From wgordonw1 at gmail.com Tue Oct 27 16:17:09 2015 From: wgordonw1 at gmail.com (gordon) Date: Tue, 27 Oct 2015 18:17:09 -0400 Subject: [Containers] serve portus and registry with same fqdn Message-ID: I am not sure from reading the docs if it is possible to serve portus and the registry with one dns name. For example, using nginx to host " portus-registry-combined.internal.example.com" where the namespace /v2/ is sent to docker distribution and everything else gets passed to portus? The docker-compose file at https://github.com/SUSE/Portus/blob/master/docker-compose.yml doesn't seem to do this so I wanted to check if there is a technical limitation before I attempt to throw something together. Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: From wgordonw1 at gmail.com Tue Oct 27 16:17:33 2015 From: wgordonw1 at gmail.com (gordon) Date: Tue, 27 Oct 2015 18:17:33 -0400 Subject: [Containers] portus client certificates Message-ID: I've just found this project and it looks amazing. Now I am trying to figure out how I can setup auth for my environment. How would I go about using client certificate authentication with portus? My CI runner is automatically given a cert from the local certificate authority. It would be best if I could use this to authenticate the builder so it can push images without requiring me to configure and securely pass user/pass for each project the runner builds. Ideally, auth would allow for client cert or ldap auth. Is this possible? So that a user can log in with their ldap creds and the server can push with the client certificate configured for the docker client? -------------- next part -------------- An HTML attachment was scrubbed... URL: From fcastelli at suse.com Wed Oct 28 03:20:08 2015 From: fcastelli at suse.com (Flavio Castelli) Date: Wed, 28 Oct 2015 10:20:08 +0100 Subject: [Containers] portus client certificates In-Reply-To: References: Message-ID: <56309348.5020508@suse.com> On 10/27/2015 11:17 PM, gordon wrote: > How would I go about using client certificate authentication with portus? > My CI runner is automatically given a cert from the local certificate > authority. It would be best if I could use this to authenticate the > builder so it can push images without requiring me to configure and > securely pass user/pass for each project the runner builds. To push images you have to use the Docker engine. Right the Docker engine authenticates only with a username and password. > Ideally, auth would allow for client cert or ldap auth. Is this possible? > So that a user can log in with their ldap creds and the server can push > with the client certificate configured for the docker client? As stated above this would require quite some changes both into the Docker engine and later into portus. Right now you have to create a user on Portus and then use its credentials on the CI runner. We have been thinking about other possible solutions. Would you like the possibility to create unique random passwords to give to specif applications? I'm thinking about something like Google does with "application passwords". Cheers Flavio From fcastelli at suse.com Thu Oct 29 04:11:50 2015 From: fcastelli at suse.com (Flavio Castelli) Date: Thu, 29 Oct 2015 11:11:50 +0100 Subject: [Containers] serve portus and registry with same fqdn In-Reply-To: References: Message-ID: <5631F0E6.2080602@suse.com> On 10/27/2015 11:17 PM, gordon wrote: > I am not sure from reading the docs if it is possible to serve portus and > the registry with one dns name. For example, using nginx to host " > portus-registry-combined.internal.example.com" where the namespace /v2/ is > sent to docker distribution and everything else gets passed to portus? It is possible, take a look at this new document explaining what needs to be done. https://github.com/SUSE/Portus/wiki/Portus-and-Docker-registry-on-the-same-FQDN-using-sub-URI Cheers Flavio