2023-05-19 11:11:34 +02:00
|
|
|
# To configure Docker Registry to talk to this server, put the following in the registry config file:
|
|
|
|
|
#
|
|
|
|
|
# auth:
|
|
|
|
|
# token:
|
|
|
|
|
# realm: "https://127.0.0.1:5001/auth"
|
|
|
|
|
# service: "Docker registry"
|
|
|
|
|
# issuer: "Acme auth server"
|
|
|
|
|
# autoredirect: false
|
|
|
|
|
# rootcertbundle: "/path/to/server.pem"
|
|
|
|
|
|
|
|
|
|
server: # Server settings.
|
|
|
|
|
addr: ":5001"
|
|
|
|
|
|
|
|
|
|
token: # Settings for the tokens.
|
|
|
|
|
issuer: "docker-auth" # Must match issuer in the Registry config.
|
|
|
|
|
expiration: 900
|
|
|
|
|
certificate: "/server.pem"
|
|
|
|
|
key: "/server.key"
|
|
|
|
|
|
|
|
|
|
users:
|
|
|
|
|
# {% for entry in registry.auth %}
|
|
|
|
|
"{{ entry.user }}":
|
|
|
|
|
password: "{{ entry.password }}"
|
|
|
|
|
# {% endfor %}
|
|
|
|
|
"": {}
|
|
|
|
|
|
|
|
|
|
acl:
|
|
|
|
|
- match: {account: "tobi"}
|
|
|
|
|
actions: ["*"]
|
|
|
|
|
comment: "Admin has full access to everything."
|
|
|
|
|
- match: {account: "user"}
|
|
|
|
|
actions: ["*"] # todo: Split off gitea
|
|
|
|
|
comment: "User \"user\" can pull stuff."
|
|
|
|
|
- match: {account: "", name: "public/*"}
|
|
|
|
|
actions: ["pull"]
|
|
|
|
|
comment: "Allow everyone to pull public/"
|
2023-08-21 15:42:27 +02:00
|
|
|
- match: {account: "", name: "git"}
|
|
|
|
|
actions: ["pull"]
|
|
|
|
|
comment: "Allow everyone to pull the git image"
|
