using " + this.getAuthConfig(); diff --git a/src/main/java/com/github/dockerjava/jaxrs/AuthCmdExec.java b/src/main/java/com/github/dockerjava/jaxrs/AuthCmdExec.java index d73487bb8..3552d9742 100644 --- a/src/main/java/com/github/dockerjava/jaxrs/AuthCmdExec.java +++ b/src/main/java/com/github/dockerjava/jaxrs/AuthCmdExec.java @@ -1,18 +1,18 @@ package com.github.dockerjava.jaxrs; -import static javax.ws.rs.client.Entity.entity; +import com.github.dockerjava.api.UnauthorizedException; +import com.github.dockerjava.api.command.AuthCmd; +import com.github.dockerjava.api.model.AuthResponse; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import javax.ws.rs.client.WebTarget; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.github.dockerjava.api.UnauthorizedException; -import com.github.dockerjava.api.command.AuthCmd; +import static javax.ws.rs.client.Entity.entity; -public class AuthCmdExec extends AbstrDockerCmdExec implements AuthCmd.Exec { +public class AuthCmdExec extends AbstrDockerCmdExec implements AuthCmd.Exec { private static final Logger LOGGER = LoggerFactory .getLogger(AuthCmdExec.class); @@ -22,16 +22,18 @@ public AuthCmdExec(WebTarget baseResource) { } @Override - protected Void execute(AuthCmd command) { + protected AuthResponse execute(AuthCmd command) { WebTarget webResource = getBaseResource().path("/auth"); LOGGER.trace("POST: {}", webResource); - Response response = webResource.request().accept(MediaType.APPLICATION_JSON).post(entity(command.getAuthConfig(), MediaType.APPLICATION_JSON)); + Response response = webResource + .request() + .accept(MediaType.APPLICATION_JSON).post(entity(command.getAuthConfig(), MediaType.APPLICATION_JSON)); if(response.getStatus() == 401) { throw new UnauthorizedException("Unauthorized"); - }; - - return null; + } + + return response.readEntity(AuthResponse.class); } } diff --git a/src/test/java/com/github/dockerjava/client/AbstractDockerClientTest.java b/src/test/java/com/github/dockerjava/client/AbstractDockerClientTest.java index 385508b68..91d0c9072 100644 --- a/src/test/java/com/github/dockerjava/client/AbstractDockerClientTest.java +++ b/src/test/java/com/github/dockerjava/client/AbstractDockerClientTest.java @@ -1,12 +1,10 @@ package com.github.dockerjava.client; -import java.io.IOException; -import java.io.InputStream; -import java.io.StringWriter; -import java.lang.reflect.Method; -import java.net.DatagramSocket; -import java.net.ServerSocket; - +import com.github.dockerjava.api.DockerClient; +import com.github.dockerjava.api.DockerException; +import com.github.dockerjava.core.DockerClientBuilder; +import com.github.dockerjava.core.DockerClientConfig; +import com.github.dockerjava.core.TestDockerCmdExecFactory; import org.apache.commons.io.IOUtils; import org.apache.commons.io.LineIterator; import org.slf4j.Logger; @@ -14,10 +12,12 @@ import org.testng.Assert; import org.testng.ITestResult; -import com.github.dockerjava.api.DockerClient; -import com.github.dockerjava.api.DockerException; -import com.github.dockerjava.core.DockerClientBuilder; -import com.github.dockerjava.core.TestDockerCmdExecFactory; +import java.io.IOException; +import java.io.InputStream; +import java.io.StringWriter; +import java.lang.reflect.Method; +import java.net.DatagramSocket; +import java.net.ServerSocket; public abstract class AbstractDockerClientTest extends Assert { @@ -31,7 +31,14 @@ public abstract class AbstractDockerClientTest extends Assert { public void beforeTest() { LOG.info("======================= BEFORETEST ======================="); LOG.info("Connecting to Docker server"); - dockerClient = DockerClientBuilder.getInstance() + dockerClient = DockerClientBuilder.getInstance( + DockerClientConfig.createDefaultConfigBuilder() + .withServerAddress("http://localhost:5000") + .withUsername("docker-java") + .withPassword("docker-java") + .withEmail("docker-java@github.com") + .build() + ) .withDockerCmdExecFactory(dockerCmdExecFactory) .build(); diff --git a/src/test/java/com/github/dockerjava/core/command/AuthCmdImplTest.java b/src/test/java/com/github/dockerjava/core/command/AuthCmdImplTest.java index 3c03b1b43..798342817 100644 --- a/src/test/java/com/github/dockerjava/core/command/AuthCmdImplTest.java +++ b/src/test/java/com/github/dockerjava/core/command/AuthCmdImplTest.java @@ -1,20 +1,20 @@ package com.github.dockerjava.core.command; -import java.lang.reflect.Method; - -import org.testng.ITestResult; -import org.testng.annotations.AfterMethod; -import org.testng.annotations.AfterTest; -import org.testng.annotations.BeforeMethod; -import org.testng.annotations.BeforeTest; -import org.testng.annotations.Test; - import com.github.dockerjava.api.DockerClient; import com.github.dockerjava.api.DockerException; import com.github.dockerjava.api.UnauthorizedException; +import com.github.dockerjava.api.model.AuthResponse; import com.github.dockerjava.client.AbstractDockerClientTest; import com.github.dockerjava.core.DockerClientBuilder; import com.github.dockerjava.core.DockerClientConfig; +import org.testng.ITestResult; +import org.testng.annotations.*; + +import java.lang.reflect.Method; + +import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.core.IsNot.not; +import static org.hamcrest.core.StringContains.containsString; @Test(groups = "integration") public class AuthCmdImplTest extends AbstractDockerClientTest { @@ -41,8 +41,10 @@ public void afterMethod(ITestResult result) { @Test public void testAuth() throws Exception { - dockerClient.authCmd().exec(); - } + AuthResponse response = dockerClient.authCmd().exec(); + + assertThat(response.getStatus(), not(containsString("Account created"))); + } @Test public void testAuthInvalid() throws Exception { From f4d347600f0570d0cd780686c567f1c6cbc35018 Mon Sep 17 00:00:00 2001 From: Alex Collins Date: Sun, 2 Nov 2014 23:04:54 +0000 Subject: [PATCH 03/18] create a private authenticated local repository --- README.md | 12 +---- build-docker-registry.sh | 5 +++ docker-auth-registry/Dockerfile | 17 +++++++ docker-auth-registry/README.md | 8 ++++ docker-auth-registry/build.sh | 8 ++++ docker-auth-registry/docker-registry.conf | 5 +++ docker-auth-registry/docker-registry.htpasswd | 1 + docker-auth-registry/nginx.conf | 44 +++++++++++++++++++ docker-auth-registry/run.sh | 6 +++ docker-auth-registry/start.sh | 8 ++++ docker-auth-registry/test.sh | 6 +++ .../client/AbstractDockerClientTest.java | 24 ++++++---- .../core/command/AuthCmdImplTest.java | 18 +++----- 13 files changed, 129 insertions(+), 33 deletions(-) create mode 100644 build-docker-registry.sh create mode 100644 docker-auth-registry/Dockerfile create mode 100644 docker-auth-registry/README.md create mode 100755 docker-auth-registry/build.sh create mode 100644 docker-auth-registry/docker-registry.conf create mode 100644 docker-auth-registry/docker-registry.htpasswd create mode 100644 docker-auth-registry/nginx.conf create mode 100755 docker-auth-registry/run.sh create mode 100755 docker-auth-registry/start.sh create mode 100755 docker-auth-registry/test.sh diff --git a/README.md b/README.md index 38cd47fbe..26c148c88 100644 --- a/README.md +++ b/README.md @@ -17,17 +17,7 @@ Developer forum for [docker-java](https://groups.google.com/forum/?hl=de#!forum/ * Docker daemon running * Docker private repository running (see below). -You'll need to be running a local private registry, as per [the quick start instructions](https://github.com/docker/docker-registry): - - $ docker run -p 5000:5000 registry - - If you're using boot2docker, set-up a port forward: - - $ VBoxManage controlvm boot2docker-vm natpf1 "5000,tcp,127.0.0.1,5000,,5000" - -You can remove this forward later using: - - $ VBoxManage controlvm boot2docker-vm natpf1 delete 5000 +You'll need to be running a local private registry, as per [these instructions](docker-auth-registry/README.md): The Maven build includes integration tests which are using a localhost instance of Docker and require manual setup. Make sure you have a local Docker daemon running and then provide your https://registry.hub.docker.com/account/login/ information via system properties: diff --git a/build-docker-registry.sh b/build-docker-registry.sh new file mode 100644 index 000000000..568845179 --- /dev/null +++ b/build-docker-registry.sh @@ -0,0 +1,5 @@ +#! /bin/sh +set -eux + +git clone https://github.com/docker/docker-registry +cp docker-registry/contrib/nginx/nginx_1–3–9.conf /etc/nginx/conf.d/ \ No newline at end of file diff --git a/docker-auth-registry/Dockerfile b/docker-auth-registry/Dockerfile new file mode 100644 index 000000000..4a663bc00 --- /dev/null +++ b/docker-auth-registry/Dockerfile @@ -0,0 +1,17 @@ +# https://medium.com/@deeeet/building-private-docker-registry-with-basic-authentication-with-self-signed-certificate-using-it-e6329085e612 + +FROM registry + +RUN apt-get update +RUN apt-get install -y nginx + +ADD nginx.conf /etc/nginx/ +ADD docker-registry.conf /etc/nginx/ + +ADD docker-registry.htpasswd /etc/nginx/ + +EXPOSE 5001 + +ADD start.sh . + +CMD ./start.sh diff --git a/docker-auth-registry/README.md b/docker-auth-registry/README.md new file mode 100644 index 000000000..86a6bca0f --- /dev/null +++ b/docker-auth-registry/README.md @@ -0,0 +1,8 @@ +Set-up a Docker Registry with Plain Text Authentication +-- + +This creates a registry that runs locally with plain text authentication set-up. + + ./build.sh + ./run.sh + ./test.sh diff --git a/docker-auth-registry/build.sh b/docker-auth-registry/build.sh new file mode 100755 index 000000000..6cccf6d5c --- /dev/null +++ b/docker-auth-registry/build.sh @@ -0,0 +1,8 @@ +#! /bin/sh +set -eux + +docker build -t auth-registry . + +if [ "$(which boot2docker)" != "" ]; then + VBoxManage controlvm boot2docker-vm natpf1 "5001,tcp,127.0.0.1,5001,,5001" || true +fi diff --git a/docker-auth-registry/docker-registry.conf b/docker-auth-registry/docker-registry.conf new file mode 100644 index 000000000..6173e5ca3 --- /dev/null +++ b/docker-auth-registry/docker-registry.conf @@ -0,0 +1,5 @@ +proxy_pass http://docker-registry; +proxy_set_header Host $http_host; # required for docker client's sake +proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP +proxy_set_header Authorization ""; # see https://github.com/dotcloud/docker-registry/issues/170 +proxy_read_timeout 900; diff --git a/docker-auth-registry/docker-registry.htpasswd b/docker-auth-registry/docker-registry.htpasswd new file mode 100644 index 000000000..ccd2a76fd --- /dev/null +++ b/docker-auth-registry/docker-registry.htpasswd @@ -0,0 +1 @@ +docker-java:$apr1$nhxYQXIn$s93lYeFNs66YAXwQerlHL0 diff --git a/docker-auth-registry/nginx.conf b/docker-auth-registry/nginx.conf new file mode 100644 index 000000000..8a11c2298 --- /dev/null +++ b/docker-auth-registry/nginx.conf @@ -0,0 +1,44 @@ +http { +# FYI: Chunking requires nginx-extras package on Debian Wheezy and some Ubuntu versions +# See chunking http://wiki.nginx.org/HttpChunkinModule +# Replace with appropriate values where necessary + +upstream docker-registry { + server localhost:5000; +} + +# uncomment if you want a 301 redirect for users attempting to connect +# on port 80 +# NOTE: docker client will still fail. This is just for convenience +# server { +# listen *:80; +# server_name my.docker.registry.com; +# return 301 https://$server_name$request_uri; +# } + +server { + listen 5001; + server_name my.docker.registry.com; + + client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads + + location / { + auth_basic "Restricted"; + auth_basic_user_file docker-registry.htpasswd; + include docker-registry.conf; + } + + location /_ping { + auth_basic off; + include docker-registry.conf; + } + + location /v1/_ping { + auth_basic off; + include docker-registry.conf; + } +} +} +events { + worker_connections 1024; +} \ No newline at end of file diff --git a/docker-auth-registry/run.sh b/docker-auth-registry/run.sh new file mode 100755 index 000000000..5a338dded --- /dev/null +++ b/docker-auth-registry/run.sh @@ -0,0 +1,6 @@ +#! /bin/sh +set -eux + +docker kill $(docker ps -q) || true + +docker run -p 5001:5001 auth-registry \ No newline at end of file diff --git a/docker-auth-registry/start.sh b/docker-auth-registry/start.sh new file mode 100755 index 000000000..c12ea4ed7 --- /dev/null +++ b/docker-auth-registry/start.sh @@ -0,0 +1,8 @@ +#! /bin/sh +set -eux + +docker-registry & +nginx + +wait + diff --git a/docker-auth-registry/test.sh b/docker-auth-registry/test.sh new file mode 100755 index 000000000..7d78b36d7 --- /dev/null +++ b/docker-auth-registry/test.sh @@ -0,0 +1,6 @@ +#! /bin/sh +set -eux + +curl http://localhost:5001/v1/_ping +curl http://localhost:5001/v1/users/ --basic --user docker-java:docker-java + diff --git a/src/test/java/com/github/dockerjava/client/AbstractDockerClientTest.java b/src/test/java/com/github/dockerjava/client/AbstractDockerClientTest.java index 91d0c9072..369624342 100644 --- a/src/test/java/com/github/dockerjava/client/AbstractDockerClientTest.java +++ b/src/test/java/com/github/dockerjava/client/AbstractDockerClientTest.java @@ -31,14 +31,7 @@ public abstract class AbstractDockerClientTest extends Assert { public void beforeTest() { LOG.info("======================= BEFORETEST ======================="); LOG.info("Connecting to Docker server"); - dockerClient = DockerClientBuilder.getInstance( - DockerClientConfig.createDefaultConfigBuilder() - .withServerAddress("http://localhost:5000") - .withUsername("docker-java") - .withPassword("docker-java") - .withEmail("docker-java@github.com") - .build() - ) + dockerClient = DockerClientBuilder.getInstance(config()) .withDockerCmdExecFactory(dockerCmdExecFactory) .build(); @@ -52,7 +45,20 @@ public void beforeTest() { LOG.info("======================= END OF BEFORETEST =======================\n\n"); } - public void afterTest() { + private DockerClientConfig config() { + return config("docker-java"); + } + + protected DockerClientConfig config(String password) { + return DockerClientConfig.createDefaultConfigBuilder() + .withServerAddress("http://localhost:5001") + .withUsername("docker-java") + .withPassword(password) + .withEmail("docker-java@github.com") + .build(); + } + + public void afterTest() { LOG.info("======================= END OF AFTERTEST ======================="); } diff --git a/src/test/java/com/github/dockerjava/core/command/AuthCmdImplTest.java b/src/test/java/com/github/dockerjava/core/command/AuthCmdImplTest.java index 798342817..950111497 100644 --- a/src/test/java/com/github/dockerjava/core/command/AuthCmdImplTest.java +++ b/src/test/java/com/github/dockerjava/core/command/AuthCmdImplTest.java @@ -1,21 +1,15 @@ package com.github.dockerjava.core.command; -import com.github.dockerjava.api.DockerClient; import com.github.dockerjava.api.DockerException; import com.github.dockerjava.api.UnauthorizedException; import com.github.dockerjava.api.model.AuthResponse; import com.github.dockerjava.client.AbstractDockerClientTest; import com.github.dockerjava.core.DockerClientBuilder; -import com.github.dockerjava.core.DockerClientConfig; import org.testng.ITestResult; import org.testng.annotations.*; import java.lang.reflect.Method; -import static org.hamcrest.MatcherAssert.assertThat; -import static org.hamcrest.core.IsNot.not; -import static org.hamcrest.core.StringContains.containsString; - @Test(groups = "integration") public class AuthCmdImplTest extends AbstractDockerClientTest { @@ -43,19 +37,17 @@ public void afterMethod(ITestResult result) { public void testAuth() throws Exception { AuthResponse response = dockerClient.authCmd().exec(); - assertThat(response.getStatus(), not(containsString("Account created"))); + assertEquals(response.getStatus(), "Login Succeeded"); } @Test public void testAuthInvalid() throws Exception { - DockerClientConfig config = DockerClientConfig.createDefaultConfigBuilder().withPassword("garbage").build(); - DockerClient client = DockerClientBuilder.getInstance(config).withDockerCmdExecFactory(dockerCmdExecFactory).build(); - - try { - client.authCmd().exec(); + + try { + DockerClientBuilder.getInstance(config("garbage")).build().authCmd().exec(); fail("Expected a UnauthorizedException caused by a bad password."); } catch (UnauthorizedException e) { - + assertEquals(e.getMessage(), "Wrong login/password, please try again\n"); } } } From 402fa2b1e3d146083ae71128d3209ab4a5a30bd2 Mon Sep 17 00:00:00 2001 From: Alex Collins Date: Sun, 2 Nov 2014 23:19:08 +0000 Subject: [PATCH 04/18] updated default username/password to be just "dockerjava" as hyphen is not allowed in usernames by Docker --- docker-auth-registry/Dockerfile | 2 -- docker-auth-registry/README.md | 2 ++ docker-auth-registry/docker-registry.htpasswd | 2 +- docker-auth-registry/test.sh | 2 +- .../dockerjava/client/AbstractDockerClientTest.java | 11 ++++++----- 5 files changed, 10 insertions(+), 9 deletions(-) diff --git a/docker-auth-registry/Dockerfile b/docker-auth-registry/Dockerfile index 4a663bc00..a1ff436aa 100644 --- a/docker-auth-registry/Dockerfile +++ b/docker-auth-registry/Dockerfile @@ -1,5 +1,3 @@ -# https://medium.com/@deeeet/building-private-docker-registry-with-basic-authentication-with-self-signed-certificate-using-it-e6329085e612 - FROM registry RUN apt-get update diff --git a/docker-auth-registry/README.md b/docker-auth-registry/README.md index 86a6bca0f..93a703fd5 100644 --- a/docker-auth-registry/README.md +++ b/docker-auth-registry/README.md @@ -6,3 +6,5 @@ This creates a registry that runs locally with plain text authentication set-up. ./build.sh ./run.sh ./test.sh + +Based on . \ No newline at end of file diff --git a/docker-auth-registry/docker-registry.htpasswd b/docker-auth-registry/docker-registry.htpasswd index ccd2a76fd..8288b1606 100644 --- a/docker-auth-registry/docker-registry.htpasswd +++ b/docker-auth-registry/docker-registry.htpasswd @@ -1 +1 @@ -docker-java:$apr1$nhxYQXIn$s93lYeFNs66YAXwQerlHL0 +dockerjava:$apr1$9s.aEJml$nivZMa6GEWnJA/FhpTPbj0 diff --git a/docker-auth-registry/test.sh b/docker-auth-registry/test.sh index 7d78b36d7..a71409a80 100755 --- a/docker-auth-registry/test.sh +++ b/docker-auth-registry/test.sh @@ -2,5 +2,5 @@ set -eux curl http://localhost:5001/v1/_ping -curl http://localhost:5001/v1/users/ --basic --user docker-java:docker-java +curl http://localhost:5001/v1/users/ --basic --user dockerjava:dockerjava diff --git a/src/test/java/com/github/dockerjava/client/AbstractDockerClientTest.java b/src/test/java/com/github/dockerjava/client/AbstractDockerClientTest.java index 369624342..e0d198b8d 100644 --- a/src/test/java/com/github/dockerjava/client/AbstractDockerClientTest.java +++ b/src/test/java/com/github/dockerjava/client/AbstractDockerClientTest.java @@ -23,8 +23,9 @@ public abstract class AbstractDockerClientTest extends Assert { public static final Logger LOG = LoggerFactory .getLogger(AbstractDockerClientTest.class); - - protected DockerClient dockerClient; + public static final String DOCKER_JAVA = "dockerjava"; + + protected DockerClient dockerClient; protected TestDockerCmdExecFactory dockerCmdExecFactory = new TestDockerCmdExecFactory(DockerClientBuilder.getDefaultDockerCmdExecFactory()); @@ -46,15 +47,15 @@ public void beforeTest() { } private DockerClientConfig config() { - return config("docker-java"); + return config(DOCKER_JAVA); } protected DockerClientConfig config(String password) { return DockerClientConfig.createDefaultConfigBuilder() .withServerAddress("http://localhost:5001") - .withUsername("docker-java") + .withUsername(DOCKER_JAVA) .withPassword(password) - .withEmail("docker-java@github.com") + .withEmail(DOCKER_JAVA + "@github.com") .build(); } From e5af72c5e6045996fea22c7974de80cc62a61388 Mon Sep 17 00:00:00 2001 From: Alex Collins Date: Sun, 2 Nov 2014 23:19:27 +0000 Subject: [PATCH 05/18] added debugging to PushImageCmdImplTest as it is failing --- .../github/dockerjava/core/command/PushImageCmdImplTest.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/test/java/com/github/dockerjava/core/command/PushImageCmdImplTest.java b/src/test/java/com/github/dockerjava/core/command/PushImageCmdImplTest.java index e64aaa7be..2e2c9134d 100644 --- a/src/test/java/com/github/dockerjava/core/command/PushImageCmdImplTest.java +++ b/src/test/java/com/github/dockerjava/core/command/PushImageCmdImplTest.java @@ -51,12 +51,13 @@ public void pushLatest() throws Exception { assertThat(container.getId(), not(isEmptyString())); - LOG.info("Commiting container: {}", container.toString()); + LOG.info("Committing container: {}", container.toString()); String imageId = dockerClient.commitCmd(container.getId()).withRepository(username + "/busybox").exec(); // we have to block until image is pushed asString(dockerClient.pushImageCmd(username + "/busybox").exec()); + LOG.info("Removing image: {}", imageId); dockerClient.removeImageCmd(imageId).exec(); String response = asString(dockerClient.pullImageCmd(username + "/busybox").exec()); From 6c84ba30cb273f037c1f9dcc9a4494381d5434d5 Mon Sep 17 00:00:00 2001 From: Alex Collins Date: Sun, 2 Nov 2014 23:21:25 +0000 Subject: [PATCH 06/18] removed file accidentally committed --- build-docker-registry.sh | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 build-docker-registry.sh diff --git a/build-docker-registry.sh b/build-docker-registry.sh deleted file mode 100644 index 568845179..000000000 --- a/build-docker-registry.sh +++ /dev/null @@ -1,5 +0,0 @@ -#! /bin/sh -set -eux - -git clone https://github.com/docker/docker-registry -cp docker-registry/contrib/nginx/nginx_1–3–9.conf /etc/nginx/conf.d/ \ No newline at end of file From f0f232fc3996381c4003dc2a31084a806edab723 Mon Sep 17 00:00:00 2001 From: "alex.collins" Date: Mon, 3 Nov 2014 17:15:30 +0000 Subject: [PATCH 07/18] fixed twitch tests in DockerClientImpl --- src/main/java/com/github/dockerjava/core/DockerClientImpl.java | 2 -- .../java/com/github/dockerjava/core/DockerClientConfigTest.java | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/src/main/java/com/github/dockerjava/core/DockerClientImpl.java b/src/main/java/com/github/dockerjava/core/DockerClientImpl.java index 4d88651ee..2630d26d4 100644 --- a/src/main/java/com/github/dockerjava/core/DockerClientImpl.java +++ b/src/main/java/com/github/dockerjava/core/DockerClientImpl.java @@ -71,8 +71,6 @@ private DockerCmdExecFactory getDockerCmdExecFactory() { public AuthConfig authConfig() { checkNotNull(dockerClientConfig.getUsername(), "Configured username is null."); - checkNotNull(dockerClientConfig.getPassword(), "Configured password is null."); - checkNotNull(dockerClientConfig.getEmail(), "Configured email is null."); checkNotNull(dockerClientConfig.getServerAddress(), "Configured serverAddress is null."); AuthConfig authConfig = new AuthConfig(); diff --git a/src/test/java/com/github/dockerjava/core/DockerClientConfigTest.java b/src/test/java/com/github/dockerjava/core/DockerClientConfigTest.java index b05d8c6b7..ac7024f52 100644 --- a/src/test/java/com/github/dockerjava/core/DockerClientConfigTest.java +++ b/src/test/java/com/github/dockerjava/core/DockerClientConfigTest.java @@ -34,7 +34,7 @@ public void equals() throws Exception { public void environmentDockerHost() throws Exception { // given docker host in env - Map env = new HashMap(System.getenv()); + Map env = new HashMap(); env.put("DOCKER_HOST", "tcp://baz:8768"); // when you build a config From bbeb6dc617161ba27ff4f409a50d6fea67d04454 Mon Sep 17 00:00:00 2001 From: "alex.collins" Date: Tue, 4 Nov 2014 19:06:30 +0000 Subject: [PATCH 08/18] make version default to null (i.e. absent and autodetect) --- src/main/resources/docker.io.properties | 1 - .../java/com/github/dockerjava/core/DockerClientConfigTest.java | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/src/main/resources/docker.io.properties b/src/main/resources/docker.io.properties index 3d9c7149e..2188cff37 100644 --- a/src/main/resources/docker.io.properties +++ b/src/main/resources/docker.io.properties @@ -1,5 +1,4 @@ docker.io.url=https://localhost:2376 -docker.io.version=1.15 docker.io.enableLoggingFilter=true docker.io.dockerCertPath=${user.home}/.docker docker.io.username=${user.name} diff --git a/src/test/java/com/github/dockerjava/core/DockerClientConfigTest.java b/src/test/java/com/github/dockerjava/core/DockerClientConfigTest.java index ac7024f52..f14640b07 100644 --- a/src/test/java/com/github/dockerjava/core/DockerClientConfigTest.java +++ b/src/test/java/com/github/dockerjava/core/DockerClientConfigTest.java @@ -101,7 +101,7 @@ public void defaults() throws Exception { assertEquals(config.getUri(), URI.create("https://localhost:2376")); assertEquals(config.getUsername(), "someUserName"); assertEquals(config.getServerAddress(), AuthConfig.DEFAULT_SERVER_ADDRESS); - assertEquals(config.getVersion(), "1.15"); + assertEquals(config.getVersion(), null); assertEquals(config.isLoggingFilterEnabled(), true); assertEquals(config.getDockerCertPath(), "someHomeDir/.docker"); } From 338851901dc2bf71595db00e99c00adcf72f5ffd Mon Sep 17 00:00:00 2001 From: "alex.collins" Date: Tue, 4 Nov 2014 19:40:44 +0000 Subject: [PATCH 09/18] pem files for SSL --- docker-auth-registry/Dockerfile | 3 +++ docker-auth-registry/build.sh | 20 +++++++++++++++++++ docker-auth-registry/ca-key.pem | 30 ++++++++++++++++++++++++++++ docker-auth-registry/ca.pem | 22 ++++++++++++++++++++ docker-auth-registry/ca.srl | 1 + docker-auth-registry/server-cert.pem | 18 +++++++++++++++++ docker-auth-registry/server-key.pem | 27 +++++++++++++++++++++++++ docker-auth-registry/server.csr | 15 ++++++++++++++ 8 files changed, 136 insertions(+) create mode 100644 docker-auth-registry/ca-key.pem create mode 100644 docker-auth-registry/ca.pem create mode 100644 docker-auth-registry/ca.srl create mode 100644 docker-auth-registry/server-cert.pem create mode 100644 docker-auth-registry/server-key.pem create mode 100644 docker-auth-registry/server.csr diff --git a/docker-auth-registry/Dockerfile b/docker-auth-registry/Dockerfile index a1ff436aa..7780dc486 100644 --- a/docker-auth-registry/Dockerfile +++ b/docker-auth-registry/Dockerfile @@ -3,6 +3,9 @@ FROM registry RUN apt-get update RUN apt-get install -y nginx +ADD server-cert.pem /etc/ssl/certs/docker-registry +ADD server-key.pem /etc/ssl/private/docker-registry + ADD nginx.conf /etc/nginx/ ADD docker-registry.conf /etc/nginx/ diff --git a/docker-auth-registry/build.sh b/docker-auth-registry/build.sh index 6cccf6d5c..784858fec 100755 --- a/docker-auth-registry/build.sh +++ b/docker-auth-registry/build.sh @@ -1,8 +1,28 @@ #! /bin/sh set -eux +if [ ! -e server-key.pem ]; then + echo "enter dockerjava each time you are asked for a pass-phase, press enter for everything else" + + echo 01 > ca.srl + openssl genrsa -des3 -out ca-key.pem 2048 + openssl req -new -x509 -days 365 -key ca-key.pem -out ca.pem + openssl genrsa -des3 -out server-key.pem 2048 + openssl req -subj '/CN=localhost' -new -key server-key.pem -out server.csr + openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem -out server-cert.pem + openssl rsa -in server-key.pem -out server-key.pem +fi + docker build -t auth-registry . if [ "$(which boot2docker)" != "" ]; then + B=$(echo $DOCKER_HOST|sed 's/.*\/\(.*\):.*/\1/') + + scp -i ~/.ssh/id_boot2docker ca.pem docker@$B: + + echo "sudo su - +chmod +w /etc/ssl/certs/ca-certificates.crt +cat ca.pem >> /etc/ssl/certs/ca-certificates.crt" | boot2docker ssh + VBoxManage controlvm boot2docker-vm natpf1 "5001,tcp,127.0.0.1,5001,,5001" || true fi diff --git a/docker-auth-registry/ca-key.pem b/docker-auth-registry/ca-key.pem new file mode 100644 index 000000000..0db29a49d --- /dev/null +++ b/docker-auth-registry/ca-key.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,73BD3223857CCE6D + +rPSVPVC+qyguEaHhLhNFaqlRRdaCmTm5QH1bBqo3R+GJ7E28u7KmUhVyYXXI7uW9 +CsDnTIYV2Lh+wJ3aWcYpevHnFSdwELYkzVgCAdOI3vwl5sDJbgBHolIMd8lxaeUW +Yjb5t6E+HoOJGt1Os5Si3etS40o9hwc0l/FEASWCK0DQdHanUra2SIfOxOdd0p4Q +q/dr5ISmSVpCHGSwl04WF95PnV7+glkT8MuJqcp1jdb3iZNjZsnIzameBLtRWw1P +G7HxfeKtMJ8Fz9hV17OPFi7DeuPnS7xzcvj6JCGWQxPTi684Q6VReNjrNAqIK2jr +GuYxXUHVeYp4BUwO9o6/sK3cAj6X7khzRZ8Oz/ELl8MPV6ekFI4bWRXzPGHtG3AB +mN1NR4KZrBJiLOx770fhVxn7qbTc/eBd/r0tcfsVnMrOBqTQueyaGhEMiUf/lYY5 +l3llhYb0UBgzteValM4VIaVj0aizpV1xBkPZHkpQAw4nJPrykDNRXKrgZdTQLhif +zKjol+3UKMGrMvZA8DVBI7g93sxC34lk9y8V58LnX6lx3WDIz381Mer6D6+FDQoN +taGC1EpiU2Bb6zyxVzg4thjYwCOLNWWbPAJF9DH/PZf+9dDGxrrhaZZ8nkT/bztB +UAa3nFszgUKL1bbpSundkRJpBxDLWXhP1lnti9+VaP8TwTNOdvLlgwJ7jsleSyTg +WzrTjSk8DY1LD5sT9gyNbyw7m9zlYGh1USgBMQ2BYCRerHUyjBx/Iryl4mws5EWa +3BJZCxzJCRFh+YKHzsn/I7ZWLrOAXlrqOFcepcoYrIXJzmgztCoLuAHQY8DNjkoT +CxEHtFiWEN3GsHHnNQD0uFDcRjMLu7F31XPUSVZWk9/2pQyXfp2/Eacdjb6x9xnK +QCzmK5P3sYY39+1S3RyzB3o3CgnAtX56B2pPg4NSM9RYPRhMwkHFx+MBwuL90i+q +YbJrskngQTMGphmTbGW7kZsxtzGanbM74NvRd43BewtpqY6TihEszrXBx7WHd3PP +QNKPTNkC71goyDNmZUTeQWkKOZE7jHqOKzuwnWyh8FhvfNIyz/NunHKfcwGElsQQ +HzuD3+VYnNatXbMAn63/5ovPqFwhalBIj5ars4UDqAXBpDg4mNKtzOZp4E9Get6J +VeAHynFRZIXOF7qIUTRPiLt2mriHRDtljZfUOlzZDgBo1OFcJwKkj+6mA1zDMcpq +veZyMLPvbUHzFYINP5GlEJtWPH6msFUiyyI0WlS4jfVqZgVXhclgOEu+x40xaTCF +9cjvVsq6tjsZ2IRUVTZlkPgycWHP/iRlkC/mRz/ypKP6dAMOc50kpgaOf6HZkWnH +ACUKEn+2QDVQ2CgPPS4BWeMgFAolXiG1zWvVz7ImVs7LJzLcsVMSypbk2O+ysIqt +57MB1gUwDrE6am0+0x1Ub5eWiA8XJDGZZfI0xTtaChqCcOWxXmyvjSuKng9KXB5y +v3JYtPoNaNqNXSibyIbVdn2vlwH2Jc6wm7se/xhyohMXQDlrC2y4sRXPwPghzAXx +khr0WAeW2CxqAMs/DAc6q6rEfOGfmhxla1JdfH6oKN4YiHZV5pqN8A== +-----END RSA PRIVATE KEY----- diff --git a/docker-auth-registry/ca.pem b/docker-auth-registry/ca.pem new file mode 100644 index 000000000..e9843a0e9 --- /dev/null +++ b/docker-auth-registry/ca.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDtTCCAp2gAwIBAgIJAMgLvS7V36/7MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQwHhcNMTQxMTA0MTkzOTU5WhcNMTUxMTA0MTkzOTU5WjBF +MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 +ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAqMYo+Yegm1tvkR1raYAyjl04RnE5kMYqgf+4qm5SJPnTMoHFujOJRueI +oXbU3NsWwoPTxK2bRbseYsrtiazv6tMTOD6Q5PPPWAJX4Rd+rIsPm8yTS7maY6oj +wWpWOdoAb4VKebsGlXtU6HjgRTTzwt6PLrivveG5XfL8f/MXw24nMIQcxd7TghPP +xrkTqbdhT0kEGmtzuRzhiRUueu6aGsRM47gcjUmlTcanLA2upGv79xYG6ctXFk9v +HvxDzBkI6IZAPdMi868BfTkC7e8FpwaL0xxLimzMNlJq81+ML6b7M9tCE6AkIFGJ +R1hYZlrdb2m5q1VSEp12KXnHt0af8wIDAQABo4GnMIGkMB0GA1UdDgQWBBTXCS2i +qGDSW4mBqZ+93jgNX04AhTB1BgNVHSMEbjBsgBTXCS2iqGDSW4mBqZ+93jgNX04A +haFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV +BAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMgLvS7V36/7MAwGA1UdEwQF +MAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAGXe/NpC+fLA9jwN2i8j+5oGILyyaM6t +IDicuLkCCd3Wmf6/esRVycspxdUWr3fT5irR+qIfW0ZQJAoEP7bNQGbdyZwv/k2j +45mLpMe9thr3KXib4VEh9wWBNygZ7JkvBMLUX1hYYKVa7Q35d+BWxysNTj4kemsB +eeRensWQAI84gPbCNTL4QAMCzNm15L1g/HZTcKh3+uoLmkPOOME1FcCmOqyPCoqQ +Q7b9DR8D7gqD6jbXM7j9QlhZXz66eDNU5p50jh9To+4xyvMTwIHGmxRPh8oRxMoz +LvQ0mWR3ktykHT2R7Rc036ExFJ+9M6OEU/UXBzLj0qha61lWFesZgaQ= +-----END CERTIFICATE----- diff --git a/docker-auth-registry/ca.srl b/docker-auth-registry/ca.srl new file mode 100644 index 000000000..9e22bcb8e --- /dev/null +++ b/docker-auth-registry/ca.srl @@ -0,0 +1 @@ +02 diff --git a/docker-auth-registry/server-cert.pem b/docker-auth-registry/server-cert.pem new file mode 100644 index 000000000..17ded5a73 --- /dev/null +++ b/docker-auth-registry/server-cert.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzTCCAbUCAQIwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV +BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 +ZDAeFw0xNDExMDQxOTQwMDRaFw0xNTExMDQxOTQwMDRaMBQxEjAQBgNVBAMTCWxv +Y2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKfRxskyD/zB +oaE1kUpfKnU2QHevcXFiEulA88UxsktWV9laekFmoFlEPJCV1Y3rZv52+whhAZM9 +p845qNdEMARohrGimKf+S/fybk6Jo+A+3Q2ZpKAyKZ6k6sAiWoHCkcRoCE8L/Apr +luyiCTbdavaBKEro/nlkeDfaFKjoraX/PEgfXtBjHH4r6xvpWEE7BWJ6jREkFIl0 +PyO4TJBmhL4btmTMKIiszO8ak3oXa72NKpjGR0Dll5utvveSxluQycGRe16ocGBZ +ihoLcHuNrJjbfo0wv+JA8mTNCnx+J3pnXoVCArkHpteTSABiB7lyLCM3DAEGEsOd +oKi57oGEwkECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAgsynmNIju8Oz23Vn/zvt +L7r0j1M5srFvNXx1lEVooaBhwdZ50jxMAWdp+mw4r6r17Ml7NJ9IEB4xFE3c3RUO +9OEDN2Y7bvxjWG2weGyA8WcCWPwdwikm6rTdT+g+pPVZadSStHqTNcYtGiAcbSXx +L4T6AdogcfLKbJhDDOo51wEmDEru/NHJmmL+f05oKtrANQXMUJcaF2B2pFZ4va8N +MjLs/kNHgG/i7xYAu/PxNFNwQEnXdzEZG0RQFPMfCo30aNhtKCXQz2/lDSx3kg7v +Xbovhg/wgIFk98w4R/26iqT4pa4Abl33SZj38Aho9yi/utJg7xiIoy4YFv+f9W8c +gQ== +-----END CERTIFICATE----- diff --git a/docker-auth-registry/server-key.pem b/docker-auth-registry/server-key.pem new file mode 100644 index 000000000..388ef1d30 --- /dev/null +++ b/docker-auth-registry/server-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAp9HGyTIP/MGhoTWRSl8qdTZAd69xcWIS6UDzxTGyS1ZX2Vp6 +QWagWUQ8kJXVjetm/nb7CGEBkz2nzjmo10QwBGiGsaKYp/5L9/JuTomj4D7dDZmk +oDIpnqTqwCJagcKRxGgITwv8CmuW7KIJNt1q9oEoSuj+eWR4N9oUqOitpf88SB9e +0GMcfivrG+lYQTsFYnqNESQUiXQ/I7hMkGaEvhu2ZMwoiKzM7xqTehdrvY0qmMZH +QOWXm62+95LGW5DJwZF7XqhwYFmKGgtwe42smNt+jTC/4kDyZM0KfH4nemdehUIC +uQem15NIAGIHuXIsIzcMAQYSw52gqLnugYTCQQIDAQABAoIBAAFWMGkl1u7CdBEe +phubinEIj5bkdNjcWR42gDqP3MWw2F5I1DR1Js3PN1RHfT32JAne1L0KWMLdeNqx +puCgEGnYk0oS63hbFCvTaIGDoySEG6qiEKed/qre0WfaXjIuZI7V7UsD42wJ01fr +KnufY9y2xqViGbTJ0hNPz15RDCEIVhtKvO8Z1zczxZYyKyj4Oq+mh/5VJSWVdoke +dg7QG1smH1QvS0R4rnmb4Z9Hhvf6Ux1StuTxIzMTSqKdP+AeR3H1rAXirHYltKd3 +OOe+H5hJypS43tRsB9qRqlv6cTKoaZPWkoyk11GXy6VO0ZvosqS5QD87HFCDIaO7 +tnXXCAECgYEA0Cr719q5k/HIBUw2C5owLy6ByzF73Yybgsw08flSZb31XLR8uwsy +AxQlN2OfLfEEt6Ym9GCFJBFd5gaSMOrZfV5iTO2DqxqqY9IovJjItTNxcIxDlanT +0ixV3apCaT6O7pWM4XdK2i6F14mD/ISCqjGbV4kB3q+tVpn96kn25GECgYEAzmFi +MLlzboj2oyE6+Lj/PEUHpQFtnpl7fz6A0KW14Jd0lV6YR1oxvfFX0jNUzzTZUsCu +6R0sZbQ/UKaDxsrgtTh1z4RrOJvqloDVxRFYau8IhmU90FRy4CvzSXC8ozYmyg0P +LWlFJ6p3vmQA54oeUS9z/sbMhLElLit/G/oCqeECgYA5FqCsiNJ+DT+ynDzyH535 +QoLb670xfB8l1sTqW1rKhjbk7qaKUT6s83hlYU/FNKT7jHiAanv48T5UGBc9jRqK +NDk3KagDY7O43mjHmArrDqmcmQrr34A00m3V9Zxy6nIeYisZpjKD9WBFRPRKazi+ +Xg5hCjTWEk2yQ1cMSq6H4QKBgEv1acdXKlYfkO8/ls3egQp0ubiQiwEZqmuN3Klu +pD9SXzVuyItSdgZb4p/aBrfw0p/zjSz9cM7KBZewgcXT+9qXOj0zlqcSM8hLCOLs +XGeXLMMSVirsOg+p/XQlSzijAKnTHqfvG+XahxILCo4ttrTYy0+VacbY0D9rAPCS +FxLhAoGBALFasz705seizxNaUbv/CmjYu7Fpy1nmJq1n4yXzhNn/1mPlDD4xU2LE +GFc5PtzdjAGg1pFetPQeui7LJScdZGrotU9OlOyccDZwkhm5F2f7D6RSp5uzoB5H +2hyqGV7fkQ5e0FbBEcYwblsfqrEwA4punAuMCJa7MMpKHBjqt9/7 +-----END RSA PRIVATE KEY----- diff --git a/docker-auth-registry/server.csr b/docker-auth-registry/server.csr new file mode 100644 index 000000000..8d1aa537b --- /dev/null +++ b/docker-auth-registry/server.csr @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICWTCCAUECAQAwFDESMBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAp9HGyTIP/MGhoTWRSl8qdTZAd69xcWIS6UDzxTGy +S1ZX2Vp6QWagWUQ8kJXVjetm/nb7CGEBkz2nzjmo10QwBGiGsaKYp/5L9/JuTomj +4D7dDZmkoDIpnqTqwCJagcKRxGgITwv8CmuW7KIJNt1q9oEoSuj+eWR4N9oUqOit +pf88SB9e0GMcfivrG+lYQTsFYnqNESQUiXQ/I7hMkGaEvhu2ZMwoiKzM7xqTehdr +vY0qmMZHQOWXm62+95LGW5DJwZF7XqhwYFmKGgtwe42smNt+jTC/4kDyZM0KfH4n +emdehUICuQem15NIAGIHuXIsIzcMAQYSw52gqLnugYTCQQIDAQABoAAwDQYJKoZI +hvcNAQEFBQADggEBACrZ6CdZET4uqCfBeN2qxPAHopmrIRrZpy+0l41ogYW1ZAht +xQwGmlleTdbBge6bPwOg2tU88IL1+q4jl5dyyvq0YBpCZKlIxhbG0h21+lUbQnNe +3lqcgdgBGeVEO+nyWd7HXSuK43kbRlRAt4dBdlXDa9vCQFj6HXanlwRr9Org6RTn +i4opE7KrgiTqHEHkqRv3OmaCFYBR0YJgU6KrwRTkynukayF6OKY4qKUximcA5TUZ +bzo60MCY01QoM3N+wdebYtrc0YbgKeIz2/LXeJx8CeZHxB5ScUo4I6BQ06fPeor1 +CVsUCx6Jc8hZYGr2VIgOqfcSnNiaZrmhzkInRIs= +-----END CERTIFICATE REQUEST----- From e06b2a42068883a202ce20f0c5d6115bd433a84b Mon Sep 17 00:00:00 2001 From: "alex.collins" Date: Tue, 4 Nov 2014 20:46:18 +0000 Subject: [PATCH 10/18] moved files around --- README.md | 16 ++-- docker-auth-registry/README.md | 2 +- docker-auth-registry/build.sh | 28 ------- docker-auth-registry/ca-key.pem | 30 ------- docker-auth-registry/ca.pem | 22 ----- .../{ => container}/Dockerfile | 2 +- docker-auth-registry/container/ca-key.pem | 30 +++++++ docker-auth-registry/container/ca.pem | 24 ++++++ docker-auth-registry/{ => container}/ca.srl | 0 .../{ => container}/docker-registry.conf | 0 .../{ => container}/docker-registry.htpasswd | 0 .../{ => container}/nginx.conf | 11 ++- .../container/server-cert.pem | 18 ++++ docker-auth-registry/container/server-key.pem | 27 ++++++ docker-auth-registry/container/server.csr | 15 ++++ docker-auth-registry/{ => container}/start.sh | 0 docker-auth-registry/registry.sh | 84 +++++++++++++++++++ docker-auth-registry/run.sh | 6 -- docker-auth-registry/server-cert.pem | 18 ---- docker-auth-registry/server-key.pem | 27 ------ docker-auth-registry/server.csr | 15 ---- docker-auth-registry/test.sh | 6 -- 22 files changed, 219 insertions(+), 162 deletions(-) delete mode 100755 docker-auth-registry/build.sh delete mode 100644 docker-auth-registry/ca-key.pem delete mode 100644 docker-auth-registry/ca.pem rename docker-auth-registry/{ => container}/Dockerfile (96%) create mode 100644 docker-auth-registry/container/ca-key.pem create mode 100644 docker-auth-registry/container/ca.pem rename docker-auth-registry/{ => container}/ca.srl (100%) rename docker-auth-registry/{ => container}/docker-registry.conf (100%) rename docker-auth-registry/{ => container}/docker-registry.htpasswd (100%) rename docker-auth-registry/{ => container}/nginx.conf (78%) create mode 100644 docker-auth-registry/container/server-cert.pem create mode 100644 docker-auth-registry/container/server-key.pem create mode 100644 docker-auth-registry/container/server.csr rename docker-auth-registry/{ => container}/start.sh (100%) create mode 100755 docker-auth-registry/registry.sh delete mode 100755 docker-auth-registry/run.sh delete mode 100644 docker-auth-registry/server-cert.pem delete mode 100644 docker-auth-registry/server-key.pem delete mode 100644 docker-auth-registry/server.csr delete mode 100755 docker-auth-registry/test.sh diff --git a/README.md b/README.md index 26c148c88..46c75531e 100644 --- a/README.md +++ b/README.md @@ -17,9 +17,13 @@ Developer forum for [docker-java](https://groups.google.com/forum/?hl=de#!forum/ * Docker daemon running * Docker private repository running (see below). -You'll need to be running a local private registry, as per [these instructions](docker-auth-registry/README.md): +You'll need to be running a local private registry, as per [these instructions](docker-auth-registry/README.md): -The Maven build includes integration tests which are using a localhost instance of Docker and require manual setup. Make sure you have a local Docker daemon running and then provide your https://registry.hub.docker.com/account/login/ information via system properties: +If you need SSL, then you'll need to put your `*.pem` file into `~/.docker/`, if you're using boot2docker, do this: + + $ ln -s /Users/alex.collins/.boot2docker/certs/boot2docker-vm .docker + +Build and run integration tests as follows: $ mvn clean install @@ -80,10 +84,10 @@ There are a couple of configuration items, all of which have sensible defaults: * `url` The Docker URL, e.g. `https://localhost:2376`. * `version` The API version, e.g. `1.15`. -* `username` Your repository username (required to push containers). -* `password` Your repository password. -* `email` Your repository email. -* `serverAddress` Your repository's address. +* `username` Your register username (required to push containers). +* `password` Your register password. +* `email` Your register email. +* `serverAddress` Your register's address. * `dockerCertPath` Path to the docker certs. There are three ways to configure, in descending order of precedence: diff --git a/docker-auth-registry/README.md b/docker-auth-registry/README.md index 93a703fd5..7bf17f1c5 100644 --- a/docker-auth-registry/README.md +++ b/docker-auth-registry/README.md @@ -4,7 +4,7 @@ Set-up a Docker Registry with Plain Text Authentication This creates a registry that runs locally with plain text authentication set-up. ./build.sh - ./run.sh + ./start-registry.sh ./test.sh Based on . \ No newline at end of file diff --git a/docker-auth-registry/build.sh b/docker-auth-registry/build.sh deleted file mode 100755 index 784858fec..000000000 --- a/docker-auth-registry/build.sh +++ /dev/null @@ -1,28 +0,0 @@ -#! /bin/sh -set -eux - -if [ ! -e server-key.pem ]; then - echo "enter dockerjava each time you are asked for a pass-phase, press enter for everything else" - - echo 01 > ca.srl - openssl genrsa -des3 -out ca-key.pem 2048 - openssl req -new -x509 -days 365 -key ca-key.pem -out ca.pem - openssl genrsa -des3 -out server-key.pem 2048 - openssl req -subj '/CN=localhost' -new -key server-key.pem -out server.csr - openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem -out server-cert.pem - openssl rsa -in server-key.pem -out server-key.pem -fi - -docker build -t auth-registry . - -if [ "$(which boot2docker)" != "" ]; then - B=$(echo $DOCKER_HOST|sed 's/.*\/\(.*\):.*/\1/') - - scp -i ~/.ssh/id_boot2docker ca.pem docker@$B: - - echo "sudo su - -chmod +w /etc/ssl/certs/ca-certificates.crt -cat ca.pem >> /etc/ssl/certs/ca-certificates.crt" | boot2docker ssh - - VBoxManage controlvm boot2docker-vm natpf1 "5001,tcp,127.0.0.1,5001,,5001" || true -fi diff --git a/docker-auth-registry/ca-key.pem b/docker-auth-registry/ca-key.pem deleted file mode 100644 index 0db29a49d..000000000 --- a/docker-auth-registry/ca-key.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,73BD3223857CCE6D - -rPSVPVC+qyguEaHhLhNFaqlRRdaCmTm5QH1bBqo3R+GJ7E28u7KmUhVyYXXI7uW9 -CsDnTIYV2Lh+wJ3aWcYpevHnFSdwELYkzVgCAdOI3vwl5sDJbgBHolIMd8lxaeUW -Yjb5t6E+HoOJGt1Os5Si3etS40o9hwc0l/FEASWCK0DQdHanUra2SIfOxOdd0p4Q -q/dr5ISmSVpCHGSwl04WF95PnV7+glkT8MuJqcp1jdb3iZNjZsnIzameBLtRWw1P -G7HxfeKtMJ8Fz9hV17OPFi7DeuPnS7xzcvj6JCGWQxPTi684Q6VReNjrNAqIK2jr -GuYxXUHVeYp4BUwO9o6/sK3cAj6X7khzRZ8Oz/ELl8MPV6ekFI4bWRXzPGHtG3AB -mN1NR4KZrBJiLOx770fhVxn7qbTc/eBd/r0tcfsVnMrOBqTQueyaGhEMiUf/lYY5 -l3llhYb0UBgzteValM4VIaVj0aizpV1xBkPZHkpQAw4nJPrykDNRXKrgZdTQLhif -zKjol+3UKMGrMvZA8DVBI7g93sxC34lk9y8V58LnX6lx3WDIz381Mer6D6+FDQoN -taGC1EpiU2Bb6zyxVzg4thjYwCOLNWWbPAJF9DH/PZf+9dDGxrrhaZZ8nkT/bztB -UAa3nFszgUKL1bbpSundkRJpBxDLWXhP1lnti9+VaP8TwTNOdvLlgwJ7jsleSyTg -WzrTjSk8DY1LD5sT9gyNbyw7m9zlYGh1USgBMQ2BYCRerHUyjBx/Iryl4mws5EWa -3BJZCxzJCRFh+YKHzsn/I7ZWLrOAXlrqOFcepcoYrIXJzmgztCoLuAHQY8DNjkoT -CxEHtFiWEN3GsHHnNQD0uFDcRjMLu7F31XPUSVZWk9/2pQyXfp2/Eacdjb6x9xnK -QCzmK5P3sYY39+1S3RyzB3o3CgnAtX56B2pPg4NSM9RYPRhMwkHFx+MBwuL90i+q -YbJrskngQTMGphmTbGW7kZsxtzGanbM74NvRd43BewtpqY6TihEszrXBx7WHd3PP -QNKPTNkC71goyDNmZUTeQWkKOZE7jHqOKzuwnWyh8FhvfNIyz/NunHKfcwGElsQQ -HzuD3+VYnNatXbMAn63/5ovPqFwhalBIj5ars4UDqAXBpDg4mNKtzOZp4E9Get6J -VeAHynFRZIXOF7qIUTRPiLt2mriHRDtljZfUOlzZDgBo1OFcJwKkj+6mA1zDMcpq -veZyMLPvbUHzFYINP5GlEJtWPH6msFUiyyI0WlS4jfVqZgVXhclgOEu+x40xaTCF -9cjvVsq6tjsZ2IRUVTZlkPgycWHP/iRlkC/mRz/ypKP6dAMOc50kpgaOf6HZkWnH -ACUKEn+2QDVQ2CgPPS4BWeMgFAolXiG1zWvVz7ImVs7LJzLcsVMSypbk2O+ysIqt -57MB1gUwDrE6am0+0x1Ub5eWiA8XJDGZZfI0xTtaChqCcOWxXmyvjSuKng9KXB5y -v3JYtPoNaNqNXSibyIbVdn2vlwH2Jc6wm7se/xhyohMXQDlrC2y4sRXPwPghzAXx -khr0WAeW2CxqAMs/DAc6q6rEfOGfmhxla1JdfH6oKN4YiHZV5pqN8A== ------END RSA PRIVATE KEY----- diff --git a/docker-auth-registry/ca.pem b/docker-auth-registry/ca.pem deleted file mode 100644 index e9843a0e9..000000000 --- a/docker-auth-registry/ca.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDtTCCAp2gAwIBAgIJAMgLvS7V36/7MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV -BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX -aWRnaXRzIFB0eSBMdGQwHhcNMTQxMTA0MTkzOTU5WhcNMTUxMTA0MTkzOTU5WjBF -MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 -ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAqMYo+Yegm1tvkR1raYAyjl04RnE5kMYqgf+4qm5SJPnTMoHFujOJRueI -oXbU3NsWwoPTxK2bRbseYsrtiazv6tMTOD6Q5PPPWAJX4Rd+rIsPm8yTS7maY6oj -wWpWOdoAb4VKebsGlXtU6HjgRTTzwt6PLrivveG5XfL8f/MXw24nMIQcxd7TghPP -xrkTqbdhT0kEGmtzuRzhiRUueu6aGsRM47gcjUmlTcanLA2upGv79xYG6ctXFk9v -HvxDzBkI6IZAPdMi868BfTkC7e8FpwaL0xxLimzMNlJq81+ML6b7M9tCE6AkIFGJ -R1hYZlrdb2m5q1VSEp12KXnHt0af8wIDAQABo4GnMIGkMB0GA1UdDgQWBBTXCS2i -qGDSW4mBqZ+93jgNX04AhTB1BgNVHSMEbjBsgBTXCS2iqGDSW4mBqZ+93jgNX04A -haFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV -BAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMgLvS7V36/7MAwGA1UdEwQF -MAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAGXe/NpC+fLA9jwN2i8j+5oGILyyaM6t -IDicuLkCCd3Wmf6/esRVycspxdUWr3fT5irR+qIfW0ZQJAoEP7bNQGbdyZwv/k2j -45mLpMe9thr3KXib4VEh9wWBNygZ7JkvBMLUX1hYYKVa7Q35d+BWxysNTj4kemsB -eeRensWQAI84gPbCNTL4QAMCzNm15L1g/HZTcKh3+uoLmkPOOME1FcCmOqyPCoqQ -Q7b9DR8D7gqD6jbXM7j9QlhZXz66eDNU5p50jh9To+4xyvMTwIHGmxRPh8oRxMoz -LvQ0mWR3ktykHT2R7Rc036ExFJ+9M6OEU/UXBzLj0qha61lWFesZgaQ= ------END CERTIFICATE----- diff --git a/docker-auth-registry/Dockerfile b/docker-auth-registry/container/Dockerfile similarity index 96% rename from docker-auth-registry/Dockerfile rename to docker-auth-registry/container/Dockerfile index 7780dc486..114077266 100644 --- a/docker-auth-registry/Dockerfile +++ b/docker-auth-registry/container/Dockerfile @@ -11,7 +11,7 @@ ADD docker-registry.conf /etc/nginx/ ADD docker-registry.htpasswd /etc/nginx/ -EXPOSE 5001 +EXPOSE 5443 ADD start.sh . diff --git a/docker-auth-registry/container/ca-key.pem b/docker-auth-registry/container/ca-key.pem new file mode 100644 index 000000000..1045c4b0c --- /dev/null +++ b/docker-auth-registry/container/ca-key.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,3999A487D02FB784 + +itt2rZJ/o7LNUwOOQ7DBWkw1X6QH0KsPJyhGiz65+mBzs6o5MVNGfoP9n0BWczH9 +JROYfynKpucI7hCFoOf3315M2fdscJ4aJ2gZBSSDsK4vwUL+RWXf7qorY1iL4Xqg +niOg80qLKZTGwF0PxuIOHyfDqBhrmSG9prD7elsVGKB6sAC8Z+HvTrFsZ0+voIEJ +je81yEKO8uD8FP5nGeGE6BgLlNmkzbxL4lZjdrF7tkSkY+GzR937NzjHmNWbF5Vp +knVIv5Y0W9ptThkTwYxbWS/AUHgn7VLsOQGmkRvQbj/JJhVqFyBAyE4kN+foec1W +o8glNBIGGHvR3Fo2w2kWJ7uAWAQ4MfcJnWpN2I+EOQUo0Ojgr543F0XAjtr90480 +U0RatIxzc3eoRcVmh9+iD595zRe8gwJNfi6AEGrFx8aK5pCIdQI2/HNY3AR1v4gC +ZD+/meUM7krMBY4EVTKgS17dxPCQfwxj3hd5kvfde5Lg3JvZRKDEPFmF6T9CDI5d +0oG+w/usXCW8C+zOWtNRvrgJgp7SnNLriMIjPvAqrEEn/6tAFKfrVnEfjxnZt/ai +M7o8OdP9u5NRzQEgAUfhKeR/KNGN26ZFD0a0wVx3MCxEq2k9xs33nActtAb6rZM6 +c20IvGRxL1YWhfcPKDH4OpVk/zfORGLUNS6T9CGZgaMzKz/hd8L0wpJ/MKGbvpCh +dANutqKBWg4DwKDaL33Abo1OhFkCRoFPSs1GiBEcmSxcVa3loxaNpR4KFElbKrXy +I7NlCJG82stThm6NqxMUpRJNvUQaXz7P1x6RGnHMC84TE0gZPPezLToArcE41OTY +czB5PP3efz0r/PexZaFZPT98J4NgSV1mqTOXuBmIHKlnvyyEYq0Ytdi5RqWLECoK +KSAX/SYFFq+NqxcC5ua0hH5C6klv7qtmLJ5KfyHfpTNt2qScN7M9Kmd4v8CBiZOL +9KcKBKqhXRt3laSJyRI59s+pqvhDr1T2CGvFZ/8oGwhjGPIxKnr81AwAT3SwjqXQ +HKDKs+RwxZYRZuTtRCkBMHxxk/c+hrTbomAwfM3DiPZFMSk8n81WCjEoyY3FN2si +QSrJYAzu/Oga1jJPwhxLLbucGnQUGi94DSy+RAD4btGtSK6eN2rPo8Wwh/Vh8GHi +wXS5d+VIsFEAL70dYpkkQSE34ZjEpbcGOpx0YIgrsGG2c0BbmxiYzJhDHpSMWvQ+ +Zbly8Mp7c5YOCHVbnIvDi6LyK+Py3zucIjEa6T6sC9Jy28bfuQUegiBNerLI4Y0E +Txi5lcH1YD3AJIIWyW4Fub2TUBocYciZAs79vD0iRzAKgF9/4PGGTyVc0cdKIr6w +jUtQMQt0vPnqi4pgx1MuNxza5LEJ7O2tRkAs+SYGQu3uuWxtJsGsH72lJFzpj/rs +5Lo8TM/rjdwF0JtdSt+RmVa05BmUxPzP1K1vgu1wdq08iyJ2qme/g6cwBwICxjaX +50Pqh6WpFUUldJMU9jwljNlqumpTHmxlzbwLc5RWTmoBYth068HfnCQLbGnO+6zS +n/lJScYuMAiFmuugOVhwDKc5LzlVnrjVlapxRbas9nprupwzeBJKh6p2Jg/oqFRm +-----END RSA PRIVATE KEY----- diff --git a/docker-auth-registry/container/ca.pem b/docker-auth-registry/container/ca.pem new file mode 100644 index 000000000..7af686f67 --- /dev/null +++ b/docker-auth-registry/container/ca.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEGDCCAwCgAwIBAgIJAJuxT3/GW0piMA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxHjAcBgNVBAMTFWdsMDQzMjFtLmdhbWVzeXMuY29ycDAe +Fw0xNDExMDQyMDI4MzBaFw0xNTExMDQyMDI4MzBaMGUxCzAJBgNVBAYTAkFVMRMw +EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0 +eSBMdGQxHjAcBgNVBAMTFWdsMDQzMjFtLmdhbWVzeXMuY29ycDCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAM1VTVMAFSieoaFChrzMArR6la7SpDOXYRNo +PcW/BgpLEoq7SpqY5f5LAzq6ivAP8DwHSrnGIFNrn4Lf7OWhtAT4jLc7ZaTi2NXb +wQoTZUqnSeGjLJqTM5hLAjnxcvL0ZJyMTSbLL4ezbs1GePyTDi6VFiP1lI+mpytc +lVKsAJy8sW7rXRLSH3xliUQXUPR7I9I73pm0z+D/7R+hxN5EDYUPgXmsleUmiEJl +dhdaFeFxYjGox9RjCeXsl/xQ/GcYUxv93DdUwSpVCFE1OOOjuXlpcvoRBAbKBGmB +n5piD542NpandtRg7wJEfSVq9FR+nEcMRSSNfFKUAIqlzbcjcZsCAwEAAaOByjCB +xzAdBgNVHQ4EFgQUpRc8oWOtyJIg/fVn12SfhAvbl1gwgZcGA1UdIwSBjzCBjIAU +pRc8oWOtyJIg/fVn12SfhAvbl1ihaaRnMGUxCzAJBgNVBAYTAkFVMRMwEQYDVQQI +EwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQx +HjAcBgNVBAMTFWdsMDQzMjFtLmdhbWVzeXMuY29ycIIJAJuxT3/GW0piMAwGA1Ud +EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADckZj0+Fz4Tp/Wv97deSigTIbDs +z8HhgcEo7lzyXCnGVkuMRr6DIpi+cULe7+NZh6+bEdB8Jc/pM8G3fZY9q2QSoTCA +EcNe1ctB0y/YrD66cDCzhWYFzTp+7B7/DlsMdqmeuPgpbhggpun8V7v+QhrvvKQz +CHCD1wOc61aM9jayGAH5uK7N25oiySY4F1okELbsjQ3y3vsfDed1yw1//Td8F2J7 +7geLpgAWrjHQ86Jx+7see1UuSaaIONTtNHD5K0zQQCIvcFi8OiAnEgWQTY4OayG0 +M5sDGFdi3/ba/ffG95Hb802fjQsQlUACKZk6Ni3FlwPWQVPzgU3jj/AFCtw= +-----END CERTIFICATE----- diff --git a/docker-auth-registry/ca.srl b/docker-auth-registry/container/ca.srl similarity index 100% rename from docker-auth-registry/ca.srl rename to docker-auth-registry/container/ca.srl diff --git a/docker-auth-registry/docker-registry.conf b/docker-auth-registry/container/docker-registry.conf similarity index 100% rename from docker-auth-registry/docker-registry.conf rename to docker-auth-registry/container/docker-registry.conf diff --git a/docker-auth-registry/docker-registry.htpasswd b/docker-auth-registry/container/docker-registry.htpasswd similarity index 100% rename from docker-auth-registry/docker-registry.htpasswd rename to docker-auth-registry/container/docker-registry.htpasswd diff --git a/docker-auth-registry/nginx.conf b/docker-auth-registry/container/nginx.conf similarity index 78% rename from docker-auth-registry/nginx.conf rename to docker-auth-registry/container/nginx.conf index 8a11c2298..096aa23dc 100644 --- a/docker-auth-registry/nginx.conf +++ b/docker-auth-registry/container/nginx.conf @@ -17,11 +17,18 @@ upstream docker-registry { # } server { - listen 5001; - server_name my.docker.registry.com; + listen 5443; + server_name localhost; + + ssl on; + ssl_certificate /etc/ssl/certs/docker-registry; + ssl_certificate_key /etc/ssl/private/docker-registry; client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads + # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486) + chunked_transfer_encoding on; + location / { auth_basic "Restricted"; auth_basic_user_file docker-registry.htpasswd; diff --git a/docker-auth-registry/container/server-cert.pem b/docker-auth-registry/container/server-cert.pem new file mode 100644 index 000000000..5cdcd0837 --- /dev/null +++ b/docker-auth-registry/container/server-cert.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC+TCCAeECAQIwDQYJKoZIhvcNAQEFBQAwZTELMAkGA1UEBhMCQVUxEzARBgNV +BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 +ZDEeMBwGA1UEAxMVZ2wwNDMyMW0uZ2FtZXN5cy5jb3JwMB4XDTE0MTEwNDIwMjg0 +MFoXDTE1MTEwNDIwMjg0MFowIDEeMBwGA1UEAxMVZ2wwNDMyMW0uZ2FtZXN5cy5j +b3JwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/x+4myZH+OQlohG +PQGKWU7txx26LjQ8XAWlpER1HseZphWmPVRdDvpvU8qKR9GxWrX3FBZagwFR7deX +u2spCa1DDwFBy5ysEK2HxKEI1U/1t9QhM4IDlFdWEO2FiT1GDkF8jqr6xVDPVwot +zhLZFBUrNcEtsZAMpg3jpv8Pz89WHzP+M87eqgt8SYBK4yWgDt1qiAshQiF9XKA5 +HjwKSi0N86NjE+UTcGJ82lcCRTr3vnXHwPQicYY2sbawF6ZznzAbmPWrqIcfnkD/ +vvjtnHL29gHL4eb/Dk4OxYdNkADZDMwmZgyalPkTFFRY7reqLojoHCzgdW1UxbaA +LRav7wIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCYNfq7ANSLfNPs43J/CCJ2SzfJ +elTvnYah9fdN9Bog9oTmk053wbLKJFv8xUlYZvSnnBFRP0CcBfJ/IFVe+/Pjk1cB +KrhbOT4pZKcA1gYFNEz2+DjM6caf7H8bsE2NFF9rlb05ys0P6mtqywxRDFVbyD42 +dNFZteP775sZDK7Bd9hNPnfter9KXDFi1j79jR3ZwalHOdVwOpeXZoieqoEIDbo5 +wgjuXsk0AyrERUWGL4/oQ91BhlK6OBtPNZ0SwjWBKECOZjf8RRZ49W9jZOPzRczj +JO0STwxfKFwEu2YJkdnlH2TdJF1+GsuukkjFeYc61lCp7jwakD9LfY55vhcy +-----END CERTIFICATE----- diff --git a/docker-auth-registry/container/server-key.pem b/docker-auth-registry/container/server-key.pem new file mode 100644 index 000000000..92b3f8cad --- /dev/null +++ b/docker-auth-registry/container/server-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAv/x+4myZH+OQlohGPQGKWU7txx26LjQ8XAWlpER1HseZphWm +PVRdDvpvU8qKR9GxWrX3FBZagwFR7deXu2spCa1DDwFBy5ysEK2HxKEI1U/1t9Qh +M4IDlFdWEO2FiT1GDkF8jqr6xVDPVwotzhLZFBUrNcEtsZAMpg3jpv8Pz89WHzP+ +M87eqgt8SYBK4yWgDt1qiAshQiF9XKA5HjwKSi0N86NjE+UTcGJ82lcCRTr3vnXH +wPQicYY2sbawF6ZznzAbmPWrqIcfnkD/vvjtnHL29gHL4eb/Dk4OxYdNkADZDMwm +ZgyalPkTFFRY7reqLojoHCzgdW1UxbaALRav7wIDAQABAoIBAQCeBD+XM5Uw1wep +ro5JJhxt93Xj/kbAQsQvZYJ5WtMfO1/ugEEsl2RksKGy0LDR/fjA1aaAhQmIbCy3 +20wKuV+0lEPudLVn1hMVQw7NO1He6Iow/Ms67tbtYJj5I9ZWJ/WiRCo17uqqPyH4 +3Orog0Dis62198MZM5wFjMcEK0kjW3HtovEvxRzCoMr9cgQ2qCN9L+W069lEinZC +LRcQlcxTuIzVRkQN7pxtGW+AGdX4fWzndMLdmJJce++jyIFfoev7KVzDqQFKJA+V +ceKa0/F8Jr0de1dUl06XhhfSibXBeimQIpVo6Bnd4wJs52gdvbqnF4ojOjPMuHmk +Bymx0VZBAoGBAN+IScCZ4FVsYbUsRWaNAB9G+idAZ6m3wiu+1xdYiFjGEjtHtiSc +XUT7Z3t/8mqL+4RgHq3+aBCUI6UaOQ0wmI+1q3JnngW4YG8LLEzqJjQoapsck/Hw +R83advxNraohdFqzti+NS+vmFQjAQozAH0z20pt2aTty4bgKDFzXmM5PAoGBANvf +Nw3liHBwnOKKLXBY/gyqWh2UPWoWte2cplVqC2TQjYA4sMA5bn/e26aeMQ+h9SzP +t53zhxxJXOk2XpQIbRwQygNzXmlQHLI1oGitd6Jm3wLRyABIIKfLZK3v3NOGsktu +qjInecUR27DW8ah33Q8+L0Ro4cMYQH30Dn8nSjxhAoGAC5Khxt/wllubH2cgXLPW +Gshw8RFLjKTf36Xsut+xh28RyJHo4zJZPdYKQIGaSlve9LaJQBbYymrxAX4/D+jB +LUeJjc3Bh6hJDda1P3Ir8i1Zf5hWLIN1JDo4SM24vQMoY/3D4+hb0uXBlwdlKqZT +uIda1gOmZRaIix+yDih3V88CgYAmw0mPd6IAQLpH7hhosCfJz9anVFUneO2GAJIK +iPGNSn9H1bbDjNyASqfqzgTUPrdcuRokDKULRZvNuboe2wVxZzxWM2a3ploIyQ+I +pNxskzpJ4vYhppWrP152k80YtayFQ/NZeEAtkCJtINfl3YvpfgsTQnJa1NG54ucT +X7fkwQKBgQDWhiZvB9YGaWGIwxUXR8eZtsilcMMwLWMr5YrYwfpZlb1Syxa8L32Y +Qyqx10b+0o+GcqhIoFc1YjjG7hgQkyYNtZ/weKAAZfNEdLA630oIva80NnoWTpYe +MuKRa2cQxeUmW1t5OoF63j6nZcTpR/AivBoBfdF4vSfF0tFB46N7qg== +-----END RSA PRIVATE KEY----- diff --git a/docker-auth-registry/container/server.csr b/docker-auth-registry/container/server.csr new file mode 100644 index 000000000..d3ffd9c3a --- /dev/null +++ b/docker-auth-registry/container/server.csr @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICZTCCAU0CAQAwIDEeMBwGA1UEAxMVZ2wwNDMyMW0uZ2FtZXN5cy5jb3JwMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/x+4myZH+OQlohGPQGKWU7t +xx26LjQ8XAWlpER1HseZphWmPVRdDvpvU8qKR9GxWrX3FBZagwFR7deXu2spCa1D +DwFBy5ysEK2HxKEI1U/1t9QhM4IDlFdWEO2FiT1GDkF8jqr6xVDPVwotzhLZFBUr +NcEtsZAMpg3jpv8Pz89WHzP+M87eqgt8SYBK4yWgDt1qiAshQiF9XKA5HjwKSi0N +86NjE+UTcGJ82lcCRTr3vnXHwPQicYY2sbawF6ZznzAbmPWrqIcfnkD/vvjtnHL2 +9gHL4eb/Dk4OxYdNkADZDMwmZgyalPkTFFRY7reqLojoHCzgdW1UxbaALRav7wID +AQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB2R18mbz31Aov765hX3MgXrt9h5lmbs +bGjawK+wT3RffLgKWAIMg6IXfzpYVfMTZGu8j0xBnz388371GNix3zct0fGtdY5c +tcaT67zvCy4ubAnOkd8lKBZM2FNfg2BeyVp3wKCrYEr9aYKesZnFVMgfx30dC1eO +lB97fBSz6hdPIzOKqGpj6cf8g7GmpaL5AHx2NuPbBoHwMhFpvIUK1OvwcGooMTJC +vGBwqZqDQybFPBpxQRUfVGm8ZBwkQvw+ekxgzeknd133lIi+ciL3lrLn3AqIrs/5 +TtnKG5E+YXHPxKXpeP8paPDZl/wVJrqhxZqyNMJnAQmNVMxjTWFjJzY= +-----END CERTIFICATE REQUEST----- diff --git a/docker-auth-registry/start.sh b/docker-auth-registry/container/start.sh similarity index 100% rename from docker-auth-registry/start.sh rename to docker-auth-registry/container/start.sh diff --git a/docker-auth-registry/registry.sh b/docker-auth-registry/registry.sh new file mode 100755 index 000000000..91ea9d53f --- /dev/null +++ b/docker-auth-registry/registry.sh @@ -0,0 +1,84 @@ +#! /bin/sh +set -eu + +function build() { + echo "building..." + if [ ! -e done ]; then + echo "enter dockerjava each time you are asked for a pass-phase" + H=$(hostname) + echo "enter $H when requested for a common name" + echo "press enter for everything else" + + echo 01 > ca.srl + openssl genrsa -des3 -out ca-key.pem 2048 + openssl req -new -x509 -days 365 -key ca-key.pem -out ca.pem + + openssl genrsa -des3 -out server-key.pem 2048 + openssl req -subj "/CN=$H" -new -key server-key.pem -out server.csr + openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem -out server-cert.pem + + openssl rsa -in server-key.pem -out server-key.pem + + if [ "$(which boot2docker)" != "" ]; then + B=$(echo $DOCKER_HOST|sed 's/.*\/\(.*\):.*/\1/') + + scp -i ~/.ssh/id_boot2docker ca.pem docker@$B: + + echo "mkdir /etc/docker/certs.d/localhost:5443/" | boot2docker ssh + echo "cat ca.pem > /etc/docker/certs.d/localhost:5443/ca.crt" | boot2docker ssh + fi + + touch done + fi + + docker build -t auth-registry . + + if [ "$(which boot2docker)" != "" ]; then + VBoxManage controlvm boot2docker-vm natpf1 "5443,tcp,127.0.0.1,5443,,5443" || true + fi +} + +function start() { + echo "starting..." + docker run -P -p 5443:5443 -d auth-registry + sleep 2s +} + +function stop() { + PS=$(docker ps|grep auth-registry|awk '{print $1}') + if [ "" != "$PS" ]; then + echo "stopping..." + docker kill $PS + fi + if [ "$(which boot2docker)" != "" ]; then + VBoxManage controlvm boot2docker-vm natpf1 delete 5443 || true + fi +} + +function testIt() { + echo "testing..." + curl https://localhost:5443/v1/_ping -f -k + echo + curl https://localhost:5443/v1/users/ -k -f --basic --user dockerjava:dockerjava + echo +} + +C=${1:-''} + +cd container + +case $C in + build) build ;; + start) start ;; + stop) stop ;; + test) testIt ;; + '') + stop + build + start + testIt + ;; + *) + echo "$(basename $0) (build|start|stop|test)" +esac + diff --git a/docker-auth-registry/run.sh b/docker-auth-registry/run.sh deleted file mode 100755 index 5a338dded..000000000 --- a/docker-auth-registry/run.sh +++ /dev/null @@ -1,6 +0,0 @@ -#! /bin/sh -set -eux - -docker kill $(docker ps -q) || true - -docker run -p 5001:5001 auth-registry \ No newline at end of file diff --git a/docker-auth-registry/server-cert.pem b/docker-auth-registry/server-cert.pem deleted file mode 100644 index 17ded5a73..000000000 --- a/docker-auth-registry/server-cert.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICzTCCAbUCAQIwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV -BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 -ZDAeFw0xNDExMDQxOTQwMDRaFw0xNTExMDQxOTQwMDRaMBQxEjAQBgNVBAMTCWxv -Y2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKfRxskyD/zB -oaE1kUpfKnU2QHevcXFiEulA88UxsktWV9laekFmoFlEPJCV1Y3rZv52+whhAZM9 -p845qNdEMARohrGimKf+S/fybk6Jo+A+3Q2ZpKAyKZ6k6sAiWoHCkcRoCE8L/Apr -luyiCTbdavaBKEro/nlkeDfaFKjoraX/PEgfXtBjHH4r6xvpWEE7BWJ6jREkFIl0 -PyO4TJBmhL4btmTMKIiszO8ak3oXa72NKpjGR0Dll5utvveSxluQycGRe16ocGBZ -ihoLcHuNrJjbfo0wv+JA8mTNCnx+J3pnXoVCArkHpteTSABiB7lyLCM3DAEGEsOd -oKi57oGEwkECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAgsynmNIju8Oz23Vn/zvt -L7r0j1M5srFvNXx1lEVooaBhwdZ50jxMAWdp+mw4r6r17Ml7NJ9IEB4xFE3c3RUO -9OEDN2Y7bvxjWG2weGyA8WcCWPwdwikm6rTdT+g+pPVZadSStHqTNcYtGiAcbSXx -L4T6AdogcfLKbJhDDOo51wEmDEru/NHJmmL+f05oKtrANQXMUJcaF2B2pFZ4va8N -MjLs/kNHgG/i7xYAu/PxNFNwQEnXdzEZG0RQFPMfCo30aNhtKCXQz2/lDSx3kg7v -Xbovhg/wgIFk98w4R/26iqT4pa4Abl33SZj38Aho9yi/utJg7xiIoy4YFv+f9W8c -gQ== ------END CERTIFICATE----- diff --git a/docker-auth-registry/server-key.pem b/docker-auth-registry/server-key.pem deleted file mode 100644 index 388ef1d30..000000000 --- a/docker-auth-registry/server-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAp9HGyTIP/MGhoTWRSl8qdTZAd69xcWIS6UDzxTGyS1ZX2Vp6 -QWagWUQ8kJXVjetm/nb7CGEBkz2nzjmo10QwBGiGsaKYp/5L9/JuTomj4D7dDZmk -oDIpnqTqwCJagcKRxGgITwv8CmuW7KIJNt1q9oEoSuj+eWR4N9oUqOitpf88SB9e -0GMcfivrG+lYQTsFYnqNESQUiXQ/I7hMkGaEvhu2ZMwoiKzM7xqTehdrvY0qmMZH -QOWXm62+95LGW5DJwZF7XqhwYFmKGgtwe42smNt+jTC/4kDyZM0KfH4nemdehUIC -uQem15NIAGIHuXIsIzcMAQYSw52gqLnugYTCQQIDAQABAoIBAAFWMGkl1u7CdBEe -phubinEIj5bkdNjcWR42gDqP3MWw2F5I1DR1Js3PN1RHfT32JAne1L0KWMLdeNqx -puCgEGnYk0oS63hbFCvTaIGDoySEG6qiEKed/qre0WfaXjIuZI7V7UsD42wJ01fr -KnufY9y2xqViGbTJ0hNPz15RDCEIVhtKvO8Z1zczxZYyKyj4Oq+mh/5VJSWVdoke -dg7QG1smH1QvS0R4rnmb4Z9Hhvf6Ux1StuTxIzMTSqKdP+AeR3H1rAXirHYltKd3 -OOe+H5hJypS43tRsB9qRqlv6cTKoaZPWkoyk11GXy6VO0ZvosqS5QD87HFCDIaO7 -tnXXCAECgYEA0Cr719q5k/HIBUw2C5owLy6ByzF73Yybgsw08flSZb31XLR8uwsy -AxQlN2OfLfEEt6Ym9GCFJBFd5gaSMOrZfV5iTO2DqxqqY9IovJjItTNxcIxDlanT -0ixV3apCaT6O7pWM4XdK2i6F14mD/ISCqjGbV4kB3q+tVpn96kn25GECgYEAzmFi -MLlzboj2oyE6+Lj/PEUHpQFtnpl7fz6A0KW14Jd0lV6YR1oxvfFX0jNUzzTZUsCu -6R0sZbQ/UKaDxsrgtTh1z4RrOJvqloDVxRFYau8IhmU90FRy4CvzSXC8ozYmyg0P -LWlFJ6p3vmQA54oeUS9z/sbMhLElLit/G/oCqeECgYA5FqCsiNJ+DT+ynDzyH535 -QoLb670xfB8l1sTqW1rKhjbk7qaKUT6s83hlYU/FNKT7jHiAanv48T5UGBc9jRqK -NDk3KagDY7O43mjHmArrDqmcmQrr34A00m3V9Zxy6nIeYisZpjKD9WBFRPRKazi+ -Xg5hCjTWEk2yQ1cMSq6H4QKBgEv1acdXKlYfkO8/ls3egQp0ubiQiwEZqmuN3Klu -pD9SXzVuyItSdgZb4p/aBrfw0p/zjSz9cM7KBZewgcXT+9qXOj0zlqcSM8hLCOLs -XGeXLMMSVirsOg+p/XQlSzijAKnTHqfvG+XahxILCo4ttrTYy0+VacbY0D9rAPCS -FxLhAoGBALFasz705seizxNaUbv/CmjYu7Fpy1nmJq1n4yXzhNn/1mPlDD4xU2LE -GFc5PtzdjAGg1pFetPQeui7LJScdZGrotU9OlOyccDZwkhm5F2f7D6RSp5uzoB5H -2hyqGV7fkQ5e0FbBEcYwblsfqrEwA4punAuMCJa7MMpKHBjqt9/7 ------END RSA PRIVATE KEY----- diff --git a/docker-auth-registry/server.csr b/docker-auth-registry/server.csr deleted file mode 100644 index 8d1aa537b..000000000 --- a/docker-auth-registry/server.csr +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICWTCCAUECAQAwFDESMBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEAp9HGyTIP/MGhoTWRSl8qdTZAd69xcWIS6UDzxTGy -S1ZX2Vp6QWagWUQ8kJXVjetm/nb7CGEBkz2nzjmo10QwBGiGsaKYp/5L9/JuTomj -4D7dDZmkoDIpnqTqwCJagcKRxGgITwv8CmuW7KIJNt1q9oEoSuj+eWR4N9oUqOit -pf88SB9e0GMcfivrG+lYQTsFYnqNESQUiXQ/I7hMkGaEvhu2ZMwoiKzM7xqTehdr -vY0qmMZHQOWXm62+95LGW5DJwZF7XqhwYFmKGgtwe42smNt+jTC/4kDyZM0KfH4n -emdehUICuQem15NIAGIHuXIsIzcMAQYSw52gqLnugYTCQQIDAQABoAAwDQYJKoZI -hvcNAQEFBQADggEBACrZ6CdZET4uqCfBeN2qxPAHopmrIRrZpy+0l41ogYW1ZAht -xQwGmlleTdbBge6bPwOg2tU88IL1+q4jl5dyyvq0YBpCZKlIxhbG0h21+lUbQnNe -3lqcgdgBGeVEO+nyWd7HXSuK43kbRlRAt4dBdlXDa9vCQFj6HXanlwRr9Org6RTn -i4opE7KrgiTqHEHkqRv3OmaCFYBR0YJgU6KrwRTkynukayF6OKY4qKUximcA5TUZ -bzo60MCY01QoM3N+wdebYtrc0YbgKeIz2/LXeJx8CeZHxB5ScUo4I6BQ06fPeor1 -CVsUCx6Jc8hZYGr2VIgOqfcSnNiaZrmhzkInRIs= ------END CERTIFICATE REQUEST----- diff --git a/docker-auth-registry/test.sh b/docker-auth-registry/test.sh deleted file mode 100755 index a71409a80..000000000 --- a/docker-auth-registry/test.sh +++ /dev/null @@ -1,6 +0,0 @@ -#! /bin/sh -set -eux - -curl http://localhost:5001/v1/_ping -curl http://localhost:5001/v1/users/ --basic --user dockerjava:dockerjava - From 6f28a243f06ab19310774e92e5fac0106a065196 Mon Sep 17 00:00:00 2001 From: Alex Collins Date: Tue, 4 Nov 2014 20:47:18 +0000 Subject: [PATCH 11/18] Update README.md --- docker-auth-registry/README.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/docker-auth-registry/README.md b/docker-auth-registry/README.md index 7bf17f1c5..be8c7de53 100644 --- a/docker-auth-registry/README.md +++ b/docker-auth-registry/README.md @@ -1,10 +1,8 @@ Set-up a Docker Registry with Plain Text Authentication -- -This creates a registry that runs locally with plain text authentication set-up. +This creates a registry that runs locally with SSL andt authentication set-up. - ./build.sh - ./start-registry.sh - ./test.sh + ./registry.sh -Based on . \ No newline at end of file +Based on . From f1573c0efb2eb83c1314254cfc5732977d1e79f3 Mon Sep 17 00:00:00 2001 From: Alex Collins Date: Tue, 4 Nov 2014 20:47:28 +0000 Subject: [PATCH 12/18] Update README.md --- docker-auth-registry/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-auth-registry/README.md b/docker-auth-registry/README.md index be8c7de53..212ab92e3 100644 --- a/docker-auth-registry/README.md +++ b/docker-auth-registry/README.md @@ -1,7 +1,7 @@ Set-up a Docker Registry with Plain Text Authentication -- -This creates a registry that runs locally with SSL andt authentication set-up. +This creates a registry that runs locally with SSL and authentication set-up. ./registry.sh From b50bb58a14335ffa13fbcb35260de1805a098e4e Mon Sep 17 00:00:00 2001 From: Alex Collins Date: Sat, 8 Nov 2014 23:23:42 +0000 Subject: [PATCH 13/18] 1 --- docker-auth-registry/README.md | 14 +++- docker-auth-registry/container/ca-key.pem | 30 ------- docker-auth-registry/container/ca.pem | 24 ------ .../container/server-cert.pem | 18 ---- docker-auth-registry/container/server-key.pem | 27 ------ docker-auth-registry/container/server.csr | 15 ---- docker-auth-registry/container/start.sh | 8 -- docker-auth-registry/fig.yml | 10 +++ .../{container => nginx}/Dockerfile | 11 +-- docker-auth-registry/nginx/build.sh | 27 ++++++ docker-auth-registry/nginx/ca-key.pem | 30 +++++++ docker-auth-registry/nginx/ca.pem | 25 ++++++ .../{container => nginx}/ca.srl | 0 .../{container => nginx}/docker-registry.conf | 2 +- .../docker-registry.htpasswd | 0 .../{container => nginx}/nginx.conf | 0 docker-auth-registry/nginx/server-cert.pem | 19 +++++ docker-auth-registry/nginx/server-key.pem | 27 ++++++ docker-auth-registry/nginx/server.csr | 15 ++++ docker-auth-registry/registry.sh | 84 ------------------- .../dockerjava/api/model/ErrorDetail.java | 4 + .../dockerjava/api/model/ErrorResponse.java | 4 + 22 files changed, 177 insertions(+), 217 deletions(-) delete mode 100644 docker-auth-registry/container/ca-key.pem delete mode 100644 docker-auth-registry/container/ca.pem delete mode 100644 docker-auth-registry/container/server-cert.pem delete mode 100644 docker-auth-registry/container/server-key.pem delete mode 100644 docker-auth-registry/container/server.csr delete mode 100755 docker-auth-registry/container/start.sh create mode 100644 docker-auth-registry/fig.yml rename docker-auth-registry/{container => nginx}/Dockerfile (66%) create mode 100755 docker-auth-registry/nginx/build.sh create mode 100644 docker-auth-registry/nginx/ca-key.pem create mode 100644 docker-auth-registry/nginx/ca.pem rename docker-auth-registry/{container => nginx}/ca.srl (100%) rename docker-auth-registry/{container => nginx}/docker-registry.conf (83%) rename docker-auth-registry/{container => nginx}/docker-registry.htpasswd (100%) rename docker-auth-registry/{container => nginx}/nginx.conf (100%) create mode 100644 docker-auth-registry/nginx/server-cert.pem create mode 100644 docker-auth-registry/nginx/server-key.pem create mode 100644 docker-auth-registry/nginx/server.csr delete mode 100755 docker-auth-registry/registry.sh create mode 100644 src/main/java/com/github/dockerjava/api/model/ErrorDetail.java create mode 100644 src/main/java/com/github/dockerjava/api/model/ErrorResponse.java diff --git a/docker-auth-registry/README.md b/docker-auth-registry/README.md index 212ab92e3..8a70b930d 100644 --- a/docker-auth-registry/README.md +++ b/docker-auth-registry/README.md @@ -1,8 +1,18 @@ Set-up a Docker Registry with Plain Text Authentication -- - This creates a registry that runs locally with SSL and authentication set-up. - ./registry.sh +Pre-requisites, fig (on OS-X with Homebrew): + + brew install fig + +To build: + + fig up + +Test it works: + + curl https://localhost:5443/v1/users/ -k -f --basic --user registry:registry Based on . + diff --git a/docker-auth-registry/container/ca-key.pem b/docker-auth-registry/container/ca-key.pem deleted file mode 100644 index 1045c4b0c..000000000 --- a/docker-auth-registry/container/ca-key.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,3999A487D02FB784 - -itt2rZJ/o7LNUwOOQ7DBWkw1X6QH0KsPJyhGiz65+mBzs6o5MVNGfoP9n0BWczH9 -JROYfynKpucI7hCFoOf3315M2fdscJ4aJ2gZBSSDsK4vwUL+RWXf7qorY1iL4Xqg -niOg80qLKZTGwF0PxuIOHyfDqBhrmSG9prD7elsVGKB6sAC8Z+HvTrFsZ0+voIEJ -je81yEKO8uD8FP5nGeGE6BgLlNmkzbxL4lZjdrF7tkSkY+GzR937NzjHmNWbF5Vp -knVIv5Y0W9ptThkTwYxbWS/AUHgn7VLsOQGmkRvQbj/JJhVqFyBAyE4kN+foec1W -o8glNBIGGHvR3Fo2w2kWJ7uAWAQ4MfcJnWpN2I+EOQUo0Ojgr543F0XAjtr90480 -U0RatIxzc3eoRcVmh9+iD595zRe8gwJNfi6AEGrFx8aK5pCIdQI2/HNY3AR1v4gC -ZD+/meUM7krMBY4EVTKgS17dxPCQfwxj3hd5kvfde5Lg3JvZRKDEPFmF6T9CDI5d -0oG+w/usXCW8C+zOWtNRvrgJgp7SnNLriMIjPvAqrEEn/6tAFKfrVnEfjxnZt/ai -M7o8OdP9u5NRzQEgAUfhKeR/KNGN26ZFD0a0wVx3MCxEq2k9xs33nActtAb6rZM6 -c20IvGRxL1YWhfcPKDH4OpVk/zfORGLUNS6T9CGZgaMzKz/hd8L0wpJ/MKGbvpCh -dANutqKBWg4DwKDaL33Abo1OhFkCRoFPSs1GiBEcmSxcVa3loxaNpR4KFElbKrXy -I7NlCJG82stThm6NqxMUpRJNvUQaXz7P1x6RGnHMC84TE0gZPPezLToArcE41OTY -czB5PP3efz0r/PexZaFZPT98J4NgSV1mqTOXuBmIHKlnvyyEYq0Ytdi5RqWLECoK -KSAX/SYFFq+NqxcC5ua0hH5C6klv7qtmLJ5KfyHfpTNt2qScN7M9Kmd4v8CBiZOL -9KcKBKqhXRt3laSJyRI59s+pqvhDr1T2CGvFZ/8oGwhjGPIxKnr81AwAT3SwjqXQ -HKDKs+RwxZYRZuTtRCkBMHxxk/c+hrTbomAwfM3DiPZFMSk8n81WCjEoyY3FN2si -QSrJYAzu/Oga1jJPwhxLLbucGnQUGi94DSy+RAD4btGtSK6eN2rPo8Wwh/Vh8GHi -wXS5d+VIsFEAL70dYpkkQSE34ZjEpbcGOpx0YIgrsGG2c0BbmxiYzJhDHpSMWvQ+ -Zbly8Mp7c5YOCHVbnIvDi6LyK+Py3zucIjEa6T6sC9Jy28bfuQUegiBNerLI4Y0E -Txi5lcH1YD3AJIIWyW4Fub2TUBocYciZAs79vD0iRzAKgF9/4PGGTyVc0cdKIr6w -jUtQMQt0vPnqi4pgx1MuNxza5LEJ7O2tRkAs+SYGQu3uuWxtJsGsH72lJFzpj/rs -5Lo8TM/rjdwF0JtdSt+RmVa05BmUxPzP1K1vgu1wdq08iyJ2qme/g6cwBwICxjaX -50Pqh6WpFUUldJMU9jwljNlqumpTHmxlzbwLc5RWTmoBYth068HfnCQLbGnO+6zS -n/lJScYuMAiFmuugOVhwDKc5LzlVnrjVlapxRbas9nprupwzeBJKh6p2Jg/oqFRm ------END RSA PRIVATE KEY----- diff --git a/docker-auth-registry/container/ca.pem b/docker-auth-registry/container/ca.pem deleted file mode 100644 index 7af686f67..000000000 --- a/docker-auth-registry/container/ca.pem +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEGDCCAwCgAwIBAgIJAJuxT3/GW0piMA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNV -BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX -aWRnaXRzIFB0eSBMdGQxHjAcBgNVBAMTFWdsMDQzMjFtLmdhbWVzeXMuY29ycDAe -Fw0xNDExMDQyMDI4MzBaFw0xNTExMDQyMDI4MzBaMGUxCzAJBgNVBAYTAkFVMRMw -EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0 -eSBMdGQxHjAcBgNVBAMTFWdsMDQzMjFtLmdhbWVzeXMuY29ycDCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAM1VTVMAFSieoaFChrzMArR6la7SpDOXYRNo -PcW/BgpLEoq7SpqY5f5LAzq6ivAP8DwHSrnGIFNrn4Lf7OWhtAT4jLc7ZaTi2NXb -wQoTZUqnSeGjLJqTM5hLAjnxcvL0ZJyMTSbLL4ezbs1GePyTDi6VFiP1lI+mpytc -lVKsAJy8sW7rXRLSH3xliUQXUPR7I9I73pm0z+D/7R+hxN5EDYUPgXmsleUmiEJl -dhdaFeFxYjGox9RjCeXsl/xQ/GcYUxv93DdUwSpVCFE1OOOjuXlpcvoRBAbKBGmB -n5piD542NpandtRg7wJEfSVq9FR+nEcMRSSNfFKUAIqlzbcjcZsCAwEAAaOByjCB -xzAdBgNVHQ4EFgQUpRc8oWOtyJIg/fVn12SfhAvbl1gwgZcGA1UdIwSBjzCBjIAU -pRc8oWOtyJIg/fVn12SfhAvbl1ihaaRnMGUxCzAJBgNVBAYTAkFVMRMwEQYDVQQI -EwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQx -HjAcBgNVBAMTFWdsMDQzMjFtLmdhbWVzeXMuY29ycIIJAJuxT3/GW0piMAwGA1Ud -EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADckZj0+Fz4Tp/Wv97deSigTIbDs -z8HhgcEo7lzyXCnGVkuMRr6DIpi+cULe7+NZh6+bEdB8Jc/pM8G3fZY9q2QSoTCA -EcNe1ctB0y/YrD66cDCzhWYFzTp+7B7/DlsMdqmeuPgpbhggpun8V7v+QhrvvKQz -CHCD1wOc61aM9jayGAH5uK7N25oiySY4F1okELbsjQ3y3vsfDed1yw1//Td8F2J7 -7geLpgAWrjHQ86Jx+7see1UuSaaIONTtNHD5K0zQQCIvcFi8OiAnEgWQTY4OayG0 -M5sDGFdi3/ba/ffG95Hb802fjQsQlUACKZk6Ni3FlwPWQVPzgU3jj/AFCtw= ------END CERTIFICATE----- diff --git a/docker-auth-registry/container/server-cert.pem b/docker-auth-registry/container/server-cert.pem deleted file mode 100644 index 5cdcd0837..000000000 --- a/docker-auth-registry/container/server-cert.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC+TCCAeECAQIwDQYJKoZIhvcNAQEFBQAwZTELMAkGA1UEBhMCQVUxEzARBgNV -BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 -ZDEeMBwGA1UEAxMVZ2wwNDMyMW0uZ2FtZXN5cy5jb3JwMB4XDTE0MTEwNDIwMjg0 -MFoXDTE1MTEwNDIwMjg0MFowIDEeMBwGA1UEAxMVZ2wwNDMyMW0uZ2FtZXN5cy5j -b3JwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/x+4myZH+OQlohG -PQGKWU7txx26LjQ8XAWlpER1HseZphWmPVRdDvpvU8qKR9GxWrX3FBZagwFR7deX -u2spCa1DDwFBy5ysEK2HxKEI1U/1t9QhM4IDlFdWEO2FiT1GDkF8jqr6xVDPVwot -zhLZFBUrNcEtsZAMpg3jpv8Pz89WHzP+M87eqgt8SYBK4yWgDt1qiAshQiF9XKA5 -HjwKSi0N86NjE+UTcGJ82lcCRTr3vnXHwPQicYY2sbawF6ZznzAbmPWrqIcfnkD/ -vvjtnHL29gHL4eb/Dk4OxYdNkADZDMwmZgyalPkTFFRY7reqLojoHCzgdW1UxbaA -LRav7wIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCYNfq7ANSLfNPs43J/CCJ2SzfJ -elTvnYah9fdN9Bog9oTmk053wbLKJFv8xUlYZvSnnBFRP0CcBfJ/IFVe+/Pjk1cB -KrhbOT4pZKcA1gYFNEz2+DjM6caf7H8bsE2NFF9rlb05ys0P6mtqywxRDFVbyD42 -dNFZteP775sZDK7Bd9hNPnfter9KXDFi1j79jR3ZwalHOdVwOpeXZoieqoEIDbo5 -wgjuXsk0AyrERUWGL4/oQ91BhlK6OBtPNZ0SwjWBKECOZjf8RRZ49W9jZOPzRczj -JO0STwxfKFwEu2YJkdnlH2TdJF1+GsuukkjFeYc61lCp7jwakD9LfY55vhcy ------END CERTIFICATE----- diff --git a/docker-auth-registry/container/server-key.pem b/docker-auth-registry/container/server-key.pem deleted file mode 100644 index 92b3f8cad..000000000 --- a/docker-auth-registry/container/server-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAv/x+4myZH+OQlohGPQGKWU7txx26LjQ8XAWlpER1HseZphWm -PVRdDvpvU8qKR9GxWrX3FBZagwFR7deXu2spCa1DDwFBy5ysEK2HxKEI1U/1t9Qh -M4IDlFdWEO2FiT1GDkF8jqr6xVDPVwotzhLZFBUrNcEtsZAMpg3jpv8Pz89WHzP+ -M87eqgt8SYBK4yWgDt1qiAshQiF9XKA5HjwKSi0N86NjE+UTcGJ82lcCRTr3vnXH -wPQicYY2sbawF6ZznzAbmPWrqIcfnkD/vvjtnHL29gHL4eb/Dk4OxYdNkADZDMwm -ZgyalPkTFFRY7reqLojoHCzgdW1UxbaALRav7wIDAQABAoIBAQCeBD+XM5Uw1wep -ro5JJhxt93Xj/kbAQsQvZYJ5WtMfO1/ugEEsl2RksKGy0LDR/fjA1aaAhQmIbCy3 -20wKuV+0lEPudLVn1hMVQw7NO1He6Iow/Ms67tbtYJj5I9ZWJ/WiRCo17uqqPyH4 -3Orog0Dis62198MZM5wFjMcEK0kjW3HtovEvxRzCoMr9cgQ2qCN9L+W069lEinZC -LRcQlcxTuIzVRkQN7pxtGW+AGdX4fWzndMLdmJJce++jyIFfoev7KVzDqQFKJA+V -ceKa0/F8Jr0de1dUl06XhhfSibXBeimQIpVo6Bnd4wJs52gdvbqnF4ojOjPMuHmk -Bymx0VZBAoGBAN+IScCZ4FVsYbUsRWaNAB9G+idAZ6m3wiu+1xdYiFjGEjtHtiSc -XUT7Z3t/8mqL+4RgHq3+aBCUI6UaOQ0wmI+1q3JnngW4YG8LLEzqJjQoapsck/Hw -R83advxNraohdFqzti+NS+vmFQjAQozAH0z20pt2aTty4bgKDFzXmM5PAoGBANvf -Nw3liHBwnOKKLXBY/gyqWh2UPWoWte2cplVqC2TQjYA4sMA5bn/e26aeMQ+h9SzP -t53zhxxJXOk2XpQIbRwQygNzXmlQHLI1oGitd6Jm3wLRyABIIKfLZK3v3NOGsktu -qjInecUR27DW8ah33Q8+L0Ro4cMYQH30Dn8nSjxhAoGAC5Khxt/wllubH2cgXLPW -Gshw8RFLjKTf36Xsut+xh28RyJHo4zJZPdYKQIGaSlve9LaJQBbYymrxAX4/D+jB -LUeJjc3Bh6hJDda1P3Ir8i1Zf5hWLIN1JDo4SM24vQMoY/3D4+hb0uXBlwdlKqZT -uIda1gOmZRaIix+yDih3V88CgYAmw0mPd6IAQLpH7hhosCfJz9anVFUneO2GAJIK -iPGNSn9H1bbDjNyASqfqzgTUPrdcuRokDKULRZvNuboe2wVxZzxWM2a3ploIyQ+I -pNxskzpJ4vYhppWrP152k80YtayFQ/NZeEAtkCJtINfl3YvpfgsTQnJa1NG54ucT -X7fkwQKBgQDWhiZvB9YGaWGIwxUXR8eZtsilcMMwLWMr5YrYwfpZlb1Syxa8L32Y -Qyqx10b+0o+GcqhIoFc1YjjG7hgQkyYNtZ/weKAAZfNEdLA630oIva80NnoWTpYe -MuKRa2cQxeUmW1t5OoF63j6nZcTpR/AivBoBfdF4vSfF0tFB46N7qg== ------END RSA PRIVATE KEY----- diff --git a/docker-auth-registry/container/server.csr b/docker-auth-registry/container/server.csr deleted file mode 100644 index d3ffd9c3a..000000000 --- a/docker-auth-registry/container/server.csr +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICZTCCAU0CAQAwIDEeMBwGA1UEAxMVZ2wwNDMyMW0uZ2FtZXN5cy5jb3JwMIIB -IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/x+4myZH+OQlohGPQGKWU7t -xx26LjQ8XAWlpER1HseZphWmPVRdDvpvU8qKR9GxWrX3FBZagwFR7deXu2spCa1D -DwFBy5ysEK2HxKEI1U/1t9QhM4IDlFdWEO2FiT1GDkF8jqr6xVDPVwotzhLZFBUr -NcEtsZAMpg3jpv8Pz89WHzP+M87eqgt8SYBK4yWgDt1qiAshQiF9XKA5HjwKSi0N -86NjE+UTcGJ82lcCRTr3vnXHwPQicYY2sbawF6ZznzAbmPWrqIcfnkD/vvjtnHL2 -9gHL4eb/Dk4OxYdNkADZDMwmZgyalPkTFFRY7reqLojoHCzgdW1UxbaALRav7wID -AQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB2R18mbz31Aov765hX3MgXrt9h5lmbs -bGjawK+wT3RffLgKWAIMg6IXfzpYVfMTZGu8j0xBnz388371GNix3zct0fGtdY5c -tcaT67zvCy4ubAnOkd8lKBZM2FNfg2BeyVp3wKCrYEr9aYKesZnFVMgfx30dC1eO -lB97fBSz6hdPIzOKqGpj6cf8g7GmpaL5AHx2NuPbBoHwMhFpvIUK1OvwcGooMTJC -vGBwqZqDQybFPBpxQRUfVGm8ZBwkQvw+ekxgzeknd133lIi+ciL3lrLn3AqIrs/5 -TtnKG5E+YXHPxKXpeP8paPDZl/wVJrqhxZqyNMJnAQmNVMxjTWFjJzY= ------END CERTIFICATE REQUEST----- diff --git a/docker-auth-registry/container/start.sh b/docker-auth-registry/container/start.sh deleted file mode 100755 index c12ea4ed7..000000000 --- a/docker-auth-registry/container/start.sh +++ /dev/null @@ -1,8 +0,0 @@ -#! /bin/sh -set -eux - -docker-registry & -nginx - -wait - diff --git a/docker-auth-registry/fig.yml b/docker-auth-registry/fig.yml new file mode 100644 index 000000000..5b833325f --- /dev/null +++ b/docker-auth-registry/fig.yml @@ -0,0 +1,10 @@ +registry: + image: registry + ports: + - "5000:5000" +nginx: + build: nginx + ports: + - "443:8443" + links: + - registry diff --git a/docker-auth-registry/container/Dockerfile b/docker-auth-registry/nginx/Dockerfile similarity index 66% rename from docker-auth-registry/container/Dockerfile rename to docker-auth-registry/nginx/Dockerfile index 114077266..c425f4dea 100644 --- a/docker-auth-registry/container/Dockerfile +++ b/docker-auth-registry/nginx/Dockerfile @@ -1,7 +1,4 @@ -FROM registry - -RUN apt-get update -RUN apt-get install -y nginx +FROM dockerfile/nginx ADD server-cert.pem /etc/ssl/certs/docker-registry ADD server-key.pem /etc/ssl/private/docker-registry @@ -11,8 +8,6 @@ ADD docker-registry.conf /etc/nginx/ ADD docker-registry.htpasswd /etc/nginx/ -EXPOSE 5443 - -ADD start.sh . +EXPOSE 443 -CMD ./start.sh +CMD nginx diff --git a/docker-auth-registry/nginx/build.sh b/docker-auth-registry/nginx/build.sh new file mode 100755 index 000000000..621ce7409 --- /dev/null +++ b/docker-auth-registry/nginx/build.sh @@ -0,0 +1,27 @@ +#! /bin/sh +set -eu + + +echo "enter "registry" each time you are asked for a pass-phase" +echo "enter "registry" when requested for a common name" +echo "press enter for everything else" + +echo 01 > ca.srl +openssl genrsa -des3 -out ca-key.pem 2048 +openssl req -new -x509 -days 365 -key ca-key.pem -out ca.pem + +openssl genrsa -des3 -out server-key.pem 2048 +openssl req -subj "/CN=registry" -new -key server-key.pem -out server.csr +openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem -out server-cert.pem + +openssl rsa -in server-key.pem -out server-key.pem + +if [ "$(which boot2docker)" != "" ]; then + B=$(echo $DOCKER_HOST|sed 's/.*\/\(.*\):.*/\1/') + + scp -i ~/.ssh/id_boot2docker ca.pem docker@$B: + + echo "mkdir /etc/docker/certs.d/localhost:5443/" | boot2docker ssh + echo "cat ca.pem > /etc/docker/certs.d/localhost:5443/ca.crt" | boot2docker ssh +fi + diff --git a/docker-auth-registry/nginx/ca-key.pem b/docker-auth-registry/nginx/ca-key.pem new file mode 100644 index 000000000..39f7b1946 --- /dev/null +++ b/docker-auth-registry/nginx/ca-key.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,B5430D61BC639C5C + +16iWQsb9WQyDENfLqJcdF+KuER+0Bg51ZWBOam34z7iRLB3vDiULO718HVAXE+kL +IxA55utKPEkCT74CcUQ6+wlfEqXnBF3p3DPzBEVhLKdMKeciw4EzjCuV4+l+PKR4 +LEMT1NXUud8lzb2vej/HuXEObq2Pc9GTQBOQ/Y6hku4w+W9No4Dmo8jChAOquI5j +obkdsdMKtIu8SbsErbb8K0cngo6NaO/Jmn0E/VTVbDS7A8cn8NlGk59OfuhPP52d +qSegC/Ja3fCQZxuohrf+6UwlqEI4dlyqme1IKWEIXk3vCRy4zfMVpVzi6e2UXdyb +akU4lFCQbQEm1925m9poLqxkA2YXUr3e5KMJ1B6i40p5dWSgge8xpFQBXVFJo/Rf +rj//A5/ML/8LgZPvPtJqnLu3Z59naeGMwYkYscJGKMMfeOUKCtUwBWG3FbXX6Z8G +rlVeJ1YAU06sueur8BGbLbTtNU5i3ujQ2kb7k68CLGWMulY0a7jTLMHNTx6Mq/yH +xZly6hkfUsNjgAModLe6pt5CcoQbFptL+tWVRBMsvSr2P3NRQIoPRRgbvXw1mZ60 +v3FHukIXVczQ9J98GdIPgqDMFLPKL+AIbNarKnlv9hEyNgZ0D5Qu0+4DA1ITPfVy +nlGyKK46vHF4QqjSQXz7482FG8gduXfTW3O88HenQmyOt/AIllmlEm/940Ncv/xA +mgcvajhSTRmHq4JULKlzM2Beq3ABaa2FKFVh+8hZohhdxrt6BP59GhBq5/UKvjrt +6PGR46UzLvosjVRUDI7sxJQO+DWezdnNolKzw8doPmzkLqPKF4vHGKLU6tZ+KNCU +82CVJe+7X2+lgUs8mQVuQm4tTmKcNa3Yetpi+wG14OVx7Fobcl9uwPL2Kd7/23uQ +peS9dOyzN3IiMsuQaG/n6RyDFfFk64Algi2nW9m/s9CrZlzUhH78yzXxNex8fozs +KDV8n9KbGmtgBsdZC8uSg5+Luj7ri2xb0G2NFyNquCP17BvYkX02/xloWF8WKgCH +4SC/34wNCtu/OlVTRi5ujXZCm0D3U+pNv1xYdq5rJCUfjFtSCFRYRDRZ3wtLM1AS +UQmzGXHu64i+b0XjU2I8PvbUW39L5+/XZjdnbFcOQMVPlVjuh0AQNV5M5go3SVVi +Z+igAASkCvUyakb7LgmYhQjP/xyXa0EzIC5t9QoRkxbw3aWZMPKXA/g92lmDDZuj +IOPAgrFkms0CqYYApOrPoTCTtqx4+SdDP7HB+lFQ4v03552RhQBaZK2ukNcv6H6C +jP6iy6GQJzRWtpXv6lNCL2dg7qn39D5QhU61367MEFlF66v/oTX6RGSWgDeAWJW1 ++QhlCQUCDyNTpb2nkLg/BTrCEpRyq244pDjpFaIJ+MS3LOaGfJyXpOHMjvjWrX+l +EKxQTkuvlJKZLThS5sCejagmdB3DTgJpD/KvaAoaO77VHwSNvSQLA8CdnPiJ6NIg +Q+MUijW+yOPTSF4XE/x/AKg4aAFDthprayJ5u4gzDC568gkdQ034woWDQAHcNF4t +Dd+K/Go18mfo/1xyuBrXqUizkA2Dqe2tQMv9EwXsli4jywLJcqRhbA== +-----END RSA PRIVATE KEY----- diff --git a/docker-auth-registry/nginx/ca.pem b/docker-auth-registry/nginx/ca.pem new file mode 100644 index 000000000..a63e6a8f1 --- /dev/null +++ b/docker-auth-registry/nginx/ca.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIJAICgl2R8Mq2nMA0GCSqGSIb3DQEBBQUAMGsxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxJDAiBgNVBAMTG2FsZXgtY29sbGluc3MtbWFjYm9vay5s +b2NhbDAeFw0xNDExMDUyMTU5MzlaFw0xNTExMDUyMTU5MzlaMGsxCzAJBgNVBAYT +AkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRn +aXRzIFB0eSBMdGQxJDAiBgNVBAMTG2FsZXgtY29sbGluc3MtbWFjYm9vay5sb2Nh +bDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOQL3HUvUG5z0aa9C4ob +yh4xh2Xn7Ub0hroa+0VoJ0weplapYq6kRLnngEuHGv0yFps/abc/PndHCU1EUo7N +DmGPDFQ4AOBwymoZOjLHDnk7O76qL49tU9x7mnhqmcttaocTboR1g4c0a7AmgNjP +Da9jKkXP5WrgZeCdQD0azpTQiIVIbFLFYqzNArln8s/08RVW9OeRl5dqwGJIMMBy +DNEliBZEv7ZOBQOzyziwdNISl/PHtYvN45h6mQa4dcaVCU9EMdETfaJVGVQeXXn5 +u3QcnzSJEBnRi0hmQKhHgYXdxRRTraYc1/1nuZi99PVyyqC3zzJYOStbl5i18ZPf +5t0CAwEAAaOB0DCBzTAdBgNVHQ4EFgQUkPh8b4LHRL57tpA/ed6k4PTa+xEwgZ0G +A1UdIwSBlTCBkoAUkPh8b4LHRL57tpA/ed6k4PTa+xGhb6RtMGsxCzAJBgNVBAYT +AkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRn +aXRzIFB0eSBMdGQxJDAiBgNVBAMTG2FsZXgtY29sbGluc3MtbWFjYm9vay5sb2Nh +bIIJAICgl2R8Mq2nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAFyw +TkjUuVELHPZUt25h1K5Ja20E55ELwu+GaVtPKLK4qCXEEkESKmuNuwJQ//IPkvZ1 +b63/DJeeh8pF9Zia7hrBe1wj5OZ9KqzvFOzTdomLycGPRCh7p/ZUf8f3mVgSLOxZ +gCqbY2Mau3ve7SUB4dkE6wuYeDPjotlSZor4wiobCBuViJj4Z//434vwUh5eNiVv +JS5HCHVsrneN7YNx4FfWSMWjShSNBT4ltSE6yLkuWrSRlmZknWG1wyXQBZj3HqnB +/AcTt2VaGdxuEpXjjE7+sW5YwDtDSOwFqhPdwtUg7iogCUxpc3pwm8ZuLZ7a027Y +wtpHzs0SxSD5yK9eHOU= +-----END CERTIFICATE----- diff --git a/docker-auth-registry/container/ca.srl b/docker-auth-registry/nginx/ca.srl similarity index 100% rename from docker-auth-registry/container/ca.srl rename to docker-auth-registry/nginx/ca.srl diff --git a/docker-auth-registry/container/docker-registry.conf b/docker-auth-registry/nginx/docker-registry.conf similarity index 83% rename from docker-auth-registry/container/docker-registry.conf rename to docker-auth-registry/nginx/docker-registry.conf index 6173e5ca3..0e7e368f6 100644 --- a/docker-auth-registry/container/docker-registry.conf +++ b/docker-auth-registry/nginx/docker-registry.conf @@ -1,4 +1,4 @@ -proxy_pass http://docker-registry; +proxy_pass http://registry; proxy_set_header Host $http_host; # required for docker client's sake proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP proxy_set_header Authorization ""; # see https://github.com/dotcloud/docker-registry/issues/170 diff --git a/docker-auth-registry/container/docker-registry.htpasswd b/docker-auth-registry/nginx/docker-registry.htpasswd similarity index 100% rename from docker-auth-registry/container/docker-registry.htpasswd rename to docker-auth-registry/nginx/docker-registry.htpasswd diff --git a/docker-auth-registry/container/nginx.conf b/docker-auth-registry/nginx/nginx.conf similarity index 100% rename from docker-auth-registry/container/nginx.conf rename to docker-auth-registry/nginx/nginx.conf diff --git a/docker-auth-registry/nginx/server-cert.pem b/docker-auth-registry/nginx/server-cert.pem new file mode 100644 index 000000000..58b7e0ce4 --- /dev/null +++ b/docker-auth-registry/nginx/server-cert.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDBTCCAe0CAQIwDQYJKoZIhvcNAQEFBQAwazELMAkGA1UEBhMCQVUxEzARBgNV +BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 +ZDEkMCIGA1UEAxMbYWxleC1jb2xsaW5zcy1tYWNib29rLmxvY2FsMB4XDTE0MTEw +NTIxNTk0OVoXDTE1MTEwNTIxNTk0OVowJjEkMCIGA1UEAxMbYWxleC1jb2xsaW5z +cy1tYWNib29rLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +4ksN/P+TQHbN7tKSmAUTa83UPPc3MyGM6aqC/wSjoWNUL19oeGKAGL3+5UfAeN/W +wXkwuu8yceyA7n7965UEOAiF8hr63hyxBCC+MsC6v8hOz/nV0FJAxJXttrznp/KY +228Hv4p9twnaX8BH45dLBfXb/jmnHl8n1epQkDFNGTIqxqtZLqiB+TdxXr1BgIQ0 +R6JmEf348lmC6pQ2Kk1Psmfu1H64p7UGlDzfOIBhm+NXHcE02F2RbgcaR1KBGPLB +HRGiAa88vf5wSqwDLBdvbD1tyJfyS7tpm6wNpZJMwQJC5bsNwzd7eU76xJBm7QcH +uj2bcr8c9utFbtkfNhRYMwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQARO2RHZ7yh +TcRzPYvG2qFPO/mY0sHqFbZ8bVYrgAcaUIzSdZspQx4DeZzjMBnbHbLtFCBK9nHU +h1ZwxPiu9hyDiEpKtW/tCa4A72I1zDL9PIm5iBFZMg33I6OpHYXEYqhiwv/GctOg +xlzAC9YDbyIG34s+3ZTCLMZHi/PZJWkp5gLOfCr16cmu5acdPubeQEzSWDs7HNOb +DTeK9SoUHSoIjzbipTmnp/3mhTy7xQdmePEuqRHU5QxEsL5zua8O+JkcgSnllYCL +y9MmbRkb7WuP2jen926C7HCJ61UtgSHRlrWD3Bd/jrZja/9Fm/NKVye30fSb9mP2 +I1q7NhGfpkxk +-----END CERTIFICATE----- diff --git a/docker-auth-registry/nginx/server-key.pem b/docker-auth-registry/nginx/server-key.pem new file mode 100644 index 000000000..ba378d816 --- /dev/null +++ b/docker-auth-registry/nginx/server-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA4ksN/P+TQHbN7tKSmAUTa83UPPc3MyGM6aqC/wSjoWNUL19o +eGKAGL3+5UfAeN/WwXkwuu8yceyA7n7965UEOAiF8hr63hyxBCC+MsC6v8hOz/nV +0FJAxJXttrznp/KY228Hv4p9twnaX8BH45dLBfXb/jmnHl8n1epQkDFNGTIqxqtZ +LqiB+TdxXr1BgIQ0R6JmEf348lmC6pQ2Kk1Psmfu1H64p7UGlDzfOIBhm+NXHcE0 +2F2RbgcaR1KBGPLBHRGiAa88vf5wSqwDLBdvbD1tyJfyS7tpm6wNpZJMwQJC5bsN +wzd7eU76xJBm7QcHuj2bcr8c9utFbtkfNhRYMwIDAQABAoIBAHectoMhUGNFqOpw +sX3bSP21qVakUbAcLtCgCWfkut0mlKwJoT3oys7JNr9YotsBbhGMDn7wylg/a5Mk +2vC4LqezkaF8M1hOEB8fc4l+J/gRV99ErojTwVpn6WOrDEPQzo1GbfEHshWbBquQ +Bi+9m7FF2IfTT4uVPogqt3TQKnGC/XdYZSc1DOxxH66sesIBYoIG/MpaH3zYw+tI +aW3kOYbYZKmJKBk05XOLlS2T9Jlf0GgDyG+4/Dz3TRvJV2KwB/SH+CUDss+vT2ud +ahJ/fP1oDJYtBDY+IfcY1cOGWD8v5XD3tTTZ+kCFW2080EoAngeupf1m9mR1ETi4 +xs/NxqkCgYEA8m+bcjeeUbZw2ngMRRA+VJf8sAH9HanG2+gEAax8xPXz8O42FuLq +8ex25VpxOPg+8/orcrTgCfkM4CoNV/9PPyMbQRwGMigkEg76MD/dvFmyW2mMRape +hat3Ld+NxG/cuTYPSWa4RtFaMovTwPPIvkjJNK4GGrJmzPchGj9wNd8CgYEA7vQ8 +SnBCBQhXi4tIPF3bFU44WqE9yf2sJmC3y738PIa+FqRfdIgDal6l70a3dZMyNkhO +EFRUDIIoSfNdc1Nywglz3VTeFM93GKYPtbuJDPda1jMT2Evi9bWzYO9OKV9i4rze +WdQ+l+idbJ36tNYgVaoHNx/KhHpWCJzkFwVBIC0CgYBJEDex0W9GQwx52uofukh+ +qBuAU+kbknoa9i6W7ovftBwjhTcJ6LNT26btcjdjKvWWA9QqSramasdlm2bQGWKh +rYveMHrxjMVqJ9dgyS6jQAkPoZyjtjesY0OUsKYCCJBlxRQQVAO/XAKp7xgPM6lR +J5Bz7upqC1AN/4Cbb3j60wKBgQCqTT86/k7PL2bVeWr+OxYNVTYswYY8E6NBpuTX +PIwsxwtrL7MoZleo09QHeKsADOxYa6fXU4Kjd5AnRF9x9iNvzzTYpcexpTsIQjIo +H4RJzXDcAINAQLV80QcLKwLV0bm0R09hTjdeJNcttlob0BAzfX6u9uVrDZWLheW5 +0nDb8QKBgFcgD84A2xcunL+ZLtZ5YwyY3PPCoU3hDnHT2ZFz7H74rthLv/RXTmX0 +BM/ZUVHKeLPzgXyxR0kpojDkVfx8q8Ncz8xZse+TTX1Lk3HGJIFS40gnvTaUc+4I +bpzH7lRdjEuAAK+fDYZa8pEeep6y9tVEa38RrL09F7+XDBuvLY2b +-----END RSA PRIVATE KEY----- diff --git a/docker-auth-registry/nginx/server.csr b/docker-auth-registry/nginx/server.csr new file mode 100644 index 000000000..7d7c16bd6 --- /dev/null +++ b/docker-auth-registry/nginx/server.csr @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICazCCAVMCAQAwJjEkMCIGA1UEAxMbYWxleC1jb2xsaW5zcy1tYWNib29rLmxv +Y2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ksN/P+TQHbN7tKS +mAUTa83UPPc3MyGM6aqC/wSjoWNUL19oeGKAGL3+5UfAeN/WwXkwuu8yceyA7n79 +65UEOAiF8hr63hyxBCC+MsC6v8hOz/nV0FJAxJXttrznp/KY228Hv4p9twnaX8BH +45dLBfXb/jmnHl8n1epQkDFNGTIqxqtZLqiB+TdxXr1BgIQ0R6JmEf348lmC6pQ2 +Kk1Psmfu1H64p7UGlDzfOIBhm+NXHcE02F2RbgcaR1KBGPLBHRGiAa88vf5wSqwD +LBdvbD1tyJfyS7tpm6wNpZJMwQJC5bsNwzd7eU76xJBm7QcHuj2bcr8c9utFbtkf +NhRYMwIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAA0ZWAcEwZjSlZnf13qzg9C/ +1PIvb4h4Wz2oADHHmszvd+Ze8qUaqin1Ds56gh/tlMomJPxjXUgxW4Y2sg2a3981 +g7C5rtp6Us/2erEKuZUpeQCc36UeCaF9jmWUtmVRo1hMNn3FKlTECQyApVWo9kWW +Sr1RZMuYbxkmD+ZuBXspM2BrRLFwUaBhpGeukORG7cYE2SSbdYVFX85Te4una/+L +Z0WcWDyzSy4MnsSLjMILWV3RhvXkL7ASA/dOnA7+d50GATIYwwpYKte9GzKZfUH/ +ADa1y47ZsJOtBn1cS4HOzWBHqao6WF7mcENE9UQtfPhU3IUmLgeypki47ZNqyGw= +-----END CERTIFICATE REQUEST----- diff --git a/docker-auth-registry/registry.sh b/docker-auth-registry/registry.sh deleted file mode 100755 index 91ea9d53f..000000000 --- a/docker-auth-registry/registry.sh +++ /dev/null @@ -1,84 +0,0 @@ -#! /bin/sh -set -eu - -function build() { - echo "building..." - if [ ! -e done ]; then - echo "enter dockerjava each time you are asked for a pass-phase" - H=$(hostname) - echo "enter $H when requested for a common name" - echo "press enter for everything else" - - echo 01 > ca.srl - openssl genrsa -des3 -out ca-key.pem 2048 - openssl req -new -x509 -days 365 -key ca-key.pem -out ca.pem - - openssl genrsa -des3 -out server-key.pem 2048 - openssl req -subj "/CN=$H" -new -key server-key.pem -out server.csr - openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem -out server-cert.pem - - openssl rsa -in server-key.pem -out server-key.pem - - if [ "$(which boot2docker)" != "" ]; then - B=$(echo $DOCKER_HOST|sed 's/.*\/\(.*\):.*/\1/') - - scp -i ~/.ssh/id_boot2docker ca.pem docker@$B: - - echo "mkdir /etc/docker/certs.d/localhost:5443/" | boot2docker ssh - echo "cat ca.pem > /etc/docker/certs.d/localhost:5443/ca.crt" | boot2docker ssh - fi - - touch done - fi - - docker build -t auth-registry . - - if [ "$(which boot2docker)" != "" ]; then - VBoxManage controlvm boot2docker-vm natpf1 "5443,tcp,127.0.0.1,5443,,5443" || true - fi -} - -function start() { - echo "starting..." - docker run -P -p 5443:5443 -d auth-registry - sleep 2s -} - -function stop() { - PS=$(docker ps|grep auth-registry|awk '{print $1}') - if [ "" != "$PS" ]; then - echo "stopping..." - docker kill $PS - fi - if [ "$(which boot2docker)" != "" ]; then - VBoxManage controlvm boot2docker-vm natpf1 delete 5443 || true - fi -} - -function testIt() { - echo "testing..." - curl https://localhost:5443/v1/_ping -f -k - echo - curl https://localhost:5443/v1/users/ -k -f --basic --user dockerjava:dockerjava - echo -} - -C=${1:-''} - -cd container - -case $C in - build) build ;; - start) start ;; - stop) stop ;; - test) testIt ;; - '') - stop - build - start - testIt - ;; - *) - echo "$(basename $0) (build|start|stop|test)" -esac - diff --git a/src/main/java/com/github/dockerjava/api/model/ErrorDetail.java b/src/main/java/com/github/dockerjava/api/model/ErrorDetail.java new file mode 100644 index 000000000..bc9b9bba5 --- /dev/null +++ b/src/main/java/com/github/dockerjava/api/model/ErrorDetail.java @@ -0,0 +1,4 @@ +package com.github.dockerjava.api.model; + +public class ErrorDetail { +} diff --git a/src/main/java/com/github/dockerjava/api/model/ErrorResponse.java b/src/main/java/com/github/dockerjava/api/model/ErrorResponse.java new file mode 100644 index 000000000..9993d215f --- /dev/null +++ b/src/main/java/com/github/dockerjava/api/model/ErrorResponse.java @@ -0,0 +1,4 @@ +package com.github.dockerjava.api.model; + +public class ErrorResponse { +} From 1ad712e14e65bdba534c799467db0cda335916a2 Mon Sep 17 00:00:00 2001 From: Alex Collins Date: Sat, 8 Nov 2014 23:26:30 +0000 Subject: [PATCH 14/18] 1 --- docker-auth-registry/nginx/build.sh | 14 ++---- docker-auth-registry/nginx/ca-key.pem | 30 ----------- docker-auth-registry/nginx/ca.pem | 42 ++++++++-------- docker-auth-registry/nginx/ca.srl | 2 +- .../nginx/docker-registry.htpasswd | 2 +- docker-auth-registry/nginx/server-cert.pem | 31 ++++++------ docker-auth-registry/nginx/server-key.pem | 50 +++++++++---------- docker-auth-registry/nginx/server.csr | 26 +++++----- 8 files changed, 78 insertions(+), 119 deletions(-) diff --git a/docker-auth-registry/nginx/build.sh b/docker-auth-registry/nginx/build.sh index 621ce7409..3b2158e88 100755 --- a/docker-auth-registry/nginx/build.sh +++ b/docker-auth-registry/nginx/build.sh @@ -3,9 +3,11 @@ set -eu echo "enter "registry" each time you are asked for a pass-phase" -echo "enter "registry" when requested for a common name" +echo "enter "nginx" when requested for a common name" echo "press enter for everything else" +htpasswd -bc docker-registry.htpasswd registry registry + echo 01 > ca.srl openssl genrsa -des3 -out ca-key.pem 2048 openssl req -new -x509 -days 365 -key ca-key.pem -out ca.pem @@ -15,13 +17,3 @@ openssl req -subj "/CN=registry" -new -key server-key.pem -out server.csr openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem -out server-cert.pem openssl rsa -in server-key.pem -out server-key.pem - -if [ "$(which boot2docker)" != "" ]; then - B=$(echo $DOCKER_HOST|sed 's/.*\/\(.*\):.*/\1/') - - scp -i ~/.ssh/id_boot2docker ca.pem docker@$B: - - echo "mkdir /etc/docker/certs.d/localhost:5443/" | boot2docker ssh - echo "cat ca.pem > /etc/docker/certs.d/localhost:5443/ca.crt" | boot2docker ssh -fi - diff --git a/docker-auth-registry/nginx/ca-key.pem b/docker-auth-registry/nginx/ca-key.pem index 39f7b1946..e69de29bb 100644 --- a/docker-auth-registry/nginx/ca-key.pem +++ b/docker-auth-registry/nginx/ca-key.pem @@ -1,30 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,B5430D61BC639C5C - -16iWQsb9WQyDENfLqJcdF+KuER+0Bg51ZWBOam34z7iRLB3vDiULO718HVAXE+kL -IxA55utKPEkCT74CcUQ6+wlfEqXnBF3p3DPzBEVhLKdMKeciw4EzjCuV4+l+PKR4 -LEMT1NXUud8lzb2vej/HuXEObq2Pc9GTQBOQ/Y6hku4w+W9No4Dmo8jChAOquI5j -obkdsdMKtIu8SbsErbb8K0cngo6NaO/Jmn0E/VTVbDS7A8cn8NlGk59OfuhPP52d -qSegC/Ja3fCQZxuohrf+6UwlqEI4dlyqme1IKWEIXk3vCRy4zfMVpVzi6e2UXdyb -akU4lFCQbQEm1925m9poLqxkA2YXUr3e5KMJ1B6i40p5dWSgge8xpFQBXVFJo/Rf -rj//A5/ML/8LgZPvPtJqnLu3Z59naeGMwYkYscJGKMMfeOUKCtUwBWG3FbXX6Z8G -rlVeJ1YAU06sueur8BGbLbTtNU5i3ujQ2kb7k68CLGWMulY0a7jTLMHNTx6Mq/yH -xZly6hkfUsNjgAModLe6pt5CcoQbFptL+tWVRBMsvSr2P3NRQIoPRRgbvXw1mZ60 -v3FHukIXVczQ9J98GdIPgqDMFLPKL+AIbNarKnlv9hEyNgZ0D5Qu0+4DA1ITPfVy -nlGyKK46vHF4QqjSQXz7482FG8gduXfTW3O88HenQmyOt/AIllmlEm/940Ncv/xA -mgcvajhSTRmHq4JULKlzM2Beq3ABaa2FKFVh+8hZohhdxrt6BP59GhBq5/UKvjrt -6PGR46UzLvosjVRUDI7sxJQO+DWezdnNolKzw8doPmzkLqPKF4vHGKLU6tZ+KNCU -82CVJe+7X2+lgUs8mQVuQm4tTmKcNa3Yetpi+wG14OVx7Fobcl9uwPL2Kd7/23uQ -peS9dOyzN3IiMsuQaG/n6RyDFfFk64Algi2nW9m/s9CrZlzUhH78yzXxNex8fozs -KDV8n9KbGmtgBsdZC8uSg5+Luj7ri2xb0G2NFyNquCP17BvYkX02/xloWF8WKgCH -4SC/34wNCtu/OlVTRi5ujXZCm0D3U+pNv1xYdq5rJCUfjFtSCFRYRDRZ3wtLM1AS -UQmzGXHu64i+b0XjU2I8PvbUW39L5+/XZjdnbFcOQMVPlVjuh0AQNV5M5go3SVVi -Z+igAASkCvUyakb7LgmYhQjP/xyXa0EzIC5t9QoRkxbw3aWZMPKXA/g92lmDDZuj -IOPAgrFkms0CqYYApOrPoTCTtqx4+SdDP7HB+lFQ4v03552RhQBaZK2ukNcv6H6C -jP6iy6GQJzRWtpXv6lNCL2dg7qn39D5QhU61367MEFlF66v/oTX6RGSWgDeAWJW1 -+QhlCQUCDyNTpb2nkLg/BTrCEpRyq244pDjpFaIJ+MS3LOaGfJyXpOHMjvjWrX+l -EKxQTkuvlJKZLThS5sCejagmdB3DTgJpD/KvaAoaO77VHwSNvSQLA8CdnPiJ6NIg -Q+MUijW+yOPTSF4XE/x/AKg4aAFDthprayJ5u4gzDC568gkdQ034woWDQAHcNF4t -Dd+K/Go18mfo/1xyuBrXqUizkA2Dqe2tQMv9EwXsli4jywLJcqRhbA== ------END RSA PRIVATE KEY----- diff --git a/docker-auth-registry/nginx/ca.pem b/docker-auth-registry/nginx/ca.pem index a63e6a8f1..5d13a8a82 100644 --- a/docker-auth-registry/nginx/ca.pem +++ b/docker-auth-registry/nginx/ca.pem @@ -1,25 +1,23 @@ -----BEGIN CERTIFICATE----- -MIIEKjCCAxKgAwIBAgIJAICgl2R8Mq2nMA0GCSqGSIb3DQEBBQUAMGsxCzAJBgNV +MIID5jCCAs6gAwIBAgIJAMKZlxOyqvJlMA0GCSqGSIb3DQEBBQUAMFUxCzAJBgNV BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX -aWRnaXRzIFB0eSBMdGQxJDAiBgNVBAMTG2FsZXgtY29sbGluc3MtbWFjYm9vay5s -b2NhbDAeFw0xNDExMDUyMTU5MzlaFw0xNTExMDUyMTU5MzlaMGsxCzAJBgNVBAYT -AkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRn -aXRzIFB0eSBMdGQxJDAiBgNVBAMTG2FsZXgtY29sbGluc3MtbWFjYm9vay5sb2Nh -bDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOQL3HUvUG5z0aa9C4ob -yh4xh2Xn7Ub0hroa+0VoJ0weplapYq6kRLnngEuHGv0yFps/abc/PndHCU1EUo7N -DmGPDFQ4AOBwymoZOjLHDnk7O76qL49tU9x7mnhqmcttaocTboR1g4c0a7AmgNjP -Da9jKkXP5WrgZeCdQD0azpTQiIVIbFLFYqzNArln8s/08RVW9OeRl5dqwGJIMMBy -DNEliBZEv7ZOBQOzyziwdNISl/PHtYvN45h6mQa4dcaVCU9EMdETfaJVGVQeXXn5 -u3QcnzSJEBnRi0hmQKhHgYXdxRRTraYc1/1nuZi99PVyyqC3zzJYOStbl5i18ZPf -5t0CAwEAAaOB0DCBzTAdBgNVHQ4EFgQUkPh8b4LHRL57tpA/ed6k4PTa+xEwgZ0G -A1UdIwSBlTCBkoAUkPh8b4LHRL57tpA/ed6k4PTa+xGhb6RtMGsxCzAJBgNVBAYT -AkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRn -aXRzIFB0eSBMdGQxJDAiBgNVBAMTG2FsZXgtY29sbGluc3MtbWFjYm9vay5sb2Nh -bIIJAICgl2R8Mq2nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAFyw -TkjUuVELHPZUt25h1K5Ja20E55ELwu+GaVtPKLK4qCXEEkESKmuNuwJQ//IPkvZ1 -b63/DJeeh8pF9Zia7hrBe1wj5OZ9KqzvFOzTdomLycGPRCh7p/ZUf8f3mVgSLOxZ -gCqbY2Mau3ve7SUB4dkE6wuYeDPjotlSZor4wiobCBuViJj4Z//434vwUh5eNiVv -JS5HCHVsrneN7YNx4FfWSMWjShSNBT4ltSE6yLkuWrSRlmZknWG1wyXQBZj3HqnB -/AcTt2VaGdxuEpXjjE7+sW5YwDtDSOwFqhPdwtUg7iogCUxpc3pwm8ZuLZ7a027Y -wtpHzs0SxSD5yK9eHOU= +aWRnaXRzIFB0eSBMdGQxDjAMBgNVBAMTBW5naW54MB4XDTE0MTEwODIzMjQyMFoX +DTE1MTEwODIzMjQyMFowVTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3Rh +dGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEOMAwGA1UEAxMF +bmdpbngwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9uw9QacXEkB+C +QNYVPFhL3UrpiLSnNSe8pdyFNgeQ4kqhKmI5dteOG1B8v1gEDNn+sJbWoRtQbNaI +ksyr6NmfFWL3vdYDypgY74cnoVJ3OHHsGBT/MMs540jc9MgfqzlSy98Gr8Eq+Bfa +q/hS+QzuI3tI3/t20B0Pfrs4VLCydG/ZbR1CXpRBzkMl5sKQ+fQZjT3SwE0BHdn8 +EC5rSH2tHGWgm/BIZvQm7o82wv7w46ksDbuZpfhv5vg914/3aa7GPcKGNF6+LALz +omycIP3X62jpsjxohn5sICBSLpm2kSL+MqK0k61EeGVeDwgTYThORaYk/wv/QJ/4 +JNlQ104TAgMBAAGjgbgwgbUwHQYDVR0OBBYEFLQ2Pok5e+v1E2w/f4r24Jr/vAwO +MIGFBgNVHSMEfjB8gBS0Nj6JOXvr9RNsP3+K9uCa/7wMDqFZpFcwVTELMAkGA1UE +BhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdp +ZGdpdHMgUHR5IEx0ZDEOMAwGA1UEAxMFbmdpbniCCQDCmZcTsqryZTAMBgNVHRME +BTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQC6XuA41OvXO4+l39ElKFRjKSdknL6v +kU3mjo6frgW1Vt5MJzAUuwGwGAMum/+62mv//HvbJVUhbyxkk1Iq0gChofOMMyto +I8aEeqWgubMBQJMZUQFVZr2Ye3zEZpeVwezg5RS5M74H2OqCuDwzMHo3vpXAuMrF +Sr1jCB5pMwd6kED5sOteo0pW+etgZRKg+d9IaoE5sDmFghNfaLH+ZzIHJknOarPI +1ZKt+Xa6MQWeqdez4JDGtAyL4Ujv34BHypNnFmmEZRRaJaPaO9Pi2AEOlEyzsBTk +UgPv0Oa4QA8NqRCDF621tHmmBnaINox1AORh3UVuYHXvs7DnsQK2vXmF -----END CERTIFICATE----- diff --git a/docker-auth-registry/nginx/ca.srl b/docker-auth-registry/nginx/ca.srl index 9e22bcb8e..8a0f05e16 100644 --- a/docker-auth-registry/nginx/ca.srl +++ b/docker-auth-registry/nginx/ca.srl @@ -1 +1 @@ -02 +01 diff --git a/docker-auth-registry/nginx/docker-registry.htpasswd b/docker-auth-registry/nginx/docker-registry.htpasswd index 8288b1606..29d18b5d0 100644 --- a/docker-auth-registry/nginx/docker-registry.htpasswd +++ b/docker-auth-registry/nginx/docker-registry.htpasswd @@ -1 +1 @@ -dockerjava:$apr1$9s.aEJml$nivZMa6GEWnJA/FhpTPbj0 +registry:$apr1$7T1Nc0O5$KtMdxpRxf7D2B25.k4n8c0 diff --git a/docker-auth-registry/nginx/server-cert.pem b/docker-auth-registry/nginx/server-cert.pem index 58b7e0ce4..8e7b1ab35 100644 --- a/docker-auth-registry/nginx/server-cert.pem +++ b/docker-auth-registry/nginx/server-cert.pem @@ -1,19 +1,18 @@ -----BEGIN CERTIFICATE----- -MIIDBTCCAe0CAQIwDQYJKoZIhvcNAQEFBQAwazELMAkGA1UEBhMCQVUxEzARBgNV +MIIC3DCCAcQCAQIwDQYJKoZIhvcNAQEFBQAwVTELMAkGA1UEBhMCQVUxEzARBgNV BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 -ZDEkMCIGA1UEAxMbYWxleC1jb2xsaW5zcy1tYWNib29rLmxvY2FsMB4XDTE0MTEw -NTIxNTk0OVoXDTE1MTEwNTIxNTk0OVowJjEkMCIGA1UEAxMbYWxleC1jb2xsaW5z -cy1tYWNib29rLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA -4ksN/P+TQHbN7tKSmAUTa83UPPc3MyGM6aqC/wSjoWNUL19oeGKAGL3+5UfAeN/W -wXkwuu8yceyA7n7965UEOAiF8hr63hyxBCC+MsC6v8hOz/nV0FJAxJXttrznp/KY -228Hv4p9twnaX8BH45dLBfXb/jmnHl8n1epQkDFNGTIqxqtZLqiB+TdxXr1BgIQ0 -R6JmEf348lmC6pQ2Kk1Psmfu1H64p7UGlDzfOIBhm+NXHcE02F2RbgcaR1KBGPLB -HRGiAa88vf5wSqwDLBdvbD1tyJfyS7tpm6wNpZJMwQJC5bsNwzd7eU76xJBm7QcH -uj2bcr8c9utFbtkfNhRYMwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQARO2RHZ7yh -TcRzPYvG2qFPO/mY0sHqFbZ8bVYrgAcaUIzSdZspQx4DeZzjMBnbHbLtFCBK9nHU -h1ZwxPiu9hyDiEpKtW/tCa4A72I1zDL9PIm5iBFZMg33I6OpHYXEYqhiwv/GctOg -xlzAC9YDbyIG34s+3ZTCLMZHi/PZJWkp5gLOfCr16cmu5acdPubeQEzSWDs7HNOb -DTeK9SoUHSoIjzbipTmnp/3mhTy7xQdmePEuqRHU5QxEsL5zua8O+JkcgSnllYCL -y9MmbRkb7WuP2jen926C7HCJ61UtgSHRlrWD3Bd/jrZja/9Fm/NKVye30fSb9mP2 -I1q7NhGfpkxk +ZDEOMAwGA1UEAxMFbmdpbngwHhcNMTQxMTA4MjMyNDI2WhcNMTUxMTA4MjMyNDI2 +WjATMREwDwYDVQQDEwhyZWdpc3RyeTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBALngTSPRHqI1BDVzj3zD6gnFdfBVVLHkWdjH7cD6XI44xDTPOQvefzw0 +Io+Dh2AuS1cqjEWpM5sS0sN4790Nm3EFC6GYa4wINxekEmc57ANOYoo/29PHHjKz +hIV0kZy5uNCcv+rPzAFofJSR8qNI8wT169fTeTLv8ooB588NdDWKMX7CsGDy3kTz +dWw8tUpn0iv8MNspPcu+u1LTe0jiucOv64mQtr3VhL0fVnCSse+qZQ+qrOXcSNIw +CBhmrppaJ0Cu8gpUM0eS8cYm4sfMUpntY1z3ktZ+48WO8/s4L0FADTbAtwLWZr0G +gtLYJjNi0cdpoDBB/hh6L1CGiutGEB8CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA +ghLkKO99yjoMV/UozhAd1mOLiMecgxT3PfURBECnwghnr1AtvZR0XDmvx18wqSdV +fgK9Bkm4oCD9jwZdeaKoUrkUeeFK5rftahLOQhvNfmRGhk6CtS101YVcQkpS8xE/ +HfXNLaHS9eofAky/DLiVxzl2NIScMooCIaCjl/AXChDC3UmtlewoEUCAow8DzKwt +SXcdc6OlpPXW+9TGhTjnweK4tuehQIQTCT6F6Fr9kpgSlCZ+P2Mwp9AJfh0zbBGs +zEukHeY9RHl5cppF/pHeNFikOO2V5iZ0XrdRwcMqjUmCJKphO+2+pR0buAjwBWHU +vDAL1d0OWPT7tSzm4g1m6A== -----END CERTIFICATE----- diff --git a/docker-auth-registry/nginx/server-key.pem b/docker-auth-registry/nginx/server-key.pem index ba378d816..69dbf5a6f 100644 --- a/docker-auth-registry/nginx/server-key.pem +++ b/docker-auth-registry/nginx/server-key.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA4ksN/P+TQHbN7tKSmAUTa83UPPc3MyGM6aqC/wSjoWNUL19o -eGKAGL3+5UfAeN/WwXkwuu8yceyA7n7965UEOAiF8hr63hyxBCC+MsC6v8hOz/nV -0FJAxJXttrznp/KY228Hv4p9twnaX8BH45dLBfXb/jmnHl8n1epQkDFNGTIqxqtZ -LqiB+TdxXr1BgIQ0R6JmEf348lmC6pQ2Kk1Psmfu1H64p7UGlDzfOIBhm+NXHcE0 -2F2RbgcaR1KBGPLBHRGiAa88vf5wSqwDLBdvbD1tyJfyS7tpm6wNpZJMwQJC5bsN -wzd7eU76xJBm7QcHuj2bcr8c9utFbtkfNhRYMwIDAQABAoIBAHectoMhUGNFqOpw -sX3bSP21qVakUbAcLtCgCWfkut0mlKwJoT3oys7JNr9YotsBbhGMDn7wylg/a5Mk -2vC4LqezkaF8M1hOEB8fc4l+J/gRV99ErojTwVpn6WOrDEPQzo1GbfEHshWbBquQ -Bi+9m7FF2IfTT4uVPogqt3TQKnGC/XdYZSc1DOxxH66sesIBYoIG/MpaH3zYw+tI -aW3kOYbYZKmJKBk05XOLlS2T9Jlf0GgDyG+4/Dz3TRvJV2KwB/SH+CUDss+vT2ud -ahJ/fP1oDJYtBDY+IfcY1cOGWD8v5XD3tTTZ+kCFW2080EoAngeupf1m9mR1ETi4 -xs/NxqkCgYEA8m+bcjeeUbZw2ngMRRA+VJf8sAH9HanG2+gEAax8xPXz8O42FuLq -8ex25VpxOPg+8/orcrTgCfkM4CoNV/9PPyMbQRwGMigkEg76MD/dvFmyW2mMRape -hat3Ld+NxG/cuTYPSWa4RtFaMovTwPPIvkjJNK4GGrJmzPchGj9wNd8CgYEA7vQ8 -SnBCBQhXi4tIPF3bFU44WqE9yf2sJmC3y738PIa+FqRfdIgDal6l70a3dZMyNkhO -EFRUDIIoSfNdc1Nywglz3VTeFM93GKYPtbuJDPda1jMT2Evi9bWzYO9OKV9i4rze -WdQ+l+idbJ36tNYgVaoHNx/KhHpWCJzkFwVBIC0CgYBJEDex0W9GQwx52uofukh+ -qBuAU+kbknoa9i6W7ovftBwjhTcJ6LNT26btcjdjKvWWA9QqSramasdlm2bQGWKh -rYveMHrxjMVqJ9dgyS6jQAkPoZyjtjesY0OUsKYCCJBlxRQQVAO/XAKp7xgPM6lR -J5Bz7upqC1AN/4Cbb3j60wKBgQCqTT86/k7PL2bVeWr+OxYNVTYswYY8E6NBpuTX -PIwsxwtrL7MoZleo09QHeKsADOxYa6fXU4Kjd5AnRF9x9iNvzzTYpcexpTsIQjIo -H4RJzXDcAINAQLV80QcLKwLV0bm0R09hTjdeJNcttlob0BAzfX6u9uVrDZWLheW5 -0nDb8QKBgFcgD84A2xcunL+ZLtZ5YwyY3PPCoU3hDnHT2ZFz7H74rthLv/RXTmX0 -BM/ZUVHKeLPzgXyxR0kpojDkVfx8q8Ncz8xZse+TTX1Lk3HGJIFS40gnvTaUc+4I -bpzH7lRdjEuAAK+fDYZa8pEeep6y9tVEa38RrL09F7+XDBuvLY2b +MIIEpAIBAAKCAQEAueBNI9EeojUENXOPfMPqCcV18FVUseRZ2MftwPpcjjjENM85 +C95/PDQij4OHYC5LVyqMRakzmxLSw3jv3Q2bcQULoZhrjAg3F6QSZznsA05iij/b +08ceMrOEhXSRnLm40Jy/6s/MAWh8lJHyo0jzBPXr19N5Mu/yigHnzw10NYoxfsKw +YPLeRPN1bDy1SmfSK/ww2yk9y767UtN7SOK5w6/riZC2vdWEvR9WcJKx76plD6qs +5dxI0jAIGGaumlonQK7yClQzR5Lxxibix8xSme1jXPeS1n7jxY7z+zgvQUANNsC3 +AtZmvQaC0tgmM2LRx2mgMEH+GHovUIaK60YQHwIDAQABAoIBADc/Es59fmRp65lT +gqdrt6k11osbYbQKEiZbri/4egAPoUms+eCsPhcPy+HqDxeoSt5amBywYNVLr/dH +f8utGrFp9X4PRo/1dSKCsrGZxqto5eL/fgAhI7mgH9hmwEzb6rGelXBeWN1mR/kE +tCCSMyEbUwDwKwrXxLf+Pv8Mmai7qu3umjSOMa4YZwYEUizuFu2zXMaODM0BL2VB +3CzgdWOes3bTt/cXHdEROi0q4LxwZS6/EZ0yLG0WlBHL0yu38qn6OhU4bSxb6sLb +X8EEP0oQqk161Kkg2EPcYWwxKzeIALeYVNWYCANwZ+QWU+2Ltra0l4zXN8QtZhdf +i8FXaOkCgYEA81FdvxZOTa8J2+HvG3ZS1EzK0yBD6tl6sk6kP5sAWJ3EIh8KU3/q +ENKr1z4dkEW+Qfrt3TqCUJgVorQIfD5EN6Ma5oK/yB4RrJZj+/nCacYRkbP+5hS2 +N4mRuIWkpvrLUckWX6CqSe6WyBii28V7C1wcFSWsAORHxqT4B1XSAL0CgYEAw5B7 +DzA4sHBZvfBmzi8ubIvhLagJ7xcJy9HYjbegqgjcssBygYmbAnf0UKeiVE9sIqv2 +nqUV2DjNTQjLG53FBtASmuuFTLosw2ijwmHZze8n6+qkWgNiRoeMnJZA6gF4BxFk +axkW5I0I2MBNqA6gw3TkjwExMT4QjPWNjYwUqAsCgYEAlzH0Yw1lUvh10+CtSA9a +oPmm/1KJYaIKkEo13iBfMrG2cs1/CSvvMsz2YyYCEOiFtVJMBLCa0aHvr87Xhvza +Pwhnat3MdnnY2boKH0Wv/TJLMJL8zdQI9rHRjyvciLZHKWcfNAUOTCqqH2TPrmkk +cIaoHKvwGg3AXDuetFAr0rECgYEAjFU9OSTtSQ8WFspPu1z3/0RRDaYrmrn5eZzX +vLosPFenp02Z3YKVDSxu0QG55q4ndqnXivgDuOjpyYGp3eNU4xKkhy7CtNBUFtUb +zfzRgok/KHd0AHO1Lc9PA35+jm0HaGr+mCuk1dSuqHs2PoZgrmFPMZ81YZSb48rB +DPWcTQkCgYBqP4m3/Gbd3k/JVjDKZm5dV14fLJSwTuszA3XwmpmF4Y50ejLplV+B +lkcumY8SSCjfYWcV36GPTT31fFzk2dNqmFk2fbYs5AerwOqb1NjVbaSS0DGYTYaL +HHv507INmrv9FkAXQyC/x1q4gMcNSr0DKhMnGR8EphxZpwGHF6nZyQ== -----END RSA PRIVATE KEY----- diff --git a/docker-auth-registry/nginx/server.csr b/docker-auth-registry/nginx/server.csr index 7d7c16bd6..b9b45eb8f 100644 --- a/docker-auth-registry/nginx/server.csr +++ b/docker-auth-registry/nginx/server.csr @@ -1,15 +1,15 @@ -----BEGIN CERTIFICATE REQUEST----- -MIICazCCAVMCAQAwJjEkMCIGA1UEAxMbYWxleC1jb2xsaW5zcy1tYWNib29rLmxv -Y2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ksN/P+TQHbN7tKS -mAUTa83UPPc3MyGM6aqC/wSjoWNUL19oeGKAGL3+5UfAeN/WwXkwuu8yceyA7n79 -65UEOAiF8hr63hyxBCC+MsC6v8hOz/nV0FJAxJXttrznp/KY228Hv4p9twnaX8BH -45dLBfXb/jmnHl8n1epQkDFNGTIqxqtZLqiB+TdxXr1BgIQ0R6JmEf348lmC6pQ2 -Kk1Psmfu1H64p7UGlDzfOIBhm+NXHcE02F2RbgcaR1KBGPLBHRGiAa88vf5wSqwD -LBdvbD1tyJfyS7tpm6wNpZJMwQJC5bsNwzd7eU76xJBm7QcHuj2bcr8c9utFbtkf -NhRYMwIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAA0ZWAcEwZjSlZnf13qzg9C/ -1PIvb4h4Wz2oADHHmszvd+Ze8qUaqin1Ds56gh/tlMomJPxjXUgxW4Y2sg2a3981 -g7C5rtp6Us/2erEKuZUpeQCc36UeCaF9jmWUtmVRo1hMNn3FKlTECQyApVWo9kWW -Sr1RZMuYbxkmD+ZuBXspM2BrRLFwUaBhpGeukORG7cYE2SSbdYVFX85Te4una/+L -Z0WcWDyzSy4MnsSLjMILWV3RhvXkL7ASA/dOnA7+d50GATIYwwpYKte9GzKZfUH/ -ADa1y47ZsJOtBn1cS4HOzWBHqao6WF7mcENE9UQtfPhU3IUmLgeypki47ZNqyGw= +MIICWDCCAUACAQAwEzERMA8GA1UEAxMIcmVnaXN0cnkwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQC54E0j0R6iNQQ1c498w+oJxXXwVVSx5FnYx+3A+lyO +OMQ0zzkL3n88NCKPg4dgLktXKoxFqTObEtLDeO/dDZtxBQuhmGuMCDcXpBJnOewD +TmKKP9vTxx4ys4SFdJGcubjQnL/qz8wBaHyUkfKjSPME9evX03ky7/KKAefPDXQ1 +ijF+wrBg8t5E83VsPLVKZ9Ir/DDbKT3LvrtS03tI4rnDr+uJkLa91YS9H1ZwkrHv +qmUPqqzl3EjSMAgYZq6aWidArvIKVDNHkvHGJuLHzFKZ7WNc95LWfuPFjvP7OC9B +QA02wLcC1ma9BoLS2CYzYtHHaaAwQf4Yei9QhorrRhAfAgMBAAGgADANBgkqhkiG +9w0BAQUFAAOCAQEAUyNSKcG+5kI2P4AozH+S1xGBgZqyiTyOw8XhwY2XxOzD2pgA +wRvwS8kEKef28myjJtaQFo6FgxsFaXH4LAx8WxeOwjNG6E5io1yVmxUcTX05rjTp +KEaA+usw8Dgr8yWnw4V70/5rHtjO6eTZyO/HJgDDo6MuQRZBOC8TnL/fs0PMAsJC +d9c81IOZuCJaEx/lB+V0lju0FRwRtdPUlWVHwIpW+FMbFN2l1Dx+1DeaLSFJ5x2f +UCC0uOv14nfzJfBECThR6lDHomRM8HdviTBcx/1qQBX92j2K8sOAWExGnXlQr7xl +gUlxHuZc5x2JpgtX86tfW9aQspr4fW+2MndiKw== -----END CERTIFICATE REQUEST----- From 15ce5e0766051bd7ad56f855f16820edaebc6bbd Mon Sep 17 00:00:00 2001 From: Alex Collins Date: Sat, 8 Nov 2014 23:46:21 +0000 Subject: [PATCH 15/18] 1 --- docker-auth-registry/nginx/Dockerfile | 10 ++-- docker-auth-registry/nginx/ca-key.pem | 30 +++++++++++ docker-auth-registry/nginx/ca.pem | 36 ++++++------- docker-auth-registry/nginx/ca.srl | 2 +- .../nginx/docker-registry.htpasswd | 2 +- docker-auth-registry/nginx/nginx.htpasswd | 1 + .../nginx/{nginx.conf => registry} | 24 +++------ docker-auth-registry/nginx/server-cert.pem | 26 +++++----- docker-auth-registry/nginx/server-key.pem | 50 +++++++++---------- docker-auth-registry/nginx/server.csr | 24 ++++----- 10 files changed, 113 insertions(+), 92 deletions(-) create mode 100644 docker-auth-registry/nginx/nginx.htpasswd rename docker-auth-registry/nginx/{nginx.conf => registry} (65%) diff --git a/docker-auth-registry/nginx/Dockerfile b/docker-auth-registry/nginx/Dockerfile index c425f4dea..411ec995a 100644 --- a/docker-auth-registry/nginx/Dockerfile +++ b/docker-auth-registry/nginx/Dockerfile @@ -1,12 +1,12 @@ FROM dockerfile/nginx -ADD server-cert.pem /etc/ssl/certs/docker-registry -ADD server-key.pem /etc/ssl/private/docker-registry +ADD server-cert.pem /etc/ssl/certs/nginx +ADD server-key.pem /etc/ssl/private/nginx -ADD nginx.conf /etc/nginx/ -ADD docker-registry.conf /etc/nginx/ +ADD registry touch /etc/nginx/sites-available/registry +RUN ln -s ln -s /etc/nginx/sites-available/registry /etc/nginx/sites-enabled -ADD docker-registry.htpasswd /etc/nginx/ +ADD nginx.htpasswd /etc/nginx/ EXPOSE 443 diff --git a/docker-auth-registry/nginx/ca-key.pem b/docker-auth-registry/nginx/ca-key.pem index e69de29bb..041ec2794 100644 --- a/docker-auth-registry/nginx/ca-key.pem +++ b/docker-auth-registry/nginx/ca-key.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,CC08254A16592D94 + +EwbxnlBwH/Y3BkbKmD7eDqc7uAH8aTQtI4wnJH5ISpx6stwv/tdA4by+LseVISV0 +b/NQg4eZ28ANMTVVkpv4dprKASAC/YyZ1Kt1e3Omu/0or/k+Es+saU9XZKsjzgpc +XVRUb+bNnwjDyYdIFPWnapkEFnzy77Y1ZsdIda1W0Xat5oLZbPwQ7uuQ18IrvQog +Yrs9WSZLxa/npPq1/UCDyH8yU6n5RK2pY7dW18tCdP6H2hlYGOiOBImCQZXHDGC7 +7ai6Hb8Z+78FkqhsQUZTX39Y+xFNiLdtp4aolervcKtLbvD8ADL5KMSnOFd875in +QFG8m9dV0maWtZtX8PQBRVcFMKuy0+b48GhxAaWGBGL8NXGk+eEBxIkRB3plwYbl +wdyB5pnQifb4AEdNsUanB/gwPIYY9cGE8Ua54/iDDU0Pxy3dxW69hBBB5Vs2QUVA +kHv+NjyAJfTX1HzVL+2SfOJ6ANHHwuQyxOgWioVZOUzJf3LohFlUGwgoFQ8ZPGdQ +stHz+IvQi2qFVsm5JDpYD8wCW9u4G94XVAu8Xmq4q3H/M9P0sgteJoV6RONdZqnb +XuQVS8k+RI1+ZelzgGNgRbn9pDbc2wuvQnqLRhNYngptXqZwWWuv55/dU4RvyYZz +jImIupHYaXr88d9rCI6zV8Ok0OlCeD7egD+aQUmFcMiaIccXkNPxdAVeppwgyikn +JvyRgAy9hTXAWNUiPUg06iQLkGRTnb2st8rW7H7/9KlzeSQcfCDcNrMca2VGkx+T +z0+JrjARrl6lMl5AGPDkb5U23XnU//58pLBQHoDGLpl115wE0BHqS560wg/vcmf4 +0tknwWTYmmpsjP1EBb4HmNQ4e4574hvD48PvxlV2NDF1cYGFS98mLC8SVRXlEB91 +/SdWKevyyOqRV/MC39KGstQi8jy6KF+9gLWeOROUpgc/9c+dZE3rIUoto7IopkWK +8hklNFTnF2w03ZbL3R2uUO39CoyCVVx7gzyGObcFVB2IOhz348gUf50xCe4diKrd +vwuh5sDGLRv1Iq3uCRtJhVfTmv2AozMpgg+HmJkT7COfT6BGv8hIBGUyyf4umI1Y +G47vKBhApiKBGPKE/zU6BoVXTt8/Xsve0o37v09Yz7rzKflZVmzxouGR5+GRx2XD +dsYuWbyHrdd8wE8PRd7W1DU332ebSj5DJwdWXXW4jsUQ8yPr/awuhRt6bhSQG8B8 +QtoIbu7gBn5tvuiq6IVRs8x1eUtcIlYPJvTD/hTnRLoo1LrNCjfSmN8/MqSL2bUH +MNQ+CRJc0XWGnVwkpzBvcfns8oWd/bPuLOz4DStpr7YwmABzk2OAJ31Hcc9gK0NG +Dp+f/xn8vfVcv6xm1KtoDL2nepYerGc0mYY2KVFKcElSP1r0aMneN5sjNqwCm7CU +e57r3GUW3oFyUVwSXzeRwIonvY228Qhvj0pRCkLVjnmX3tIWVdFooaBJbEuXJa9A +P0qPZjHNX6njRCYSarO5EtbWgOVVs8cyyHY25TOzUsVImgkBeUoMaFQqu7oGBIAs +4JhlYCS4Th/eaITA6h3OvH6FiI+d0ceE5c9i9vO3aqCrqeR9dJIZTMQUHnOy4gFm +-----END RSA PRIVATE KEY----- diff --git a/docker-auth-registry/nginx/ca.pem b/docker-auth-registry/nginx/ca.pem index 5d13a8a82..6f06ce285 100644 --- a/docker-auth-registry/nginx/ca.pem +++ b/docker-auth-registry/nginx/ca.pem @@ -1,23 +1,23 @@ -----BEGIN CERTIFICATE----- -MIID5jCCAs6gAwIBAgIJAMKZlxOyqvJlMA0GCSqGSIb3DQEBBQUAMFUxCzAJBgNV +MIID5jCCAs6gAwIBAgIJAO7ClRbtFEXnMA0GCSqGSIb3DQEBBQUAMFUxCzAJBgNV BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX -aWRnaXRzIFB0eSBMdGQxDjAMBgNVBAMTBW5naW54MB4XDTE0MTEwODIzMjQyMFoX -DTE1MTEwODIzMjQyMFowVTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3Rh +aWRnaXRzIFB0eSBMdGQxDjAMBgNVBAMTBW5naW54MB4XDTE0MTEwODIzNDU1NloX +DTE1MTEwODIzNDU1NlowVTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3Rh dGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEOMAwGA1UEAxMF -bmdpbngwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9uw9QacXEkB+C -QNYVPFhL3UrpiLSnNSe8pdyFNgeQ4kqhKmI5dteOG1B8v1gEDNn+sJbWoRtQbNaI -ksyr6NmfFWL3vdYDypgY74cnoVJ3OHHsGBT/MMs540jc9MgfqzlSy98Gr8Eq+Bfa -q/hS+QzuI3tI3/t20B0Pfrs4VLCydG/ZbR1CXpRBzkMl5sKQ+fQZjT3SwE0BHdn8 -EC5rSH2tHGWgm/BIZvQm7o82wv7w46ksDbuZpfhv5vg914/3aa7GPcKGNF6+LALz -omycIP3X62jpsjxohn5sICBSLpm2kSL+MqK0k61EeGVeDwgTYThORaYk/wv/QJ/4 -JNlQ104TAgMBAAGjgbgwgbUwHQYDVR0OBBYEFLQ2Pok5e+v1E2w/f4r24Jr/vAwO -MIGFBgNVHSMEfjB8gBS0Nj6JOXvr9RNsP3+K9uCa/7wMDqFZpFcwVTELMAkGA1UE +bmdpbngwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC14W2hLkozliqo +1TXFRWx+Ij64cdnUGMn6tZSGDMgdZNIqOj5jxeg0ZVRWbqYt0xVqsjw14KXuxWm+ +8h3v9f1KEanAgyrKRPB6tIXmtApp0B05xbx+jpWHU+r6zxlqI60/Szs+I7d99qF1 +xv7zrXU3aEBxEmm+S/AHa/FBXdv2v3ubZpiFOW1YBbJ4F2fVjfFJXevOQL8sydf3 +eO9QI8KauRG7JrucsmVOsBeBVWHl9KVgpu4HvbqjwuPc3DPn9YlwjcIS1DbFV3XH +dZ8qKDcaZmifl0tjkUkz92OXWTCq+z7BDVIh7yCAByNk3uCXDHBXX7ygkEwIhYFc +wBoV5loNAgMBAAGjgbgwgbUwHQYDVR0OBBYEFKisDYhDN4nDcDFEV1gkqsFQ/U27 +MIGFBgNVHSMEfjB8gBSorA2IQzeJw3AxRFdYJKrBUP1Nu6FZpFcwVTELMAkGA1UE BhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdp -ZGdpdHMgUHR5IEx0ZDEOMAwGA1UEAxMFbmdpbniCCQDCmZcTsqryZTAMBgNVHRME -BTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQC6XuA41OvXO4+l39ElKFRjKSdknL6v -kU3mjo6frgW1Vt5MJzAUuwGwGAMum/+62mv//HvbJVUhbyxkk1Iq0gChofOMMyto -I8aEeqWgubMBQJMZUQFVZr2Ye3zEZpeVwezg5RS5M74H2OqCuDwzMHo3vpXAuMrF -Sr1jCB5pMwd6kED5sOteo0pW+etgZRKg+d9IaoE5sDmFghNfaLH+ZzIHJknOarPI -1ZKt+Xa6MQWeqdez4JDGtAyL4Ujv34BHypNnFmmEZRRaJaPaO9Pi2AEOlEyzsBTk -UgPv0Oa4QA8NqRCDF621tHmmBnaINox1AORh3UVuYHXvs7DnsQK2vXmF +ZGdpdHMgUHR5IEx0ZDEOMAwGA1UEAxMFbmdpbniCCQDuwpUW7RRF5zAMBgNVHRME +BTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAMcYcPejAUfxm42GqFKXRXD6ciYT6A +gKyKfQJyajlZQStCN2MFy1lR0gRhOikb8pZZt97yyG3cGi7R9bhE32D8MqJQlzh5 +G/Nfc9PwdN3PHS+POyDn9+VjAMbSwYEfAFP9bFuMsSmpEtbkYbuwc0jp8fhdTQma +JU0hufwpUObTceUyxM4ze2Qa3bP8I2fLiTEN/MX/QGIeAtQ3fRS62p7dxXrwabc0 +WUmSYYoOa4po/54YPubiPWD77sLwwxh+fpxh3Tp2jkHqjLws9voESWMu8HsJ04eg +c1rjWszwygfTAFOyontgft3QARqX+F7LQa9X0zLWZ84ipxd5SspSWIsX -----END CERTIFICATE----- diff --git a/docker-auth-registry/nginx/ca.srl b/docker-auth-registry/nginx/ca.srl index 8a0f05e16..9e22bcb8e 100644 --- a/docker-auth-registry/nginx/ca.srl +++ b/docker-auth-registry/nginx/ca.srl @@ -1 +1 @@ -01 +02 diff --git a/docker-auth-registry/nginx/docker-registry.htpasswd b/docker-auth-registry/nginx/docker-registry.htpasswd index 29d18b5d0..8151002dd 100644 --- a/docker-auth-registry/nginx/docker-registry.htpasswd +++ b/docker-auth-registry/nginx/docker-registry.htpasswd @@ -1 +1 @@ -registry:$apr1$7T1Nc0O5$KtMdxpRxf7D2B25.k4n8c0 +registry:$apr1$czSY2tcn$x4BAkkTqRHqnpTWqDGu0h0 diff --git a/docker-auth-registry/nginx/nginx.htpasswd b/docker-auth-registry/nginx/nginx.htpasswd new file mode 100644 index 000000000..29d18b5d0 --- /dev/null +++ b/docker-auth-registry/nginx/nginx.htpasswd @@ -0,0 +1 @@ +registry:$apr1$7T1Nc0O5$KtMdxpRxf7D2B25.k4n8c0 diff --git a/docker-auth-registry/nginx/nginx.conf b/docker-auth-registry/nginx/registry similarity index 65% rename from docker-auth-registry/nginx/nginx.conf rename to docker-auth-registry/nginx/registry index 096aa23dc..7c429fc8f 100644 --- a/docker-auth-registry/nginx/nginx.conf +++ b/docker-auth-registry/nginx/registry @@ -1,10 +1,9 @@ -http { # FYI: Chunking requires nginx-extras package on Debian Wheezy and some Ubuntu versions # See chunking http://wiki.nginx.org/HttpChunkinModule # Replace with appropriate values where necessary upstream docker-registry { - server localhost:5000; + server registry:5000; } # uncomment if you want a 301 redirect for users attempting to connect @@ -18,11 +17,11 @@ upstream docker-registry { server { listen 5443; - server_name localhost; + server_name nginx; ssl on; - ssl_certificate /etc/ssl/certs/docker-registry; - ssl_certificate_key /etc/ssl/private/docker-registry; + ssl_certificate /etc/ssl/certs/nginx; + ssl_certificate_key /etc/ssl/private/nginx; client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads @@ -31,21 +30,12 @@ server { location / { auth_basic "Restricted"; - auth_basic_user_file docker-registry.htpasswd; - include docker-registry.conf; + auth_basic_user_file nginx.htpasswd; + include nginx.conf; } location /_ping { auth_basic off; - include docker-registry.conf; + include nginx.conf; } - - location /v1/_ping { - auth_basic off; - include docker-registry.conf; - } -} } -events { - worker_connections 1024; -} \ No newline at end of file diff --git a/docker-auth-registry/nginx/server-cert.pem b/docker-auth-registry/nginx/server-cert.pem index 8e7b1ab35..bd1e16285 100644 --- a/docker-auth-registry/nginx/server-cert.pem +++ b/docker-auth-registry/nginx/server-cert.pem @@ -1,18 +1,18 @@ -----BEGIN CERTIFICATE----- MIIC3DCCAcQCAQIwDQYJKoZIhvcNAQEFBQAwVTELMAkGA1UEBhMCQVUxEzARBgNV BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 -ZDEOMAwGA1UEAxMFbmdpbngwHhcNMTQxMTA4MjMyNDI2WhcNMTUxMTA4MjMyNDI2 +ZDEOMAwGA1UEAxMFbmdpbngwHhcNMTQxMTA4MjM0NjA0WhcNMTUxMTA4MjM0NjA0 WjATMREwDwYDVQQDEwhyZWdpc3RyeTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBALngTSPRHqI1BDVzj3zD6gnFdfBVVLHkWdjH7cD6XI44xDTPOQvefzw0 -Io+Dh2AuS1cqjEWpM5sS0sN4790Nm3EFC6GYa4wINxekEmc57ANOYoo/29PHHjKz -hIV0kZy5uNCcv+rPzAFofJSR8qNI8wT169fTeTLv8ooB588NdDWKMX7CsGDy3kTz -dWw8tUpn0iv8MNspPcu+u1LTe0jiucOv64mQtr3VhL0fVnCSse+qZQ+qrOXcSNIw -CBhmrppaJ0Cu8gpUM0eS8cYm4sfMUpntY1z3ktZ+48WO8/s4L0FADTbAtwLWZr0G -gtLYJjNi0cdpoDBB/hh6L1CGiutGEB8CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA -ghLkKO99yjoMV/UozhAd1mOLiMecgxT3PfURBECnwghnr1AtvZR0XDmvx18wqSdV -fgK9Bkm4oCD9jwZdeaKoUrkUeeFK5rftahLOQhvNfmRGhk6CtS101YVcQkpS8xE/ -HfXNLaHS9eofAky/DLiVxzl2NIScMooCIaCjl/AXChDC3UmtlewoEUCAow8DzKwt -SXcdc6OlpPXW+9TGhTjnweK4tuehQIQTCT6F6Fr9kpgSlCZ+P2Mwp9AJfh0zbBGs -zEukHeY9RHl5cppF/pHeNFikOO2V5iZ0XrdRwcMqjUmCJKphO+2+pR0buAjwBWHU -vDAL1d0OWPT7tSzm4g1m6A== +AQoCggEBALKNod0blw/bw98Zw9IbZ0s7UJ+Oibn9khGgb6ARvHoBfG4fZDLA8NgG +7mR+rxKR8eVsPCjhvivlk27XVEtwEWLfCzbyJaoqpZnbevNY7c1R1GBw770LOjTq +chsIPZff1Oe2ad2ZfC3RrlKPGwG0KHeMjokPFQfMwhAP0zSFy8F85cfccB9JEVbI +UWhgA4zkxnj3VbPgYRu0foR0mP7LCUBfGqT+r6HA03knmfy13zB5n6aZpV6PHcFH +tDxJDUBDTFL3iNFHT2sfEG+uHqcz3Bxs81Xksul5oFZlMBWubXGP0/UcWUA81gY6 +ccgzZyWjsEa8Tdy0rQgNfcJpyDUGtrMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA +pHaDUN49pYYesQU74T2JYhyza5JSbEPiPRXK9gx8jKy076Hq5dLubM6WdX+eatDX +dw0DMjsyElWElejowIXuwOkH1b8Hm1/nZoqW9ribBDSfVHAbjJjS+ZmMlPdStFql +7SP8xcqKZW1XowLx747UVMyTe6iviePMaA4E4feT6k0+AC2P1ei8fXMULKae3Ugv +GSGfHfTCgljs+syrnotnZp9IxdzTwneUrsMJ+luhiIvKG6XYb2wymPt2WG70JWrK +oacTeASI8G9fwx/1TbBp9c/Q4rRGA8u3PhVu0I0HiBxQjAeBS/JqS5wq9huEg62u +/CA3yXPgMYOxpm9Il99pvw== -----END CERTIFICATE----- diff --git a/docker-auth-registry/nginx/server-key.pem b/docker-auth-registry/nginx/server-key.pem index 69dbf5a6f..587b2a76c 100644 --- a/docker-auth-registry/nginx/server-key.pem +++ b/docker-auth-registry/nginx/server-key.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAueBNI9EeojUENXOPfMPqCcV18FVUseRZ2MftwPpcjjjENM85 -C95/PDQij4OHYC5LVyqMRakzmxLSw3jv3Q2bcQULoZhrjAg3F6QSZznsA05iij/b -08ceMrOEhXSRnLm40Jy/6s/MAWh8lJHyo0jzBPXr19N5Mu/yigHnzw10NYoxfsKw -YPLeRPN1bDy1SmfSK/ww2yk9y767UtN7SOK5w6/riZC2vdWEvR9WcJKx76plD6qs -5dxI0jAIGGaumlonQK7yClQzR5Lxxibix8xSme1jXPeS1n7jxY7z+zgvQUANNsC3 -AtZmvQaC0tgmM2LRx2mgMEH+GHovUIaK60YQHwIDAQABAoIBADc/Es59fmRp65lT -gqdrt6k11osbYbQKEiZbri/4egAPoUms+eCsPhcPy+HqDxeoSt5amBywYNVLr/dH -f8utGrFp9X4PRo/1dSKCsrGZxqto5eL/fgAhI7mgH9hmwEzb6rGelXBeWN1mR/kE -tCCSMyEbUwDwKwrXxLf+Pv8Mmai7qu3umjSOMa4YZwYEUizuFu2zXMaODM0BL2VB -3CzgdWOes3bTt/cXHdEROi0q4LxwZS6/EZ0yLG0WlBHL0yu38qn6OhU4bSxb6sLb -X8EEP0oQqk161Kkg2EPcYWwxKzeIALeYVNWYCANwZ+QWU+2Ltra0l4zXN8QtZhdf -i8FXaOkCgYEA81FdvxZOTa8J2+HvG3ZS1EzK0yBD6tl6sk6kP5sAWJ3EIh8KU3/q -ENKr1z4dkEW+Qfrt3TqCUJgVorQIfD5EN6Ma5oK/yB4RrJZj+/nCacYRkbP+5hS2 -N4mRuIWkpvrLUckWX6CqSe6WyBii28V7C1wcFSWsAORHxqT4B1XSAL0CgYEAw5B7 -DzA4sHBZvfBmzi8ubIvhLagJ7xcJy9HYjbegqgjcssBygYmbAnf0UKeiVE9sIqv2 -nqUV2DjNTQjLG53FBtASmuuFTLosw2ijwmHZze8n6+qkWgNiRoeMnJZA6gF4BxFk -axkW5I0I2MBNqA6gw3TkjwExMT4QjPWNjYwUqAsCgYEAlzH0Yw1lUvh10+CtSA9a -oPmm/1KJYaIKkEo13iBfMrG2cs1/CSvvMsz2YyYCEOiFtVJMBLCa0aHvr87Xhvza -Pwhnat3MdnnY2boKH0Wv/TJLMJL8zdQI9rHRjyvciLZHKWcfNAUOTCqqH2TPrmkk -cIaoHKvwGg3AXDuetFAr0rECgYEAjFU9OSTtSQ8WFspPu1z3/0RRDaYrmrn5eZzX -vLosPFenp02Z3YKVDSxu0QG55q4ndqnXivgDuOjpyYGp3eNU4xKkhy7CtNBUFtUb -zfzRgok/KHd0AHO1Lc9PA35+jm0HaGr+mCuk1dSuqHs2PoZgrmFPMZ81YZSb48rB -DPWcTQkCgYBqP4m3/Gbd3k/JVjDKZm5dV14fLJSwTuszA3XwmpmF4Y50ejLplV+B -lkcumY8SSCjfYWcV36GPTT31fFzk2dNqmFk2fbYs5AerwOqb1NjVbaSS0DGYTYaL -HHv507INmrv9FkAXQyC/x1q4gMcNSr0DKhMnGR8EphxZpwGHF6nZyQ== +MIIEogIBAAKCAQEAso2h3RuXD9vD3xnD0htnSztQn46Juf2SEaBvoBG8egF8bh9k +MsDw2AbuZH6vEpHx5Ww8KOG+K+WTbtdUS3ARYt8LNvIlqiqlmdt681jtzVHUYHDv +vQs6NOpyGwg9l9/U57Zp3Zl8LdGuUo8bAbQod4yOiQ8VB8zCEA/TNIXLwXzlx9xw +H0kRVshRaGADjOTGePdVs+BhG7R+hHSY/ssJQF8apP6vocDTeSeZ/LXfMHmfppml +Xo8dwUe0PEkNQENMUveI0UdPax8Qb64epzPcHGzzVeSy6XmgVmUwFa5tcY/T9RxZ +QDzWBjpxyDNnJaOwRrxN3LStCA19wmnINQa2swIDAQABAoIBAHqoe0Jmeq7FPNhd +Xb1PX/U5iRgjFg/z1s1PFn+yz3RM4wrPe8i17H2qvUfCE0jBg5gkc2tuMHL9Yfup +5tlv4jG2oYCcdi1g4KRCN0NGmw4KIcgirT6DoPfK+poBXjaf6CVJlY5Kqxjay1Mh +xd60wXvmzd/vwXW7PrFD/cY+B4whtn9Jx9rqw7kBdb3i7F/8GNHmttlTXsdhXeM7 +AJGakIxAAAV2y4xF/eLElk2horaGvJN57BxMISPcn/HycsC7kzOLM7O3D5+aPqPr +X6XP0Ve5mcBYTR0uBnpwRC8plt4Kia5KxJKcXx6SL8sfxpDLD37cMF+YT4zNM23n +ziQML+kCgYEA7Lm0P40gD6tyPOJYMU4sst7dJ3nrc400AppzGNMQvsxnIr88kFCe +2NduZKVg4UOQ7nq4ZpoEX/nLrs+b6ltYJ4++kl0xII2fV/C9aZTYe/b6hDBXgQCb +6bOji/SE4VuU4QnsNnXUUAXEdSWp5mmoab62AREK/6G4CsgRy6G0Rs8CgYEAwRdj +zawF+cW8hOYOUD8uwU4aSj94nWkbvsOFpOxWN8lA29D0EfWmRinSIXds6ujkVITI +BIikTGg5a16pxwa/8KFo7LmLnP+GrePdfA96IDfx1OEibAJEBDRqnY3Gv6r1E5we +TfyhIxtsW6T6nX9raYCMi4QWFaf+gVojbDymit0CgYA94d3Iry+uaPcYC2NaoED3 +EWNmqmxubH8oHw/vcV1zQyPC5ZMDds/Ph6GIFeNZf7wnW1VRHPn/zOD99a+gd/h3 +fxAmWs444EzDRF9/djWRUmLyo2B8jJg1Y4xhTa5e6v3kRh/FrM+vi5JrvUjIvt4T +ppMVfEsPwErIJrzgKolh6QKBgC5N0Z0st3IiPQcRtDUCMdAhTqSne+Ejp4ejk5Tt +J+/Qz0DnZuA3rFv/A2kLHo9msfqirOSJb/zysXJSDRyxPa4SxvqdtCE+Fan1jtOF +UqAPSmrmYj7MfEsV1stZiGPGN2cwdQP2pR2qId4IPiEuwS9XqFx8nF8tHhce6oe2 +M6nxAoGAVPy22O9XqUxr9QeBANg2CG31Of+OaONEO2Cy4Sq4ZDG4D8WC3KBV6/ez +6thQhN2U/VhrxEBZpTsNNJGpaLokJlzwce7mCJg19LdMMi9QD6Zpf0X9faSOMQrj +XPdc2uyDX/LEGsSezXe/vwlp+H0CcV1j5pWLtylLHYdKm3DAgOs= -----END RSA PRIVATE KEY----- diff --git a/docker-auth-registry/nginx/server.csr b/docker-auth-registry/nginx/server.csr index b9b45eb8f..36a8adffd 100644 --- a/docker-auth-registry/nginx/server.csr +++ b/docker-auth-registry/nginx/server.csr @@ -1,15 +1,15 @@ -----BEGIN CERTIFICATE REQUEST----- MIICWDCCAUACAQAwEzERMA8GA1UEAxMIcmVnaXN0cnkwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQC54E0j0R6iNQQ1c498w+oJxXXwVVSx5FnYx+3A+lyO -OMQ0zzkL3n88NCKPg4dgLktXKoxFqTObEtLDeO/dDZtxBQuhmGuMCDcXpBJnOewD -TmKKP9vTxx4ys4SFdJGcubjQnL/qz8wBaHyUkfKjSPME9evX03ky7/KKAefPDXQ1 -ijF+wrBg8t5E83VsPLVKZ9Ir/DDbKT3LvrtS03tI4rnDr+uJkLa91YS9H1ZwkrHv -qmUPqqzl3EjSMAgYZq6aWidArvIKVDNHkvHGJuLHzFKZ7WNc95LWfuPFjvP7OC9B -QA02wLcC1ma9BoLS2CYzYtHHaaAwQf4Yei9QhorrRhAfAgMBAAGgADANBgkqhkiG -9w0BAQUFAAOCAQEAUyNSKcG+5kI2P4AozH+S1xGBgZqyiTyOw8XhwY2XxOzD2pgA -wRvwS8kEKef28myjJtaQFo6FgxsFaXH4LAx8WxeOwjNG6E5io1yVmxUcTX05rjTp -KEaA+usw8Dgr8yWnw4V70/5rHtjO6eTZyO/HJgDDo6MuQRZBOC8TnL/fs0PMAsJC -d9c81IOZuCJaEx/lB+V0lju0FRwRtdPUlWVHwIpW+FMbFN2l1Dx+1DeaLSFJ5x2f -UCC0uOv14nfzJfBECThR6lDHomRM8HdviTBcx/1qQBX92j2K8sOAWExGnXlQr7xl -gUlxHuZc5x2JpgtX86tfW9aQspr4fW+2MndiKw== +AQUAA4IBDwAwggEKAoIBAQCyjaHdG5cP28PfGcPSG2dLO1Cfjom5/ZIRoG+gEbx6 +AXxuH2QywPDYBu5kfq8SkfHlbDwo4b4r5ZNu11RLcBFi3ws28iWqKqWZ23rzWO3N +UdRgcO+9Czo06nIbCD2X39TntmndmXwt0a5SjxsBtCh3jI6JDxUHzMIQD9M0hcvB +fOXH3HAfSRFWyFFoYAOM5MZ491Wz4GEbtH6EdJj+ywlAXxqk/q+hwNN5J5n8td8w +eZ+mmaVejx3BR7Q8SQ1AQ0xS94jRR09rHxBvrh6nM9wcbPNV5LLpeaBWZTAVrm1x +j9P1HFlAPNYGOnHIM2clo7BGvE3ctK0IDX3Cacg1BrazAgMBAAGgADANBgkqhkiG +9w0BAQUFAAOCAQEAaoWg7U09ZpngxTDICY/wibPSVgrfI3pSAxTAgUjFFKh0xGU9 +Tg4cBINxIGTNoFnhA5PECyURlSb6cCRmfTP4TaAJt/O4NNNyrvEgA9jAl2pKQnnr +yV4q0vB4iy9KUwMq7HhvCm5dbmE8sMlHLGH8BwoO02Ybw9yNb84G8KvCsWU7D3mO +ElbF7WNtwfYDmQhJwnPXk++jRMk6CfSaEvkF+mEqYOJl0AZIY8MSzHEWp2Vy9MAZ +EjUGuBpAZ4q55yOvyjVNshudUb7VdpBoiIhEMVDBjRGrKpnThkbQZZ295f7I6skY +9/DrShaADMrlk+/Sif+nN5Ke7hwKMp7MqPcr/g== -----END CERTIFICATE REQUEST----- From 05d8d034a1caa9507f10b96b4628aaacec99db85 Mon Sep 17 00:00:00 2001 From: Alex Collins Date: Sun, 9 Nov 2014 10:17:42 +0000 Subject: [PATCH 16/18] moved to own project --- docker-auth-registry/README.md | 18 -------- docker-auth-registry/fig.yml | 10 ----- docker-auth-registry/nginx/Dockerfile | 13 ------ docker-auth-registry/nginx/build.sh | 19 --------- docker-auth-registry/nginx/ca-key.pem | 30 -------------- docker-auth-registry/nginx/ca.pem | 23 ----------- docker-auth-registry/nginx/ca.srl | 1 - .../nginx/docker-registry.conf | 5 --- .../nginx/docker-registry.htpasswd | 1 - docker-auth-registry/nginx/nginx.htpasswd | 1 - docker-auth-registry/nginx/registry | 41 ------------------- docker-auth-registry/nginx/server-cert.pem | 18 -------- docker-auth-registry/nginx/server-key.pem | 27 ------------ docker-auth-registry/nginx/server.csr | 15 ------- 14 files changed, 222 deletions(-) delete mode 100644 docker-auth-registry/README.md delete mode 100644 docker-auth-registry/fig.yml delete mode 100644 docker-auth-registry/nginx/Dockerfile delete mode 100755 docker-auth-registry/nginx/build.sh delete mode 100644 docker-auth-registry/nginx/ca-key.pem delete mode 100644 docker-auth-registry/nginx/ca.pem delete mode 100644 docker-auth-registry/nginx/ca.srl delete mode 100644 docker-auth-registry/nginx/docker-registry.conf delete mode 100644 docker-auth-registry/nginx/docker-registry.htpasswd delete mode 100644 docker-auth-registry/nginx/nginx.htpasswd delete mode 100644 docker-auth-registry/nginx/registry delete mode 100644 docker-auth-registry/nginx/server-cert.pem delete mode 100644 docker-auth-registry/nginx/server-key.pem delete mode 100644 docker-auth-registry/nginx/server.csr diff --git a/docker-auth-registry/README.md b/docker-auth-registry/README.md deleted file mode 100644 index 8a70b930d..000000000 --- a/docker-auth-registry/README.md +++ /dev/null @@ -1,18 +0,0 @@ -Set-up a Docker Registry with Plain Text Authentication --- -This creates a registry that runs locally with SSL and authentication set-up. - -Pre-requisites, fig (on OS-X with Homebrew): - - brew install fig - -To build: - - fig up - -Test it works: - - curl https://localhost:5443/v1/users/ -k -f --basic --user registry:registry - -Based on . - diff --git a/docker-auth-registry/fig.yml b/docker-auth-registry/fig.yml deleted file mode 100644 index 5b833325f..000000000 --- a/docker-auth-registry/fig.yml +++ /dev/null @@ -1,10 +0,0 @@ -registry: - image: registry - ports: - - "5000:5000" -nginx: - build: nginx - ports: - - "443:8443" - links: - - registry diff --git a/docker-auth-registry/nginx/Dockerfile b/docker-auth-registry/nginx/Dockerfile deleted file mode 100644 index 411ec995a..000000000 --- a/docker-auth-registry/nginx/Dockerfile +++ /dev/null @@ -1,13 +0,0 @@ -FROM dockerfile/nginx - -ADD server-cert.pem /etc/ssl/certs/nginx -ADD server-key.pem /etc/ssl/private/nginx - -ADD registry touch /etc/nginx/sites-available/registry -RUN ln -s ln -s /etc/nginx/sites-available/registry /etc/nginx/sites-enabled - -ADD nginx.htpasswd /etc/nginx/ - -EXPOSE 443 - -CMD nginx diff --git a/docker-auth-registry/nginx/build.sh b/docker-auth-registry/nginx/build.sh deleted file mode 100755 index 3b2158e88..000000000 --- a/docker-auth-registry/nginx/build.sh +++ /dev/null @@ -1,19 +0,0 @@ -#! /bin/sh -set -eu - - -echo "enter "registry" each time you are asked for a pass-phase" -echo "enter "nginx" when requested for a common name" -echo "press enter for everything else" - -htpasswd -bc docker-registry.htpasswd registry registry - -echo 01 > ca.srl -openssl genrsa -des3 -out ca-key.pem 2048 -openssl req -new -x509 -days 365 -key ca-key.pem -out ca.pem - -openssl genrsa -des3 -out server-key.pem 2048 -openssl req -subj "/CN=registry" -new -key server-key.pem -out server.csr -openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem -out server-cert.pem - -openssl rsa -in server-key.pem -out server-key.pem diff --git a/docker-auth-registry/nginx/ca-key.pem b/docker-auth-registry/nginx/ca-key.pem deleted file mode 100644 index 041ec2794..000000000 --- a/docker-auth-registry/nginx/ca-key.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,CC08254A16592D94 - -EwbxnlBwH/Y3BkbKmD7eDqc7uAH8aTQtI4wnJH5ISpx6stwv/tdA4by+LseVISV0 -b/NQg4eZ28ANMTVVkpv4dprKASAC/YyZ1Kt1e3Omu/0or/k+Es+saU9XZKsjzgpc -XVRUb+bNnwjDyYdIFPWnapkEFnzy77Y1ZsdIda1W0Xat5oLZbPwQ7uuQ18IrvQog -Yrs9WSZLxa/npPq1/UCDyH8yU6n5RK2pY7dW18tCdP6H2hlYGOiOBImCQZXHDGC7 -7ai6Hb8Z+78FkqhsQUZTX39Y+xFNiLdtp4aolervcKtLbvD8ADL5KMSnOFd875in -QFG8m9dV0maWtZtX8PQBRVcFMKuy0+b48GhxAaWGBGL8NXGk+eEBxIkRB3plwYbl -wdyB5pnQifb4AEdNsUanB/gwPIYY9cGE8Ua54/iDDU0Pxy3dxW69hBBB5Vs2QUVA -kHv+NjyAJfTX1HzVL+2SfOJ6ANHHwuQyxOgWioVZOUzJf3LohFlUGwgoFQ8ZPGdQ -stHz+IvQi2qFVsm5JDpYD8wCW9u4G94XVAu8Xmq4q3H/M9P0sgteJoV6RONdZqnb -XuQVS8k+RI1+ZelzgGNgRbn9pDbc2wuvQnqLRhNYngptXqZwWWuv55/dU4RvyYZz -jImIupHYaXr88d9rCI6zV8Ok0OlCeD7egD+aQUmFcMiaIccXkNPxdAVeppwgyikn -JvyRgAy9hTXAWNUiPUg06iQLkGRTnb2st8rW7H7/9KlzeSQcfCDcNrMca2VGkx+T -z0+JrjARrl6lMl5AGPDkb5U23XnU//58pLBQHoDGLpl115wE0BHqS560wg/vcmf4 -0tknwWTYmmpsjP1EBb4HmNQ4e4574hvD48PvxlV2NDF1cYGFS98mLC8SVRXlEB91 -/SdWKevyyOqRV/MC39KGstQi8jy6KF+9gLWeOROUpgc/9c+dZE3rIUoto7IopkWK -8hklNFTnF2w03ZbL3R2uUO39CoyCVVx7gzyGObcFVB2IOhz348gUf50xCe4diKrd -vwuh5sDGLRv1Iq3uCRtJhVfTmv2AozMpgg+HmJkT7COfT6BGv8hIBGUyyf4umI1Y -G47vKBhApiKBGPKE/zU6BoVXTt8/Xsve0o37v09Yz7rzKflZVmzxouGR5+GRx2XD -dsYuWbyHrdd8wE8PRd7W1DU332ebSj5DJwdWXXW4jsUQ8yPr/awuhRt6bhSQG8B8 -QtoIbu7gBn5tvuiq6IVRs8x1eUtcIlYPJvTD/hTnRLoo1LrNCjfSmN8/MqSL2bUH -MNQ+CRJc0XWGnVwkpzBvcfns8oWd/bPuLOz4DStpr7YwmABzk2OAJ31Hcc9gK0NG -Dp+f/xn8vfVcv6xm1KtoDL2nepYerGc0mYY2KVFKcElSP1r0aMneN5sjNqwCm7CU -e57r3GUW3oFyUVwSXzeRwIonvY228Qhvj0pRCkLVjnmX3tIWVdFooaBJbEuXJa9A -P0qPZjHNX6njRCYSarO5EtbWgOVVs8cyyHY25TOzUsVImgkBeUoMaFQqu7oGBIAs -4JhlYCS4Th/eaITA6h3OvH6FiI+d0ceE5c9i9vO3aqCrqeR9dJIZTMQUHnOy4gFm ------END RSA PRIVATE KEY----- diff --git a/docker-auth-registry/nginx/ca.pem b/docker-auth-registry/nginx/ca.pem deleted file mode 100644 index 6f06ce285..000000000 --- a/docker-auth-registry/nginx/ca.pem +++ /dev/null @@ -1,23 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID5jCCAs6gAwIBAgIJAO7ClRbtFEXnMA0GCSqGSIb3DQEBBQUAMFUxCzAJBgNV -BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX -aWRnaXRzIFB0eSBMdGQxDjAMBgNVBAMTBW5naW54MB4XDTE0MTEwODIzNDU1NloX -DTE1MTEwODIzNDU1NlowVTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3Rh -dGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEOMAwGA1UEAxMF -bmdpbngwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC14W2hLkozliqo -1TXFRWx+Ij64cdnUGMn6tZSGDMgdZNIqOj5jxeg0ZVRWbqYt0xVqsjw14KXuxWm+ -8h3v9f1KEanAgyrKRPB6tIXmtApp0B05xbx+jpWHU+r6zxlqI60/Szs+I7d99qF1 -xv7zrXU3aEBxEmm+S/AHa/FBXdv2v3ubZpiFOW1YBbJ4F2fVjfFJXevOQL8sydf3 -eO9QI8KauRG7JrucsmVOsBeBVWHl9KVgpu4HvbqjwuPc3DPn9YlwjcIS1DbFV3XH -dZ8qKDcaZmifl0tjkUkz92OXWTCq+z7BDVIh7yCAByNk3uCXDHBXX7ygkEwIhYFc -wBoV5loNAgMBAAGjgbgwgbUwHQYDVR0OBBYEFKisDYhDN4nDcDFEV1gkqsFQ/U27 -MIGFBgNVHSMEfjB8gBSorA2IQzeJw3AxRFdYJKrBUP1Nu6FZpFcwVTELMAkGA1UE -BhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdp -ZGdpdHMgUHR5IEx0ZDEOMAwGA1UEAxMFbmdpbniCCQDuwpUW7RRF5zAMBgNVHRME -BTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAMcYcPejAUfxm42GqFKXRXD6ciYT6A -gKyKfQJyajlZQStCN2MFy1lR0gRhOikb8pZZt97yyG3cGi7R9bhE32D8MqJQlzh5 -G/Nfc9PwdN3PHS+POyDn9+VjAMbSwYEfAFP9bFuMsSmpEtbkYbuwc0jp8fhdTQma -JU0hufwpUObTceUyxM4ze2Qa3bP8I2fLiTEN/MX/QGIeAtQ3fRS62p7dxXrwabc0 -WUmSYYoOa4po/54YPubiPWD77sLwwxh+fpxh3Tp2jkHqjLws9voESWMu8HsJ04eg -c1rjWszwygfTAFOyontgft3QARqX+F7LQa9X0zLWZ84ipxd5SspSWIsX ------END CERTIFICATE----- diff --git a/docker-auth-registry/nginx/ca.srl b/docker-auth-registry/nginx/ca.srl deleted file mode 100644 index 9e22bcb8e..000000000 --- a/docker-auth-registry/nginx/ca.srl +++ /dev/null @@ -1 +0,0 @@ -02 diff --git a/docker-auth-registry/nginx/docker-registry.conf b/docker-auth-registry/nginx/docker-registry.conf deleted file mode 100644 index 0e7e368f6..000000000 --- a/docker-auth-registry/nginx/docker-registry.conf +++ /dev/null @@ -1,5 +0,0 @@ -proxy_pass http://registry; -proxy_set_header Host $http_host; # required for docker client's sake -proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP -proxy_set_header Authorization ""; # see https://github.com/dotcloud/docker-registry/issues/170 -proxy_read_timeout 900; diff --git a/docker-auth-registry/nginx/docker-registry.htpasswd b/docker-auth-registry/nginx/docker-registry.htpasswd deleted file mode 100644 index 8151002dd..000000000 --- a/docker-auth-registry/nginx/docker-registry.htpasswd +++ /dev/null @@ -1 +0,0 @@ -registry:$apr1$czSY2tcn$x4BAkkTqRHqnpTWqDGu0h0 diff --git a/docker-auth-registry/nginx/nginx.htpasswd b/docker-auth-registry/nginx/nginx.htpasswd deleted file mode 100644 index 29d18b5d0..000000000 --- a/docker-auth-registry/nginx/nginx.htpasswd +++ /dev/null @@ -1 +0,0 @@ -registry:$apr1$7T1Nc0O5$KtMdxpRxf7D2B25.k4n8c0 diff --git a/docker-auth-registry/nginx/registry b/docker-auth-registry/nginx/registry deleted file mode 100644 index 7c429fc8f..000000000 --- a/docker-auth-registry/nginx/registry +++ /dev/null @@ -1,41 +0,0 @@ -# FYI: Chunking requires nginx-extras package on Debian Wheezy and some Ubuntu versions -# See chunking http://wiki.nginx.org/HttpChunkinModule -# Replace with appropriate values where necessary - -upstream docker-registry { - server registry:5000; -} - -# uncomment if you want a 301 redirect for users attempting to connect -# on port 80 -# NOTE: docker client will still fail. This is just for convenience -# server { -# listen *:80; -# server_name my.docker.registry.com; -# return 301 https://$server_name$request_uri; -# } - -server { - listen 5443; - server_name nginx; - - ssl on; - ssl_certificate /etc/ssl/certs/nginx; - ssl_certificate_key /etc/ssl/private/nginx; - - client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads - - # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486) - chunked_transfer_encoding on; - - location / { - auth_basic "Restricted"; - auth_basic_user_file nginx.htpasswd; - include nginx.conf; - } - - location /_ping { - auth_basic off; - include nginx.conf; - } -} diff --git a/docker-auth-registry/nginx/server-cert.pem b/docker-auth-registry/nginx/server-cert.pem deleted file mode 100644 index bd1e16285..000000000 --- a/docker-auth-registry/nginx/server-cert.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC3DCCAcQCAQIwDQYJKoZIhvcNAQEFBQAwVTELMAkGA1UEBhMCQVUxEzARBgNV -BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 -ZDEOMAwGA1UEAxMFbmdpbngwHhcNMTQxMTA4MjM0NjA0WhcNMTUxMTA4MjM0NjA0 -WjATMREwDwYDVQQDEwhyZWdpc3RyeTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBALKNod0blw/bw98Zw9IbZ0s7UJ+Oibn9khGgb6ARvHoBfG4fZDLA8NgG -7mR+rxKR8eVsPCjhvivlk27XVEtwEWLfCzbyJaoqpZnbevNY7c1R1GBw770LOjTq -chsIPZff1Oe2ad2ZfC3RrlKPGwG0KHeMjokPFQfMwhAP0zSFy8F85cfccB9JEVbI -UWhgA4zkxnj3VbPgYRu0foR0mP7LCUBfGqT+r6HA03knmfy13zB5n6aZpV6PHcFH -tDxJDUBDTFL3iNFHT2sfEG+uHqcz3Bxs81Xksul5oFZlMBWubXGP0/UcWUA81gY6 -ccgzZyWjsEa8Tdy0rQgNfcJpyDUGtrMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA -pHaDUN49pYYesQU74T2JYhyza5JSbEPiPRXK9gx8jKy076Hq5dLubM6WdX+eatDX -dw0DMjsyElWElejowIXuwOkH1b8Hm1/nZoqW9ribBDSfVHAbjJjS+ZmMlPdStFql -7SP8xcqKZW1XowLx747UVMyTe6iviePMaA4E4feT6k0+AC2P1ei8fXMULKae3Ugv -GSGfHfTCgljs+syrnotnZp9IxdzTwneUrsMJ+luhiIvKG6XYb2wymPt2WG70JWrK -oacTeASI8G9fwx/1TbBp9c/Q4rRGA8u3PhVu0I0HiBxQjAeBS/JqS5wq9huEg62u -/CA3yXPgMYOxpm9Il99pvw== ------END CERTIFICATE----- diff --git a/docker-auth-registry/nginx/server-key.pem b/docker-auth-registry/nginx/server-key.pem deleted file mode 100644 index 587b2a76c..000000000 --- a/docker-auth-registry/nginx/server-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAso2h3RuXD9vD3xnD0htnSztQn46Juf2SEaBvoBG8egF8bh9k -MsDw2AbuZH6vEpHx5Ww8KOG+K+WTbtdUS3ARYt8LNvIlqiqlmdt681jtzVHUYHDv -vQs6NOpyGwg9l9/U57Zp3Zl8LdGuUo8bAbQod4yOiQ8VB8zCEA/TNIXLwXzlx9xw -H0kRVshRaGADjOTGePdVs+BhG7R+hHSY/ssJQF8apP6vocDTeSeZ/LXfMHmfppml -Xo8dwUe0PEkNQENMUveI0UdPax8Qb64epzPcHGzzVeSy6XmgVmUwFa5tcY/T9RxZ -QDzWBjpxyDNnJaOwRrxN3LStCA19wmnINQa2swIDAQABAoIBAHqoe0Jmeq7FPNhd -Xb1PX/U5iRgjFg/z1s1PFn+yz3RM4wrPe8i17H2qvUfCE0jBg5gkc2tuMHL9Yfup -5tlv4jG2oYCcdi1g4KRCN0NGmw4KIcgirT6DoPfK+poBXjaf6CVJlY5Kqxjay1Mh -xd60wXvmzd/vwXW7PrFD/cY+B4whtn9Jx9rqw7kBdb3i7F/8GNHmttlTXsdhXeM7 -AJGakIxAAAV2y4xF/eLElk2horaGvJN57BxMISPcn/HycsC7kzOLM7O3D5+aPqPr -X6XP0Ve5mcBYTR0uBnpwRC8plt4Kia5KxJKcXx6SL8sfxpDLD37cMF+YT4zNM23n -ziQML+kCgYEA7Lm0P40gD6tyPOJYMU4sst7dJ3nrc400AppzGNMQvsxnIr88kFCe -2NduZKVg4UOQ7nq4ZpoEX/nLrs+b6ltYJ4++kl0xII2fV/C9aZTYe/b6hDBXgQCb -6bOji/SE4VuU4QnsNnXUUAXEdSWp5mmoab62AREK/6G4CsgRy6G0Rs8CgYEAwRdj -zawF+cW8hOYOUD8uwU4aSj94nWkbvsOFpOxWN8lA29D0EfWmRinSIXds6ujkVITI -BIikTGg5a16pxwa/8KFo7LmLnP+GrePdfA96IDfx1OEibAJEBDRqnY3Gv6r1E5we -TfyhIxtsW6T6nX9raYCMi4QWFaf+gVojbDymit0CgYA94d3Iry+uaPcYC2NaoED3 -EWNmqmxubH8oHw/vcV1zQyPC5ZMDds/Ph6GIFeNZf7wnW1VRHPn/zOD99a+gd/h3 -fxAmWs444EzDRF9/djWRUmLyo2B8jJg1Y4xhTa5e6v3kRh/FrM+vi5JrvUjIvt4T -ppMVfEsPwErIJrzgKolh6QKBgC5N0Z0st3IiPQcRtDUCMdAhTqSne+Ejp4ejk5Tt -J+/Qz0DnZuA3rFv/A2kLHo9msfqirOSJb/zysXJSDRyxPa4SxvqdtCE+Fan1jtOF -UqAPSmrmYj7MfEsV1stZiGPGN2cwdQP2pR2qId4IPiEuwS9XqFx8nF8tHhce6oe2 -M6nxAoGAVPy22O9XqUxr9QeBANg2CG31Of+OaONEO2Cy4Sq4ZDG4D8WC3KBV6/ez -6thQhN2U/VhrxEBZpTsNNJGpaLokJlzwce7mCJg19LdMMi9QD6Zpf0X9faSOMQrj -XPdc2uyDX/LEGsSezXe/vwlp+H0CcV1j5pWLtylLHYdKm3DAgOs= ------END RSA PRIVATE KEY----- diff --git a/docker-auth-registry/nginx/server.csr b/docker-auth-registry/nginx/server.csr deleted file mode 100644 index 36a8adffd..000000000 --- a/docker-auth-registry/nginx/server.csr +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICWDCCAUACAQAwEzERMA8GA1UEAxMIcmVnaXN0cnkwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQCyjaHdG5cP28PfGcPSG2dLO1Cfjom5/ZIRoG+gEbx6 -AXxuH2QywPDYBu5kfq8SkfHlbDwo4b4r5ZNu11RLcBFi3ws28iWqKqWZ23rzWO3N -UdRgcO+9Czo06nIbCD2X39TntmndmXwt0a5SjxsBtCh3jI6JDxUHzMIQD9M0hcvB -fOXH3HAfSRFWyFFoYAOM5MZ491Wz4GEbtH6EdJj+ywlAXxqk/q+hwNN5J5n8td8w -eZ+mmaVejx3BR7Q8SQ1AQ0xS94jRR09rHxBvrh6nM9wcbPNV5LLpeaBWZTAVrm1x -j9P1HFlAPNYGOnHIM2clo7BGvE3ctK0IDX3Cacg1BrazAgMBAAGgADANBgkqhkiG -9w0BAQUFAAOCAQEAaoWg7U09ZpngxTDICY/wibPSVgrfI3pSAxTAgUjFFKh0xGU9 -Tg4cBINxIGTNoFnhA5PECyURlSb6cCRmfTP4TaAJt/O4NNNyrvEgA9jAl2pKQnnr -yV4q0vB4iy9KUwMq7HhvCm5dbmE8sMlHLGH8BwoO02Ybw9yNb84G8KvCsWU7D3mO -ElbF7WNtwfYDmQhJwnPXk++jRMk6CfSaEvkF+mEqYOJl0AZIY8MSzHEWp2Vy9MAZ -EjUGuBpAZ4q55yOvyjVNshudUb7VdpBoiIhEMVDBjRGrKpnThkbQZZ295f7I6skY -9/DrShaADMrlk+/Sif+nN5Ke7hwKMp7MqPcr/g== ------END CERTIFICATE REQUEST----- From 2c6ab382369e36f750ba32e6313ea45371b24524 Mon Sep 17 00:00:00 2001 From: Alex Collins Date: Sun, 9 Nov 2014 12:26:35 +0000 Subject: [PATCH 17/18] tidy up of files --- README.md | 3 --- .../github/dockerjava/api/model/ErrorDetail.java | 8 ++++++++ .../github/dockerjava/api/model/ErrorResponse.java | 14 ++++++++++++++ .../client/AbstractDockerClientTest.java | 13 +++++++------ 4 files changed, 29 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 46c75531e..14b3c4ad5 100644 --- a/README.md +++ b/README.md @@ -15,9 +15,6 @@ Developer forum for [docker-java](https://groups.google.com/forum/?hl=de#!forum/ * Java 1.6 * Maven 3.0.5 * Docker daemon running -* Docker private repository running (see below). - -You'll need to be running a local private registry, as per [these instructions](docker-auth-registry/README.md): If you need SSL, then you'll need to put your `*.pem` file into `~/.docker/`, if you're using boot2docker, do this: diff --git a/src/main/java/com/github/dockerjava/api/model/ErrorDetail.java b/src/main/java/com/github/dockerjava/api/model/ErrorDetail.java index bc9b9bba5..8abffe6c4 100644 --- a/src/main/java/com/github/dockerjava/api/model/ErrorDetail.java +++ b/src/main/java/com/github/dockerjava/api/model/ErrorDetail.java @@ -1,4 +1,12 @@ package com.github.dockerjava.api.model; +import com.fasterxml.jackson.annotation.JsonProperty; + public class ErrorDetail { + @JsonProperty + private String message; + + public String getMessage() { + return message; + } } diff --git a/src/main/java/com/github/dockerjava/api/model/ErrorResponse.java b/src/main/java/com/github/dockerjava/api/model/ErrorResponse.java index 9993d215f..87d9b0d7f 100644 --- a/src/main/java/com/github/dockerjava/api/model/ErrorResponse.java +++ b/src/main/java/com/github/dockerjava/api/model/ErrorResponse.java @@ -1,4 +1,18 @@ package com.github.dockerjava.api.model; +import com.fasterxml.jackson.annotation.JsonProperty; + public class ErrorResponse { + @JsonProperty + private ErrorDetail errorDetail; + @JsonProperty + private String error; + + public ErrorDetail getErrorDetail() { + return errorDetail; + } + + public String getError() { + return error; + } } diff --git a/src/test/java/com/github/dockerjava/client/AbstractDockerClientTest.java b/src/test/java/com/github/dockerjava/client/AbstractDockerClientTest.java index e0d198b8d..2e94f2302 100644 --- a/src/test/java/com/github/dockerjava/client/AbstractDockerClientTest.java +++ b/src/test/java/com/github/dockerjava/client/AbstractDockerClientTest.java @@ -47,15 +47,16 @@ public void beforeTest() { } private DockerClientConfig config() { - return config(DOCKER_JAVA); + return config(null); } protected DockerClientConfig config(String password) { - return DockerClientConfig.createDefaultConfigBuilder() - .withServerAddress("http://localhost:5001") - .withUsername(DOCKER_JAVA) - .withPassword(password) - .withEmail(DOCKER_JAVA + "@github.com") + DockerClientConfig.DockerClientConfigBuilder builder = DockerClientConfig.createDefaultConfigBuilder() + .withServerAddress("https://index.docker.io/v1/"); + if (password!=null) { + builder = builder.withPassword(password); + } + return builder .build(); } From 9503bc0872cf699918263a15a746625da46a0a93 Mon Sep 17 00:00:00 2001 From: Alex Collins Date: Sun, 9 Nov 2014 21:12:12 +0000 Subject: [PATCH 18/18] updated README.md --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 8ec4c0125..6060cb978 100644 --- a/README.md +++ b/README.md @@ -81,10 +81,10 @@ There are a couple of configuration items, all of which have sensible defaults: * `url` The Docker URL, e.g. `https://localhost:2376`. * `version` The API version, e.g. `1.15`. -* `username` Your register username (required to push containers). -* `password` Your register password. -* `email` Your register email. -* `serverAddress` Your register's address. +* `username` Your registry username (required to push containers). +* `password` Your registry password. +* `email` Your registry email. +* `serverAddress` Your registry's address. * `dockerCertPath` Path to the docker certs. There are three ways to configure, in descending order of precedence: