create a private authenticated local repository

alexec · alexec · commit f4d347600f05 · 2014-11-02T23:04:54.000Z
diff --git a/README.md b/README.md
@@ -17,17 +17,7 @@ Developer forum for [docker-java](https://groups.google.com/forum/?hl=de#!forum/
 * Docker daemon running
 * Docker private repository running (see below).
 
-You'll need to be running a local private registry, as per [the quick start instructions](https://github.com/docker/docker-registry):
-
-    $ docker run -p 5000:5000 registry
-    
- If you're using boot2docker, set-up a port forward:
- 
-     $ VBoxManage controlvm boot2docker-vm natpf1 "5000,tcp,127.0.0.1,5000,,5000"
- 
-You can remove this forward later using:
- 
-     $ VBoxManage controlvm boot2docker-vm natpf1 delete 5000
+You'll need to be running a local private registry, as per [these instructions](docker-auth-registry/README.md):    
 
 The Maven build includes integration tests which are using a localhost instance of Docker and require manual setup. Make sure you have a local Docker daemon running and then provide your https://registry.hub.docker.com/account/login/ information via system properties:
 
diff --git a/build-docker-registry.sh b/build-docker-registry.sh
@@ -0,0 +1,5 @@
+#! /bin/sh
+set -eux
+
+git clone https://github.com/docker/docker-registry
+cp docker-registry/contrib/nginx/nginx_1&ndash;3&ndash;9.conf /etc/nginx/conf.d/
diff --git a/docker-auth-registry/Dockerfile b/docker-auth-registry/Dockerfile
@@ -0,0 +1,17 @@
+# https://medium.com/@deeeet/building-private-docker-registry-with-basic-authentication-with-self-signed-certificate-using-it-e6329085e612
+
+FROM registry
+
+RUN apt-get update
+RUN apt-get install -y nginx
+
+ADD nginx.conf /etc/nginx/
+ADD docker-registry.conf /etc/nginx/
+
+ADD docker-registry.htpasswd /etc/nginx/
+
+EXPOSE 5001
+
+ADD start.sh .
+
+CMD ./start.sh
diff --git a/docker-auth-registry/README.md b/docker-auth-registry/README.md
@@ -0,0 +1,8 @@
+Set-up a Docker Registry with Plain Text Authentication
+--
+
+This creates a registry that runs locally with plain text authentication set-up.
+
+	./build.sh
+	./run.sh
+	./test.sh
diff --git a/docker-auth-registry/build.sh b/docker-auth-registry/build.sh
@@ -0,0 +1,8 @@
+#! /bin/sh
+set -eux
+
+docker build -t auth-registry .
+
+if [ "$(which boot2docker)" != "" ]; then
+	VBoxManage controlvm boot2docker-vm natpf1 "5001,tcp,127.0.0.1,5001,,5001" || true
+fi
diff --git a/docker-auth-registry/docker-registry.conf b/docker-auth-registry/docker-registry.conf
@@ -0,0 +1,5 @@
+proxy_pass                       http://docker-registry;
+proxy_set_header  Host           $http_host;   # required for docker client's sake
+proxy_set_header  X-Real-IP      $remote_addr; # pass on real client's IP
+proxy_set_header  Authorization  ""; # see https://github.com/dotcloud/docker-registry/issues/170
+proxy_read_timeout               900;
diff --git a/docker-auth-registry/docker-registry.htpasswd b/docker-auth-registry/docker-registry.htpasswd
@@ -0,0 +1 @@
+docker-java:$apr1$nhxYQXIn$s93lYeFNs66YAXwQerlHL0
diff --git a/docker-auth-registry/nginx.conf b/docker-auth-registry/nginx.conf
@@ -0,0 +1,44 @@
+http {
+# FYI: Chunking requires nginx-extras package on Debian Wheezy and some Ubuntu versions
+# See chunking http://wiki.nginx.org/HttpChunkinModule
+# Replace with appropriate values where necessary
+
+upstream docker-registry {
+  server localhost:5000;
+}
+
+# uncomment if you want a 301 redirect for users attempting to connect
+# on port 80
+# NOTE: docker client will still fail. This is just for convenience
+# server {
+#   listen *:80;
+#   server_name my.docker.registry.com;
+#   return 301 https://$server_name$request_uri;
+# }
+
+server {
+  listen 5001;
+  server_name my.docker.registry.com;
+
+  client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads
+
+  location / {
+    auth_basic            "Restricted";
+    auth_basic_user_file  docker-registry.htpasswd;
+    include               docker-registry.conf;
+  }
+
+  location /_ping {
+    auth_basic off;
+    include               docker-registry.conf;
+  }
+
+  location /v1/_ping {
+    auth_basic off;
+    include               docker-registry.conf;
+  }
+}
+}
+events {
+    worker_connections  1024;
+}
diff --git a/docker-auth-registry/run.sh b/docker-auth-registry/run.sh
@@ -0,0 +1,6 @@
+#! /bin/sh
+set -eux
+
+docker kill $(docker ps -q) || true
+
+docker run -p 5001:5001 auth-registry
diff --git a/docker-auth-registry/start.sh b/docker-auth-registry/start.sh
@@ -0,0 +1,8 @@
+#! /bin/sh
+set -eux
+
+docker-registry &
+nginx
+
+wait
+
diff --git a/docker-auth-registry/test.sh b/docker-auth-registry/test.sh
@@ -0,0 +1,6 @@
+#! /bin/sh
+set -eux
+
+curl http://localhost:5001/v1/_ping 
+curl http://localhost:5001/v1/users/ --basic --user docker-java:docker-java
+
diff --git a/src/test/java/com/github/dockerjava/client/AbstractDockerClientTest.java b/src/test/java/com/github/dockerjava/client/AbstractDockerClientTest.java
@@ -31,14 +31,7 @@ public abstract class AbstractDockerClientTest extends Assert {
 	public void beforeTest()  {
 		LOG.info("======================= BEFORETEST =======================");
 		LOG.info("Connecting to Docker server");
-		dockerClient = DockerClientBuilder.getInstance(
-                DockerClientConfig.createDefaultConfigBuilder()
-                        .withServerAddress("http://localhost:5000")
-                        .withUsername("docker-java")
-                        .withPassword("docker-java")
-                        .withEmail("docker-java@github.com")
-                        .build()
-                )
+		dockerClient = DockerClientBuilder.getInstance(config())
 				.withDockerCmdExecFactory(dockerCmdExecFactory)
 				.build();
 
@@ -52,7 +45,20 @@ public void beforeTest()  {
 		LOG.info("======================= END OF BEFORETEST =======================\n\n");
 	}
 
-	public void afterTest() {
+    private DockerClientConfig config() {
+        return config("docker-java");
+    }
+
+    protected DockerClientConfig config(String password) {
+        return DockerClientConfig.createDefaultConfigBuilder()
+                .withServerAddress("http://localhost:5001")
+                .withUsername("docker-java")
+                .withPassword(password)
+                .withEmail("docker-java@github.com")
+                .build();
+    }
+
+    public void afterTest() {
 		LOG.info("======================= END OF AFTERTEST =======================");
 	}
 
diff --git a/src/test/java/com/github/dockerjava/core/command/AuthCmdImplTest.java b/src/test/java/com/github/dockerjava/core/command/AuthCmdImplTest.java
@@ -1,21 +1,15 @@
 package com.github.dockerjava.core.command;
 
-import com.github.dockerjava.api.DockerClient;
 import com.github.dockerjava.api.DockerException;
 import com.github.dockerjava.api.UnauthorizedException;
 import com.github.dockerjava.api.model.AuthResponse;
 import com.github.dockerjava.client.AbstractDockerClientTest;
 import com.github.dockerjava.core.DockerClientBuilder;
-import com.github.dockerjava.core.DockerClientConfig;
 import org.testng.ITestResult;
 import org.testng.annotations.*;
 
 import java.lang.reflect.Method;
 
-import static org.hamcrest.MatcherAssert.assertThat;
-import static org.hamcrest.core.IsNot.not;
-import static org.hamcrest.core.StringContains.containsString;
-
 @Test(groups = "integration")
 public class AuthCmdImplTest extends AbstractDockerClientTest {
 
@@ -43,19 +37,17 @@ public void afterMethod(ITestResult result) {
 	public void testAuth() throws Exception {
         AuthResponse response = dockerClient.authCmd().exec();
 
-        assertThat(response.getStatus(), not(containsString("Account created")));
+        assertEquals(response.getStatus(), "Login Succeeded");
     }
 
 	@Test
 	public void testAuthInvalid() throws Exception {
-		DockerClientConfig config = DockerClientConfig.createDefaultConfigBuilder().withPassword("garbage").build();
-		DockerClient client = DockerClientBuilder.getInstance(config).withDockerCmdExecFactory(dockerCmdExecFactory).build();
-        
-		try {
-			client.authCmd().exec();
+
+        try {
+			DockerClientBuilder.getInstance(config("garbage")).build().authCmd().exec();
             fail("Expected a UnauthorizedException caused by a bad password.");
 		} catch (UnauthorizedException e) {
-			
+			assertEquals(e.getMessage(), "Wrong login/password, please try again\n");
 		} 
 	}
 }

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +#! /bin/sh
 +set -eux
++
 +git clone https://github.com/docker/docker-registry
 +cp docker-registry/contrib/nginx/nginx_1–3–9.conf /etc/nginx/conf.d/
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+docker-java:$apr1$nhxYQXIn$s93lYeFNs66YAXwQerlHL0`