forked from TrueCloudLab/distribution
Document usage of htpasswd access controller
Signed-off-by: Stephen J Day <stephen.day@docker.com>
This commit is contained in:
parent
0f654c25ac
commit
01f730ad71
1 changed files with 49 additions and 0 deletions
|
@ -108,6 +108,9 @@ auth:
|
||||||
service: token-service
|
service: token-service
|
||||||
issuer: registry-token-issuer
|
issuer: registry-token-issuer
|
||||||
rootcertbundle: /root/certs/bundle
|
rootcertbundle: /root/certs/bundle
|
||||||
|
htpasswd:
|
||||||
|
realm: basic-realm
|
||||||
|
path: /path/to/htpasswd
|
||||||
middleware:
|
middleware:
|
||||||
registry:
|
registry:
|
||||||
- name: ARegistryMiddleware
|
- name: ARegistryMiddleware
|
||||||
|
@ -600,6 +603,9 @@ auth:
|
||||||
service: token-service
|
service: token-service
|
||||||
issuer: registry-token-issuer
|
issuer: registry-token-issuer
|
||||||
rootcertbundle: /root/certs/bundle
|
rootcertbundle: /root/certs/bundle
|
||||||
|
htpasswd:
|
||||||
|
realm: basic-realm
|
||||||
|
path: /path/to/htpasswd
|
||||||
```
|
```
|
||||||
|
|
||||||
The `auth` option is **optional**. There are
|
The `auth` option is **optional**. There are
|
||||||
|
@ -710,6 +716,49 @@ public part of the certificates that is used to sign authentication tokens.
|
||||||
|
|
||||||
For more information about Token based authentication configuration, see the [specification.]
|
For more information about Token based authentication configuration, see the [specification.]
|
||||||
|
|
||||||
|
### htpasswd
|
||||||
|
|
||||||
|
The _htpasswd_ authentication backed allows one to configure basic auth using an
|
||||||
|
[Apache HTPasswd File](http://httpd.apache.org/docs/2.4/programs/htpasswd.html).
|
||||||
|
Only [`bcrypt`](http://en.wikipedia.org/wiki/Bcrypt) format passwords are
|
||||||
|
supported. Entries with other hash types will be ignored. The htpasswd file is
|
||||||
|
loaded once, at startup. If the file is invalid, the registry will display and
|
||||||
|
error and will not start.
|
||||||
|
|
||||||
|
> __WARNING:__ This authentication scheme should only be used with TLS
|
||||||
|
> configured, since basic authentication sends passwords as part of the http
|
||||||
|
> header.
|
||||||
|
|
||||||
|
<table>
|
||||||
|
<tr>
|
||||||
|
<th>Parameter</th>
|
||||||
|
<th>Required</th>
|
||||||
|
<th>Description</th>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>realm</code>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
yes
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
The realm in which the registry server authenticates.
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>path</code>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
yes
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
Path to htpasswd file to load at startup.
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
|
||||||
## middleware
|
## middleware
|
||||||
|
|
||||||
The `middleware` option is **optional**. Use this option to inject middleware at
|
The `middleware` option is **optional**. Use this option to inject middleware at
|
||||||
|
|
Loading…
Reference in a new issue