시놀로지에서 안전한 개인 Docker Registry 사용하기
Private and Secure Docker Registry on Personal Synology NAS
References
Prerequisites or Basic Understanding of:
- SSH is enabled on your Synology NAS and basic understanding of how to use it.
- HTTPS is enabled on your Synology NAS, and basic understanding of certificate and key.
- How to use Docker
- (Optional) http basic authentication based on digest (htaccess, htdigest)
Steps:
Install Docker from Package Center and launch it.
In Docker app, go to registry section (sidebar), and search 'registry', then install the latest version (not the literal 'latest' but the biggest version number).
Before continuing to next step, create following directories inside docker/registry directory.
Copy your https certificate and key into docker/certs/. If you're using Synology's built-in Let's Encrypt certificate generator, find your certificates as below and copy them using SSH. fullchain.pem is your certificate, and privkey.pem is your key.
admin@YOURNAS:/$ sudo bash
Password: # type password
bash-4.3# cd /usr/syno/etc/certificate/_archive/
bash-4.3# ls
DEFAULT INFO MRDnyJ // <-- If you have just one certificate, this weird named directory contains your certificates
bash-4.3# cp MRDnyJ/fullchain.pem /volume1/docker/registry/certs/
bash-4.3# cp MRDnyJ/privkey.pem /volume1/docker/registry/certs/
bash-4.3#
Create a user using
bash-4.3# docker run --rm --entrypoint htpasswd registry:2.6.2 -Bbn testuser testpassword > /volume1/docker/registry/auth/htpasswd
Now go to Docker app, let's configure registry container and set volume forwarding, environment variables, etc. PATH in env is automatically set by the image, so we don't need to touch it. Use your desired port to forward port 443.
Now run your registry image as a container.
Test it out. (assuming my domain as mydomain.com and port 4443)
Macbook-Pro:~ SOMEONE$ docker login mydomain.com:4443
Username: testuser
Password: # write testpassword
Login Succeeded
Macbook-Pro:~ SOMEONE$ docker pull mydomain.com:4443/caffe
Using default tag: latest
latest: Pulling from caffe
660c48dd555d: Pull complete
4c7380416e78: Pull complete
421e436b5f80: Pull complete
e4ce6c3651b3: Pull complete
be588e74bd34: Pull complete
ecc723991ca5: Pull complete
d0e0931cb377: Downloading 235.2MB/453MB
f7899094c6d8: Download complete
ecba77e23ded: Downloading 233MB/465.6MB
3368ca66ffe0: Download complete
051489ba2300: Downloading 121.1MB/204.3MB
d2ecac7d867f: Waiting
3bfc6b2f00f6: Waiting
afb9dccb63c2: Waiting
dc78dad1202a: Waiting
To push:
Macbook-Pro:~ SOMEONE$ docker tag someones/something mydomain.com:4443/someones/something
Macbook-Pro:~ SOMEONE$ docker push mydomain.com:4443/someones/something