Skip to content

Configuration

Jump to bottom
Messinger edited this page Dec 6, 2016 · 2 revisions

Authenticator

Some of these following values interact with your registry, so keep care of them! Values are set in config/settings.yml

Redmine and Gitlab

setup the redmine instance to use for authentication

redmine_url:
  default: https://your.redmine.com

setup a gitlab to use for authentication

gitlab_url:
  default: https://your.gitlab.com

Setup what of them to use. if this list is empty, no authentication is possible! eg, no Tokens will generated.

auth_modules:
  format: list
  default:
    - redmine
    - gitlab

SSL and docker registry

Following is important:

  • the docker issuer must match the issuer in your ssl certificat and inside configuration of your registry!
  • the service name must match the name in your registry config

Otherwise docker will not acccept the tokens.

# must match docker registry config! (auth.token.issuer)
# and the issuer of ssl certifcates
docker_issuer:
  default: dockerauth

# ssl related
ssl_private_key_passphrase:
  default: ''

ssl_private_key_file:
  default: config/server.key

ssl_public_crt_file:
  default: config/server.crt

# token related
# timeout in seconds a token is valid
token_timeout:
  format: int
  default: 1800

# must match docker registry config! (auth.token.service)
service_name:
  default: Docker registry

Access checks

full_access_check

  • if true, type 'catalog' may only used by admin,
  • if true and type repository, name must match redmine project id (the name) or gitlab (the path) the user is member of
  • if project matches check if read (pull) and/or write (push) is allowed
  • pull is redmine access browse_repository, push is commit_access

example:

full_access_check:
  format: bool
  default: true

admin_users

Simple admin user who may push/pull all repositories and uses catalog in browsing. This must be a user of redmine or gitlab - at this time I'll make no difference between. This user must not be an admin of redmine or gitlab installation!

admin_users:
  format: list
  default:
    - admin

Docker registry host

This is required for the browsing frontend.

docker_admin_host: default: https://your.registry.com

Clone this wiki locally