welshstew · April 3, 2025 19:23
diff --git a/create-htpasswd-and-scp.txt b/create-htpasswd-and-scp.txt
 htpasswd -bc docker-registry.htpasswd admin admin
 scp docker-registry.htpasswd admin@${NAS_IP}:/share/CACHEDEV1_DATA/Container/container-station-data/application/registry/nginx/
diff --git a/curl-registry-401.txt b/curl-registry-401.txt
 [user@host ~]$ curl -k https://${NAS_IP}:6088/v2/_catalog
 <html>
 <head><title>401 Authorization Required</title></head>
 <body bgcolor="white">
 <center><h1>401 Authorization Required</h1></center>
 <hr><center>nginx/1.13.12</center>
 </body>
 </html>
diff --git a/curl-registry-auth-200.txt b/curl-registry-auth-200.txt
 [user@host ~]$ curl -k -u admin:admin https://${NAS_IP}:6088/v2/_catalog
 {"repositories":["admin/busybox"]}
diff --git a/curl-registry-noauth.txt b/curl-registry-noauth.txt
 [user@host ~]$ curl -k https://${NAS_IP}:6088/v2/_catalog
 {"repositories":["admin/busybox"]}
diff --git a/registry-config.yml b/registry-config.yml
 networks: {}
 services:
  app:
    environment:
      REGISTRY_HTTP_SECRET: qnap-sw2-registry
      REGISTRY_REDIS_ADDR: cache:6379
      REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR: redis
      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data/registry
    image: registry:2.6.2
    volumes:
    - registry-data:/data/registry
  cache:
    image: redis:4.0
  web:
    image: nginx:1.13
    ports:
    - 6088:5000
    volumes:
    - ./nginx:/etc/nginx
    - /etc/docker/tls/server-cert.pem:/etc/ssl/certs/docker-registry
    - /etc/docker/tls/server-key.pem:/etc/ssl/private/docker-registry
 version: '2'
 volumes:
  registry-data: null
diff --git a/registry.conf b/registry.conf
 upstream docker-registry {
  server app:5000;
 }

 server {
  listen 5000;
  server_name localhost;

  ssl on;
  ssl_certificate /etc/ssl/certs/docker-registry;
  ssl_certificate_key /etc/ssl/private/docker-registry;

  # disable any limits to avoid HTTP 413 for large image uploads
  client_max_body_size 0;

  # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
  chunked_transfer_encoding on;

  location / {
 #    auth_basic "Docker Registry";
 #    auth_basic_user_file docker-registry.htpasswd;

    include docker-registry.conf;
  }

  location /v1/_ping {
    auth_basic off;
    include docker-registry.conf;
  }

  location /v1/users {
    auth_basic off;
    include docker-registry.conf;
  }
 }
diff --git a/usage.txt b/usage.txt
 Usage
 On QTS Container Station:

 Create application registry by [Create Container] → [Create Registry].
 Add Registry to searching list by [Preferences] → [Registry] → [Add] that URL is https://NAS_IP:6088 and check Trust SSL.
 Others:

 Add certificate to your Docker trusty list:
 $ mkdir -p /etc/docker/certs.d/NAS_IP:6088
 $ scp admin@NAS_IP:/etc/docker/tls/ca.pem /etc/docker/certs.d/NAS_IP:6088/ca.crt
 Push an image to the Registry:
 $ docker pull busybox:latest
 $ docker tag busybox NAS_IP:6088/username/busybox
 $ docker push NAS_IP:6088/username/busybox
	htpasswd -bc docker-registry.htpasswd admin admin
	scp docker-registry.htpasswd admin@${NAS_IP}:/share/CACHEDEV1_DATA/Container/container-station-data/application/registry/nginx/
	[user@host ~]$ curl -k https://${NAS_IP}:6088/v2/_catalog
	<html>
	<head><title>401 Authorization Required</title></head>
	<body bgcolor="white">
	<center><h1>401 Authorization Required</h1></center>
	<hr><center>nginx/1.13.12</center>
	</body>
	</html>
	[user@host ~]$ curl -k -u admin:admin https://${NAS_IP}:6088/v2/_catalog
	{"repositories":["admin/busybox"]}
	networks: {}
	services:
	app:
	environment:
	REGISTRY_HTTP_SECRET: qnap-sw2-registry
	REGISTRY_REDIS_ADDR: cache:6379
	REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR: redis
	REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data/registry
	image: registry:2.6.2
	volumes:
	- registry-data:/data/registry
	cache:
	image: redis:4.0
	web:
	image: nginx:1.13
	ports:
	- 6088:5000
	volumes:
	- ./nginx:/etc/nginx
	- /etc/docker/tls/server-cert.pem:/etc/ssl/certs/docker-registry
	- /etc/docker/tls/server-key.pem:/etc/ssl/private/docker-registry
	version: '2'
	volumes:
	registry-data: null
	upstream docker-registry {
	server app:5000;
	}

	server {
	listen 5000;
	server_name localhost;

	ssl on;
	ssl_certificate /etc/ssl/certs/docker-registry;
	ssl_certificate_key /etc/ssl/private/docker-registry;

	# disable any limits to avoid HTTP 413 for large image uploads
	client_max_body_size 0;

	# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
	chunked_transfer_encoding on;

	location / {
	# auth_basic "Docker Registry";
	# auth_basic_user_file docker-registry.htpasswd;

	include docker-registry.conf;
	}

	location /v1/_ping {
	auth_basic off;
	include docker-registry.conf;
	}

	location /v1/users {
	auth_basic off;
	include docker-registry.conf;
	}
	}
	Usage
	On QTS Container Station:

	Create application registry by [Create Container] → [Create Registry].
	Add Registry to searching list by [Preferences] → [Registry] → [Add] that URL is https://NAS_IP:6088 and check Trust SSL.
	Others:

	Add certificate to your Docker trusty list:
	$ mkdir -p /etc/docker/certs.d/NAS_IP:6088
	$ scp admin@NAS_IP:/etc/docker/tls/ca.pem /etc/docker/certs.d/NAS_IP:6088/ca.crt
	Push an image to the Registry:
	$ docker pull busybox:latest
	$ docker tag busybox NAS_IP:6088/username/busybox
	$ docker push NAS_IP:6088/username/busybox