시놀로지에서 안전한 개인 Docker Registry 사용하기 

Private and Secure Docker Registry on Personal Synology NAS


References


Prerequisites or Basic Understanding of:

  • SSH is enabled on your Synology NAS and basic understanding of how to use it.
  • HTTPS is enabled on your Synology NAS, and basic understanding of certificate and key.
  • How to use Docker
  • (Optional) http basic authentication based on digest (htaccess, htdigest)

Steps:

Install Docker from Package Center and launch it.




In Docker app, go to registry section (sidebar), and search 'registry', then install the latest version (not the literal 'latest' but the biggest version number).




Before continuing to next step, create following directories inside docker/registry directory.




Copy your https certificate and key into docker/certs/. If you're using Synology's built-in Let's Encrypt certificate generator, find your certificates as below and copy them using SSH. fullchain.pem is your certificate, and privkey.pem is your key.


admin@YOURNAS:/$ sudo bash

Password: # type password

bash-4.3# cd /usr/syno/etc/certificate/_archive/

bash-4.3# ls

DEFAULT  INFO  MRDnyJ // <-- If you have just one certificate, this weird named directory contains your certificates

bash-4.3# cp MRDnyJ/fullchain.pem /volume1/docker/registry/certs/

bash-4.3# cp MRDnyJ/privkey.pem /volume1/docker/registry/certs/

bash-4.3#


Create a user using


bash-4.3# docker run --rm --entrypoint htpasswd registry:2.6.2 -Bbn testuser testpassword > /volume1/docker/registry/auth/htpasswd


Now go to Docker app, let's configure registry container and set volume forwarding, environment variables, etc. PATH in env is automatically set by the image, so we don't need to touch it. Use your desired port to forward port 443.







Now run your registry image as a container.



Test it out. (assuming my domain as mydomain.com and port 4443)


Macbook-Pro:~ SOMEONE$ docker login mydomain.com:4443

Username: testuser

Password: # write testpassword

Login Succeeded


Macbook-Pro:~ SOMEONE$ docker pull mydomain.com:4443/caffe

Using default tag: latest

latest: Pulling from caffe

660c48dd555d: Pull complete 

4c7380416e78: Pull complete 

421e436b5f80: Pull complete 

e4ce6c3651b3: Pull complete 

be588e74bd34: Pull complete 

ecc723991ca5: Pull complete 

d0e0931cb377: Downloading  235.2MB/453MB

f7899094c6d8: Download complete 

ecba77e23ded: Downloading    233MB/465.6MB

3368ca66ffe0: Download complete 

051489ba2300: Downloading  121.1MB/204.3MB

d2ecac7d867f: Waiting 

3bfc6b2f00f6: Waiting 

afb9dccb63c2: Waiting 

dc78dad1202a: Waiting 


To push:


Macbook-Pro:~ SOMEONE$ docker tag someones/something mydomain.com:4443/someones/something

Macbook-Pro:~ SOMEONE$ docker push mydomain.com:4443/someones/something