diff --git a/contrib/docker-integration/Makefile b/contrib/docker-integration/Makefile new file mode 100644 index 00000000..7e52f18d --- /dev/null +++ b/contrib/docker-integration/Makefile @@ -0,0 +1,22 @@ +.PHONY: build test + +build: + docker-compose build + +start: build + docker-compose up -d + +stop: + docker-compose stop + +clean: + docker-compose kill + docker-compose rm -f + +install: + sh ./install_certs.sh + +test: + # Run tests + +all: build diff --git a/contrib/docker-integration/README.md b/contrib/docker-integration/README.md new file mode 100644 index 00000000..af0779fe --- /dev/null +++ b/contrib/docker-integration/README.md @@ -0,0 +1,70 @@ +# Docker Registry Multi-Configuration Testing + +This compose configuration is intended to setup a testing environment for Docker +using multiple registry configurations. These configurations include different +combinations of a v1 and v2 registry as well as TLS configurations. + +### Limitations + +Currently this setup is configured to use localhost as the hostname which +limits the ease of testing within Docker since localhost is always treated +as an insecure registry. To treat localhost as secure the Docker code must +be modified. Without localhost as secure, the test cases will not distinguish +between a TLS configuration with a CA and self-signed. + +### Install Docker Compose + +1. Open a new terminal on the host with your `distribution` source. + +2. Get the `docker-compose` binary. + + $ sudo wget https://github.com/docker/compose/releases/download/1.1.0/docker-compose-`uname -s`-`uname -m` -O /usr/local/bin/docker-compose + + This command installs the binary in the `/usr/local/bin` directory. + +3. Add executable permissions to the binary. + + $ sudo chmod +x /usr/local/bin/docker-compose + +## Usage + +### Start compose setup +``` +docker-compose up +``` + +### Install Certificates +The certificates must be installed in /etc/docker/cert.d in order to use TLS client auth and use the CA certificate. +``` +sudo sh ./install_certs.sh +``` + +### Test with Docker +Tag an image as with any other private registry. Attempt to push the image. + +``` +docker pull hello-world +docker tag hello-world localhost:5440/hello-world +docker push localhost:5440/hello-world + +docker tag hello-world localhost:5441/hello-world +docker push localhost:5441/hello-world +# Perform login using user `testuser` and password `passpassword` +``` + +## Configurations + +Port | V2 | V1 | TLS | Authentication +--- | --- | --- | --- | --- +5000 | yes | yes | no | none +5001 | no | yes | no | none +5002 | yes | no | no | none +5440 | yes | yes | yes | none +5441 | yes | yes | yes | basic (testuser/passpassword) +5442 | yes | yes | yes | TLS client +5443 | yes | yes | yes | TLS client (no CA) +5444 | yes | yes | yes | TLS client + basic (testuser/passpassword) +5445 | yes | yes | yes (no CA) | none +5446 | yes | yes | yes (no CA) | basic (testuser/passpassword) +5447 | yes | yes | yes (no CA) | TLS client +5448 | yes | yes | yes (SSLv3) | none diff --git a/contrib/docker-integration/docker-compose.yml b/contrib/docker-integration/docker-compose.yml new file mode 100644 index 00000000..8a9224ce --- /dev/null +++ b/contrib/docker-integration/docker-compose.yml @@ -0,0 +1,26 @@ +nginx: + build: "nginx" + ports: + - "5000:5000" + - "5001:5001" + - "5002:5002" + - "5440:5440" + - "5441:5441" + - "5442:5442" + - "5443:5443" + - "5444:5444" + - "5445:5445" + - "5446:5446" + - "5447:5447" + - "5448:5448" + links: + - registryv1:registryv1 + - registryv2:registryv2 +registryv1: + image: registry + ports: + - "5000" +registryv2: + build: "../../" + ports: + - "5000" diff --git a/contrib/docker-integration/install_certs.sh b/contrib/docker-integration/install_certs.sh new file mode 100644 index 00000000..f120b39a --- /dev/null +++ b/contrib/docker-integration/install_certs.sh @@ -0,0 +1,34 @@ +#!/bin/sh + +hostname=$1 +if [ "$hostname" == "" ]; then + hostname="localhost" +fi + +mkdir -p /etc/docker/certs.d/$hostname:5440 +cp ./nginx/ssl/registry-ca+client-ca.pem /etc/docker/certs.d/$hostname:5440/ca.crt + +mkdir -p /etc/docker/certs.d/$hostname:5441 +cp ./nginx/ssl/registry-ca+client-ca.pem /etc/docker/certs.d/$hostname:5441/ca.crt + +mkdir -p /etc/docker/certs.d/$hostname:5442 +cp ./nginx/ssl/registry-ca+client-ca.pem /etc/docker/certs.d/$hostname:5442/ca.crt +cp ./nginx/ssl/registry-ca+client-client.pem /etc/docker/certs.d/$hostname:5442/client.cert +cp ./nginx/ssl/registry-ca+client-client-key.pem /etc/docker/certs.d/$hostname:5442/client.key + +mkdir -p /etc/docker/certs.d/$hostname:5443 +cp ./nginx/ssl/registry-ca+client-ca.pem /etc/docker/certs.d/$hostname:5443/ca.crt +cp ./nginx/ssl/registry-ca+client+bad-client.pem /etc/docker/certs.d/$hostname:5443/client.cert +cp ./nginx/ssl/registry-ca+client+bad-client-key.pem /etc/docker/certs.d/$hostname:5443/client.key + +mkdir -p /etc/docker/certs.d/$hostname:5444 +cp ./nginx/ssl/registry-ca+client-ca.pem /etc/docker/certs.d/$hostname:5444/ca.crt +cp ./nginx/ssl/registry-ca+client-client.pem /etc/docker/certs.d/$hostname:5444/client.cert +cp ./nginx/ssl/registry-ca+client-client-key.pem /etc/docker/certs.d/$hostname:5444/client.key + +mkdir -p /etc/docker/certs.d/$hostname:5447 +cp ./nginx/ssl/registry-ca+client-client.pem /etc/docker/certs.d/$hostname:5447/client.cert +cp ./nginx/ssl/registry-ca+client-client-key.pem /etc/docker/certs.d/$hostname:5447/client.key + +mkdir -p /etc/docker/certs.d/localhost:5448 +cp ./nginx/ssl/registry-ca+client-ca.pem /etc/docker/certs.d/localhost:5448/ca.crt diff --git a/contrib/docker-integration/nginx/Dockerfile b/contrib/docker-integration/nginx/Dockerfile new file mode 100644 index 00000000..148aa34b --- /dev/null +++ b/contrib/docker-integration/nginx/Dockerfile @@ -0,0 +1,8 @@ +FROM nginx:1.9 + +COPY nginx.conf /etc/nginx/nginx.conf +COPY registry.conf /etc/nginx/conf.d/registry.conf +COPY docker-registry.conf /etc/nginx/docker-registry.conf +COPY docker-registry-v2.conf /etc/nginx/docker-registry-v2.conf +COPY test.passwd /etc/nginx/test.passwd +COPY ssl /etc/nginx/ssl diff --git a/contrib/docker-integration/nginx/docker-registry-v2.conf b/contrib/docker-integration/nginx/docker-registry-v2.conf new file mode 100644 index 00000000..65c4d776 --- /dev/null +++ b/contrib/docker-integration/nginx/docker-registry-v2.conf @@ -0,0 +1,6 @@ +proxy_pass http://docker-registry-v2; +proxy_set_header Host $http_host; # required for docker client's sake +proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; +proxy_read_timeout 900; diff --git a/contrib/docker-integration/nginx/docker-registry.conf b/contrib/docker-integration/nginx/docker-registry.conf new file mode 100644 index 00000000..5b1a2d58 --- /dev/null +++ b/contrib/docker-integration/nginx/docker-registry.conf @@ -0,0 +1,7 @@ +proxy_pass http://docker-registry; +proxy_set_header Host $http_host; # required for docker client's sake +proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; +proxy_set_header Authorization ""; # see https://github.com/docker/docker-registry/issues/170 +proxy_read_timeout 900; diff --git a/contrib/docker-integration/nginx/nginx.conf b/contrib/docker-integration/nginx/nginx.conf new file mode 100644 index 00000000..63cd180d --- /dev/null +++ b/contrib/docker-integration/nginx/nginx.conf @@ -0,0 +1,27 @@ +user nginx; +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + + keepalive_timeout 65; + + include /etc/nginx/conf.d/*.conf; +} + diff --git a/contrib/docker-integration/nginx/registry.conf b/contrib/docker-integration/nginx/registry.conf new file mode 100644 index 00000000..a567cf85 --- /dev/null +++ b/contrib/docker-integration/nginx/registry.conf @@ -0,0 +1,231 @@ +# Docker registry proxy for api versions 1 and 2 + +upstream docker-registry { + server registryv1:5000; +} + +upstream docker-registry-v2 { + server registryv2:5000; +} + +# No client auth or TLS +server { + listen 5000; + server_name localhost; + + # disable any limits to avoid HTTP 413 for large image uploads + client_max_body_size 0; + + # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486) + chunked_transfer_encoding on; + + location /v2/ { + # Do not allow connections from docker 1.5 and earlier + # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents + if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) { + return 404; + } + + include docker-registry-v2.conf; + } + + location / { + include docker-registry.conf; + } +} + +# No client auth or TLS (V1 Only) +server { + listen 5001; + server_name localhost; + + # disable any limits to avoid HTTP 413 for large image uploads + client_max_body_size 0; + + # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486) + chunked_transfer_encoding on; + + location / { + include docker-registry.conf; + } +} + +# No client auth or TLS (V2 Only) +server { + listen 5002; + server_name localhost; + + # disable any limits to avoid HTTP 413 for large image uploads + client_max_body_size 0; + + # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486) + chunked_transfer_encoding on; + + location / { + include docker-registry-v2.conf; + } +} + +# TLS Configuration chart +# Username/Password: testuser/passpassword +# | ca | client | basic | notes +# 5440 | yes | no | no | Tests CA certificate +# 5441 | yes | no | yes | Tests basic auth over TLS +# 5442 | yes | yes | no | Tests client auth with client CA +# 5443 | yes | yes | no | Tests client auth without client CA +# 5444 | yes | yes | yes | Tests using basic auth + tls auth +# 5445 | no | no | no | Tests insecure using TLS +# 5446 | no | no | yes | Tests sending credentials to server with insecure TLS +# 5447 | no | yes | no | Tests client auth to insecure +# 5448 | yes | no | no | Bad SSL version + +server { + listen 5440; + server_name localhost; + ssl on; + ssl_certificate /etc/nginx/ssl/registry-ca+client-cert.pem; + ssl_certificate_key /etc/nginx/ssl/registry-ca+client-cert-key.pem; + client_max_body_size 0; + chunked_transfer_encoding on; + location /v2/ { + include docker-registry-v2.conf; + } + location / { + include docker-registry.conf; + } +} + +server { + listen 5441; + server_name localhost; + ssl on; + ssl_certificate /etc/nginx/ssl/registry-ca+client-cert.pem; + ssl_certificate_key /etc/nginx/ssl/registry-ca+client-cert-key.pem; + client_max_body_size 0; + chunked_transfer_encoding on; + location /v2/ { + auth_basic "registry.localhost"; + auth_basic_user_file test.passwd; + add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always; + include docker-registry-v2.conf; + } + location / { + auth_basic "registry.localhost"; + auth_basic_user_file test.passwd; + include docker-registry.conf; + } +} + +server { + listen 5442; + listen 5443; + server_name localhost; + ssl on; + ssl_certificate /etc/nginx/ssl/registry-ca+client-cert.pem; + ssl_certificate_key /etc/nginx/ssl/registry-ca+client-cert-key.pem; + ssl_client_certificate /etc/nginx/ssl/registry-ca+client-ca.pem; + ssl_verify_client on; + client_max_body_size 0; + chunked_transfer_encoding on; + location /v2/ { + include docker-registry-v2.conf; + } + location / { + include docker-registry.conf; + } +} + +server { + listen 5444; + server_name localhost; + ssl on; + ssl_certificate /etc/nginx/ssl/registry-ca+client-cert.pem; + ssl_certificate_key /etc/nginx/ssl/registry-ca+client-cert-key.pem; + ssl_client_certificate /etc/nginx/ssl/registry-ca+client-ca.pem; + ssl_verify_client on; + client_max_body_size 0; + chunked_transfer_encoding on; + location /v2/ { + auth_basic "registry.localhost"; + auth_basic_user_file test.passwd; + add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always; + include docker-registry-v2.conf; + } + location / { + auth_basic "registry.localhost"; + auth_basic_user_file test.passwd; + include docker-registry.conf; + } +} + +server { + listen 5445; + server_name localhost; + ssl on; + ssl_certificate /etc/nginx/ssl/registry-noca-cert.pem; + ssl_certificate_key /etc/nginx/ssl/registry-noca-cert-key.pem; + client_max_body_size 0; + chunked_transfer_encoding on; + location /v2/ { + include docker-registry-v2.conf; + } + location / { + include docker-registry.conf; + } +} + +server { + listen 5446; + server_name localhost; + ssl on; + ssl_certificate /etc/nginx/ssl/registry-noca-cert.pem; + ssl_certificate_key /etc/nginx/ssl/registry-noca-cert-key.pem; + client_max_body_size 0; + chunked_transfer_encoding on; + location /v2/ { + auth_basic "registry.localhost"; + auth_basic_user_file test.passwd; + add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always; + include docker-registry-v2.conf; + } + location / { + auth_basic "registry.localhost"; + auth_basic_user_file test.passwd; + include docker-registry.conf; + } +} + +server { + listen 5447; + server_name localhost; + ssl on; + ssl_certificate /etc/nginx/ssl/registry-noca-cert.pem; + ssl_certificate_key /etc/nginx/ssl/registry-noca-cert-key.pem; + ssl_client_certificate /etc/nginx/ssl/registry-ca+client-ca.pem; + ssl_verify_client on; + client_max_body_size 0; + chunked_transfer_encoding on; + location /v2/ { + include docker-registry-v2.conf; + } + location / { + include docker-registry.conf; + } +} + +server { + listen 5448; + server_name localhost; + ssl on; + ssl_certificate /etc/nginx/ssl/registry-ca+client-cert.pem; + ssl_certificate_key /etc/nginx/ssl/registry-ca+client-cert-key.pem; + ssl_protocols SSLv3; + client_max_body_size 0; + chunked_transfer_encoding on; + location /v2/ { + include docker-registry-v2.conf; + } + location / { + include docker-registry.conf; + } +} diff --git a/contrib/docker-integration/nginx/ssl/registry-ca+client+bad-ca.pem b/contrib/docker-integration/nginx/ssl/registry-ca+client+bad-ca.pem new file mode 100644 index 00000000..7b9aa1ea --- /dev/null +++ b/contrib/docker-integration/nginx/ssl/registry-ca+client+bad-ca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC0jCCAbygAwIBAgIRAMr82BZHNQr+D4lvPgzaVGYwCwYJKoZIhvcNAQELMBQx +EjAQBgNVBAoTCVRlc3QsIEluYzAeFw0xNDEwMTYxODIxMjRaFw0xNzA5MzAxODIx +MjRaMBQxEjAQBgNVBAoTCVRlc3QsIEluYzCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAJ0Je1XCrYUmfsKneLMztW3140CvmjAWSJ/ajsGWvKZ+y0DMpmN4 +St8wdmjxMBZb3wiYedgFyUMUKlXaq1Jjl0S0B3qPHuhvdfiXB2xF3KFLC319VHj4 +xsOHKF1bQEEYsQgD+7L8FkDYbDCkzfzXlRiw7hqPR3RxQTvtxVXsdRy1j8ygBMXX +mlVjnhj4/eS7N2d8LVtJVVC0/7I7xwQvDXrI1kdXh9tL7bHpihR5iG0+fnWSQngG +jz63+hf5TNQzTmC4/eaJyrgzB+6O9ydBDaVbUy6RizZVa0I+ZMc/Wl+KD6TIWcGW +QNE9br9ZqNn+vayuLwI4vwFG7hSXp4O5cpcCAwEAAaMjMCEwDgYDVR0PAQH/BAQD +AgCkMA8GA1UdEwEB/wQFMAMBAf8wCwYJKoZIhvcNAQELA4IBAQAnrSbVYiyJFYKB +ZgNBpMUcX9iBlBF9ZIxhFRs0Cts+IlAu+HOyrrbCYcmXf1T8E0EMicSKwvvxzl5g +7A7homkiWTed1Twod2+YmTXoMx7rCPAaWHEF3z5GCYAu7HDv9oT2FhmK8AI8hGw5 +dw2W+iYCnzZa60dffk6v1PJ69JUwPjYW+cT+yKJhaZMXJe7rDvJkAiBx8Ok/6BDR +HrIL1KbN6mnnYNIvK2WBWiu6oGWjxEBeaSCfAkWbG4RPNyrTGeafYlQnkp1dHcRw +XWiNN4k4cUU5LlMQuYElbE892m9xbmsdXs2/6eULPamypR4I9K2oAoFndpSagw9w +rfwN6qVb +-----END CERTIFICATE----- diff --git a/contrib/docker-integration/nginx/ssl/registry-ca+client+bad-client-key.pem b/contrib/docker-integration/nginx/ssl/registry-ca+client+bad-client-key.pem new file mode 100644 index 00000000..cca082c0 --- /dev/null +++ b/contrib/docker-integration/nginx/ssl/registry-ca+client+bad-client-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAvC2MLvsTGT2mNCBSRb8So3wsIJCnAOBPftmsO1MCY3oIG3Og +Jv/WCihRqgCO1vnG7wLhH45my4+/9d1EsFTg5JRSyACHnBCydFcqfXBeqJYyUfSo +hsP0iqpF7El003D3o4uMmJXArsHa4SosBhO38/niYz7adMB12gcuRoydZ7c6PVUC +aBMEBSbfjABiqJw552iUmcr3q0zvXXrg9FXgJuPU52rzis8uQnZ6zRZEAYWQoJX1 +YTWI0gBpyZpcxDgAzs5oEtYzbcpr1FQOzI1m4xxICY44VK8BcIbnwHx3hZjgl2+O +j0nYRMFtmJ0uMwhToIrLqY3Jiln4TKehvPsVIQIDAQABAoIBAC9PkEgbjeCxtEC0 +w5qPgIMj7AA//gzlWHc/CONdamNSQgmM134WolypaGbCfycjY1WiNrF1Xvjc6llJ +SUTAAk7Vz75DC9U8CXHgnGkvQE1IfdxHE7vWNnxKdQwEJ+AlLc2rfyy5sdj+Gia0 +MJ9Sg9RORhHHsqrZ3Id1eLf6EHULmEYC7+7RZXQV1Iuqo20yrVhUxXgyDN3YuQvL +4sSF7GdN1XfV721CVvqUbWNq/Gfvcb6peZoY/Pxnvlj7AwC2E/iaQn6oMwjhQBXC +hxb4oA2ByiOUAhOZvJNIB5qlRrars3a0H+Xcz9LSc/5qmYnVpZPNVJqd2Qs+Sw3P +pR827/ECgYEAyMNUBux99eKwBDjKvwUYw8Fw1u0Y+y7ht5iDJM9NC+yWPcrclYuP +xkaz55KmkEhTj2I0XEoqGcr+pu61/jPyHfd5G+AXGCP3F2OSu2kOuli18OkeXqyK +Acnslof3bDwncHEwcUkRheBuMCyhZBiAUwba6x5KwGtvjS426h8c9eUCgYEA7/PL +KekYmeVyY0uj5wo5ywaY3FhCmhfPDx32r2nl/yMKcZhkzViqZ4y2USsMkHy2fgCq +Zj6jiaq48af85vsmQhI6ylPMTVjEeinl1u5aCa6GediDxhYl5aRTNQLPkY6LXe8Y +5mYDSLfYxCDCuTVYTEXt9LYq4ZQC6lUqZhDuro0CgYEAp5+nBczpcqad7jh417rq +rW9SxrDZ/cdsAL3fKZnIK5+S5e799AK9vYAE7+HbHna1Be+p5jCqLDT4H+sJm0BF +9E1PGj4lKivFQAsMVVvnRyGQb6BEkimfZNTyq9DEfeNPzqtDFiM69Tuo5KIu8oMe +ibQcjtkQ8s4BKrCeeyYVKR0CgYB4vGLto6wNQ7Za4CSIjEyoK5mexYo9nt1A7gLC +ILbpuef3YIbYDFUx5UuXa+HWkeoBXLRg3gPLsWt9rNlEH/sQI7wRMjkKci/qiEpt +62DCnl5r0NX9RgerlROJCPEIfIEDstsEky/z1w3rIdDZAE59knI5P7Az8RXGczPy +R3LRwQKBgAOnC0x8h4XmpRwKlqS02SZ9PTGB/fZUwcKTbcyYnOwJwEFPPGb/dHhy +nv2Un8m1pjPE63Pk376g68MQF4XNfPy/wAYmhJi4KomEm8rg8QuB2H3CylYC0+Cg +ztp3XVYq/B3LWwku2+vV++2tLn3uoq1TnqSZjZphUeaOU5cBz32E +-----END RSA PRIVATE KEY----- diff --git a/contrib/docker-integration/nginx/ssl/registry-ca+client+bad-client.pem b/contrib/docker-integration/nginx/ssl/registry-ca+client+bad-client.pem new file mode 100644 index 00000000..1a330411 --- /dev/null +++ b/contrib/docker-integration/nginx/ssl/registry-ca+client+bad-client.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC3DCCAcagAwIBAgIRAOg6qTxxAC/TLMVh3yHFXrkwCwYJKoZIhvcNAQELMBQx +EjAQBgNVBAoTCVRlc3QsIEluYzAeFw0xNDEwMTYxODIxMjZaFw0xNzA5MzAxODIx +MjZaMBQxEjAQBgNVBAoTCVRlc3QsIEluYzCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBALwtjC77Exk9pjQgUkW/EqN8LCCQpwDgT37ZrDtTAmN6CBtzoCb/ +1gooUaoAjtb5xu8C4R+OZsuPv/XdRLBU4OSUUsgAh5wQsnRXKn1wXqiWMlH0qIbD +9IqqRexJdNNw96OLjJiVwK7B2uEqLAYTt/P54mM+2nTAddoHLkaMnWe3Oj1VAmgT +BAUm34wAYqicOedolJnK96tM71164PRV4Cbj1Odq84rPLkJ2es0WRAGFkKCV9WE1 +iNIAacmaXMQ4AM7OaBLWM23Ka9RUDsyNZuMcSAmOOFSvAXCG58B8d4WY4Jdvjo9J +2ETBbZidLjMIU6CKy6mNyYpZ+Eynobz7FSECAwEAAaMtMCswDgYDVR0PAQH/BAQD +AgCgMAwGA1UdEwEB/wQCMAAwCwYDVR0RBAQwAoIAMAsGCSqGSIb3DQEBCwOCAQEA +YyHiScRIXsEpcuRnGL5jZSetpLtaRjkckowlSJaqyCujObYmBnn73FLGV1HRcV04 +yshIIfKy0lhEDwXGBddi1dG/2qR1cM0Dm4c8C/q7ZekSXiqyKkyTlguukTqPBnvh +MjO/QAt0wlyedGqISFs3M3mQP0fow8ga3bodn+/QkA+MfxvXu1IkkQhz6jZCUH1/ +4v9qnvyzOQ2AQy+guT3qNPfTYxG4LVbw05ikHP9+pe7pOcNTkS8f8xQqaMauq0kQ +mStfKHYGMlU6FrHGiL30NBq5bIG8dAYR+C1yPQib9HqKR+WmpP+RioySLMLHUIIy +/bHpU2x9O7se3evfeGvVXw== +-----END CERTIFICATE----- diff --git a/contrib/docker-integration/nginx/ssl/registry-ca+client-ca.pem b/contrib/docker-integration/nginx/ssl/registry-ca+client-ca.pem new file mode 100644 index 00000000..69112fae --- /dev/null +++ b/contrib/docker-integration/nginx/ssl/registry-ca+client-ca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC0TCCAbugAwIBAgIQUS0bMOIDjWHV6FCW/cYLJjALBgkqhkiG9w0BAQswFDES +MBAGA1UEChMJVGVzdCwgSW5jMB4XDTE0MTAxNjE4MjEyOFoXDTE3MDkzMDE4MjEy +OFowFDESMBAGA1UEChMJVGVzdCwgSW5jMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEA4OKN3dRSySSMCVA4QWOh06aocCWO49z4H1PctwVKUHe3WCfB9BNv +8jJFZe7d5hMxOAfA5Y5wmZaQTnR5Cq8W8uaR4oozusVHgMtPGlOn65Ur5+WmlCg6 +R7Uxbs3z9KP6D1qv60W1AG2od1kU9aPrfCxp+R2h23xBLLD25r2u4vP9Wod/i4cI +oDi+2neVZlmT4eNOMarcQaOjtwadtN8XNZFh7I5OGaDplrVLyGDjlvjZfUIH/bVJ +eC4aC/M2+y/OinL1QfEfhLd2o9jQM7I0+RJdxWdNa+LDM7UhIUvQR16KKgKFto/J +7FPCIoiOq9XSiifnjuEwhIlnSxsnBAyI2QIDAQABoyMwITAOBgNVHQ8BAf8EBAMC +AKQwDwYDVR0TAQH/BAUwAwEB/zALBgkqhkiG9w0BAQsDggEBACRQw+RqBdp4yChz +e9VeS34tZHcWM9msHUqwu0snrr+Zq6HLmROaSAOWcQNoYCA3zMD/uPFvM5y25aBk +D6EKByf1RUOJTCcEAkosdd4XEAsmO4lLTzOiGbS3oz0RqNmYVuoXOco18abQl55I +avrr3GTmD1S3ZyLx/YdShQfHmhf0WjMfSReI1SIrL2YOLwKc+MDHRd1iL/mxV5BL +9QO4+51MxePG1EMyEbA1OxKdgSM1aiIlPrPu7tDsb1+LQr+U0EGr0a/cm8UQatAG +e+fWMxJY2uJPBo+xskrOdm6ZSWDhpy/RIlK5hnuWNSV8YGqLpGGCHFdmHu1htXnn +8MltC4w= +-----END CERTIFICATE----- diff --git a/contrib/docker-integration/nginx/ssl/registry-ca+client-cert-key.pem b/contrib/docker-integration/nginx/ssl/registry-ca+client-cert-key.pem new file mode 100644 index 00000000..30adce16 --- /dev/null +++ b/contrib/docker-integration/nginx/ssl/registry-ca+client-cert-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA6PKtNbZcCOWJgimXnLZt7IVfvOFs/TtDf0wViiXXUN9oDSTk +zZISLnlUV0fUjzWTZpxFnE0CRIoqH7d3NTJw0E7I4bChqKMOOQCB9cJFtpQkdiRb +rbHYED62i3T+ZYwUrkYaVBCe69oWAc//0vqc/nrutrqYYRhCskb1jipBKO+byi+4 +8fbAaUsbaBcmDLVpwjLTATmAnV24Pa1kheAvEsnDyWnz/SihOglTXytq21cxQ0Xl +GH0GA7i9OdUXa7xx9hP7t7lPhnEAUJnhYPVnUCYL54kwAGbIuCWUGmJpZyjnR2cp +AgsrD0j/BdWNShof1m2k1BROOFkCYGPIcTmvswIDAQABAoIBAB2ZEAb+F62NtK4U +KM5ho4/k1mhCYD3AtO/MtAPskPIWoLri0CuKfsLm6Z95YfmcPhFQk8urQTmCMJ39 +Cql4sjrVd9KtRa0OorT9aoXWXFM5eXSFZByqtyBBR6JqiBRQ+yO1hozd28Nt31P1 +oLSm4SG4bvJKvSfBFGBggbzBg6v2n86aHPHcrDvXMSPQshOne37A8d7Kq0ZWbV3u +B7BbEhiDybqEgBba8A0zetwBHMVxjsfnukVMJS25CWzmPJ3RfpCVF4tubj8dSNSi +lZxUhWHoa5S1Q3NS43YzdmppSsi+4D3298foG2wI2SnBMUiP0Xr3jgRF76qcenWh +CXzexPECgYEA8effsZlubez6gvQ5Hpq8kaWf1npJfYHWXLv/glGYnz91bT9Qrpg/ +MiAPoTBr+Wvj3OBdITDfcnL4aSdxyIJtn2FvPINDs1lDj1HDsI23SIoUtsH4f99E +cOskXTGIfVBUSuaxHU8yCkOaxZMy806S8OwTaKHI0iZqZJnEBcGJnmkCgYEA9oUx +g7QZFvs9uD2z2j3gJxWFOZduHo+n1N7RxdjTTqmNg2J2ppgBqaHv2zXJ9tgu23Ve +0HpfHzyRv2YczEAXz5iet6A/FMvzXm3Otmhf6n8t+Gu58NN/Ke3PbAm5kv5mZXG8 +ilWbYqTAS6EbsszLhkORkt4HW/UHZK6hBHL+EbsCgYEA6CSIurpvCvacAQe1uPTt +eSfkF8MKu3LZ7+xJ6xm6yTfwzIIyPxrDqqqx1RHOzHEJHnIBbVSlWgOS9/Zubukb +ohOy1/NwCLDk8Kiajtewx+AauLe0baIo3+QH5ZcfUILCIY748ROLBeaSpH/6KRuC +T8l9Zq+7NFDBUQFu58cu9eECgYEApGu71asGXPSfesX0sig42/iXjgz5DnskJm+j +HEF81mdyEmJW3tBds4VllCCxHumbfxYucgBcd1oPn8f8hyJsfzK9EZ5Y1IcfQCkf +CTxeVOoUgC9hqkV1+EI76UQnOOpi42BTrzRf2hAmjYrcDYpYaKmia4GZCPVJxBZR +IMWNvccCgYEAvkjXqVSIggzuV5sr5j0w4Odcw6DvC54kf9jxkcIOiu0X3IDqxvkJ +Z+Gb0amleMgn1qVDFOvv/f2iZPAZyuPDp2QJpDZXi0C03Oxx1IcpUzPf5Lq0rKX/ +30K/i+5uqBjc+tf7flmKPxprbTOoVqDHcfTRB8vqHKvgFzvlY9eAOqc= +-----END RSA PRIVATE KEY----- diff --git a/contrib/docker-integration/nginx/ssl/registry-ca+client-cert.pem b/contrib/docker-integration/nginx/ssl/registry-ca+client-cert.pem new file mode 100644 index 00000000..19770761 --- /dev/null +++ b/contrib/docker-integration/nginx/ssl/registry-ca+client-cert.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5DCCAc6gAwIBAgIQYJR75sBkkaDfbMixd3wqtzALBgkqhkiG9w0BAQswFDES +MBAGA1UEChMJVGVzdCwgSW5jMB4XDTE0MTAxNjE4MjEyOVoXDTE3MDkzMDE4MjEy +OVowFDESMBAGA1UEChMJVGVzdCwgSW5jMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEA6PKtNbZcCOWJgimXnLZt7IVfvOFs/TtDf0wViiXXUN9oDSTkzZIS +LnlUV0fUjzWTZpxFnE0CRIoqH7d3NTJw0E7I4bChqKMOOQCB9cJFtpQkdiRbrbHY +ED62i3T+ZYwUrkYaVBCe69oWAc//0vqc/nrutrqYYRhCskb1jipBKO+byi+48fbA +aUsbaBcmDLVpwjLTATmAnV24Pa1kheAvEsnDyWnz/SihOglTXytq21cxQ0XlGH0G +A7i9OdUXa7xx9hP7t7lPhnEAUJnhYPVnUCYL54kwAGbIuCWUGmJpZyjnR2cpAgsr +D0j/BdWNShof1m2k1BROOFkCYGPIcTmvswIDAQABozYwNDAOBgNVHQ8BAf8EBAMC +AKAwDAYDVR0TAQH/BAIwADAUBgNVHREEDTALgglsb2NhbGhvc3QwCwYJKoZIhvcN +AQELA4IBAQCxlcReoNoTqsdr/CENrA/cPE7ND2bpQxDvznIelnaCWHiTyatD/t1N +Wnw0dkEa/t2BF/uHyJHsup4jdL+jQhaNmocdW0v/o7lqktJlDvFN5Dbws0T97qbg +ke5o/PyLWkRhuq4LOXMLb4azMqZhmXAWuEyDFN8BcVeqdrhmyS3JQIuYoKmdqoXd +eTF5Z0y/BC2bcEOrEG66ro5KNc8qBFrg7CViU9jw+tEcMzo0JogcllcoMw7SK0zG +QQFt0km+NJ7Vt7jWXP9+vgak+JBS4e6w3aiyARP5R3ikOcCNQBAhNyr/RqDz2bgg +Ervse9PmrFH/5EuJ+GNUFlqadW8oM2c/ +-----END CERTIFICATE----- diff --git a/contrib/docker-integration/nginx/ssl/registry-ca+client-client-key.pem b/contrib/docker-integration/nginx/ssl/registry-ca+client-client-key.pem new file mode 100644 index 00000000..cae8472b --- /dev/null +++ b/contrib/docker-integration/nginx/ssl/registry-ca+client-client-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAvVvIq4NPfIb/Q3d/sA0C9Aui/ZA4y6VXj9eFDyhDQN3ntD/1 +Z+4bWI6VFULqAsqP7+h/5f3KH9jDeF3tvmahPfpnHSjQwz6Bx3MUzeB/9NE2AEYt +Ak8bddjzAblAAHofIQQRWSQqBoWttpNTKlxit48cGhqSaS4SOPdcsqRWd0nJJ1V3 +CpFMRjuw0mfPyG71IUlQGNbypN2hevLT5NKudlDXl07dnZHULwe/cDal8LhDLa+l +kDeWHYqKC/zcibhOGk2mnXsxxZY4H1L/SAL/hkbFqov1NrxxScMSexCPjm8gThAq +TAotlJYRo2frfxFujbcfc3TIfmdjUmF0he5H9QIDAQABAoIBAFJDKHdSUVrA7u4p +YOBjlq/cyk8rs3DNALAtqdF+5VCt1nYY/wzKhTjAoIWfDzhtNYC82atZyNBzA+Ar +thfsUAoz2U3yqFbZtdmm5hfWeuApbzNJSU5ifYSB3ngWOXa7lwBp2vuF2XgB5QiX +Eh8qCXzDACta9dYZvLLgy3WULTgeprfyR0CVxGRNv4C5BRumKIZ5hS516m5eKa79 +2n3Qusfm5GjKHpyPa1v5igPRKS5GNEG8LsQ/zF/131DiRpinCyktQ5sb6NLQEpFU +TDAyW9LblsB7fAHRI/UZvoDKzq7klGp3ap5mzzVNfzZ3FbrA/Qt8TNs56GJU1gnC +DS4f1wECgYEAx3l2ADnt8YSHunYDBBKXc21tX6qA3PgZp16RJkR4tIvuuc82gV8u +qURMxvzYc8pwsc+CqLKGuk9UDPxPUza899e403FyLb1+V8RLTseG6hvfUXcWkm+S +fOtpYCRQJVMo/+hmEHM7QFiWvfsR5AxfeEf7dIMUGqSVxfGkSfhglbUCgYEA8wR6 +5nS8FzO7twB3xQFsQNKMDUa358Lcj0DUJWEqXD344DNzPm4vvIOySzAuXE6oS3Vs +kBmBxeCNshPz2v7cDD+J0jTg2dGKySK5zvqfKzD9L4XBryixyvN4R9iyDRTJmVoO +zBSEiJ4GyQHhemg7QbLevaw5MQSrutQ8PHQiUUECgYBztxAu/Wv9CUa7ci45tJdL +DJXAQ2bRyNMI9qD5NAtZoTtxarVRw2eMJeTsIk1mjm9llt1TA42IkvBNQCi8OyrQ +E8JSVqNHyX97ZpHRN4oaUOTxm0Xq2PJ/qQjODwK3RFCqc6SRsmcS4tE/kGBGjK7t +VcSXSFrnQcbot0744i8VaQKBgQDRyCZH1rGf3drHqTG68PWAJ8EanNeYy9AWIcKA +2hX1NtImyINNe1TeCVnaKid7K7OAIEetRTePl7754Nt7StKuCBNzUI5huc9yvfVk +RVktscZ+RZrjF+AS8IX+j4N0Y2N8bA+mAHhAbxowXt1EC8JLfptlZMyiEgQk7Z1q +Gl6dgQKBgA7Wm8N5L8Bri/Ys6K8QcYOVwvHVPh5WTCT+lJqoEQoeIejfg3FVeH2w +cbbUnM0OuczzEz8j4M6kD/DfMU51Szmb81Jp9+U8uVJx+9WEDvn4Vcyu7IkVyJxJ +lr90vXhiruv+MCNXo7y0PQ/nQwLO+BYtKKLrEG7k0ZqaNQ7OE/nu +-----END RSA PRIVATE KEY----- diff --git a/contrib/docker-integration/nginx/ssl/registry-ca+client-client.pem b/contrib/docker-integration/nginx/ssl/registry-ca+client-client.pem new file mode 100644 index 00000000..02774362 --- /dev/null +++ b/contrib/docker-integration/nginx/ssl/registry-ca+client-client.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2zCCAcWgAwIBAgIQKoeTe/O4d1JTN1PM6vpS2TALBgkqhkiG9w0BAQswFDES +MBAGA1UEChMJVGVzdCwgSW5jMB4XDTE0MTAxNjE4MjEzMVoXDTE3MDkzMDE4MjEz +MVowFDESMBAGA1UEChMJVGVzdCwgSW5jMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAvVvIq4NPfIb/Q3d/sA0C9Aui/ZA4y6VXj9eFDyhDQN3ntD/1Z+4b +WI6VFULqAsqP7+h/5f3KH9jDeF3tvmahPfpnHSjQwz6Bx3MUzeB/9NE2AEYtAk8b +ddjzAblAAHofIQQRWSQqBoWttpNTKlxit48cGhqSaS4SOPdcsqRWd0nJJ1V3CpFM +Rjuw0mfPyG71IUlQGNbypN2hevLT5NKudlDXl07dnZHULwe/cDal8LhDLa+lkDeW +HYqKC/zcibhOGk2mnXsxxZY4H1L/SAL/hkbFqov1NrxxScMSexCPjm8gThAqTAot +lJYRo2frfxFujbcfc3TIfmdjUmF0he5H9QIDAQABoy0wKzAOBgNVHQ8BAf8EBAMC +AKAwDAYDVR0TAQH/BAIwADALBgNVHREEBDACggAwCwYJKoZIhvcNAQELA4IBAQDR +uj9ADvnuw4Ejw3r2cUI9rFxfdgaJ10AbOnmHbkror6/ImuXbcfB7DynOpe9ZATYb +EvGXyNb6TgAX3O2Y4Bp645TVydtmFZJQHadxgtwmUlYTxDRMZGwn0tLuOUrLD18E +UUpLQjQ9zuLjGqb70YOhtofcshNlBWSWxHPPuuc5KUaNigBYPxjDVXUsIPMeOKBY +K16DDIBHmGMRrDsgxu2vxZs7bHSklmLtKAr6g3IAoBVCmNEG7ot55cX4iF0eBiwp +9KmUN/7ekS6QKmB41FIWNOB2W/j8y2J7CnQC0ig8S6g2DF2s8ZHe4FttH2tP4Psh +12BhOB6OP5TyINJSWbEx +-----END CERTIFICATE----- diff --git a/contrib/docker-integration/nginx/ssl/registry-noca-cert-key.pem b/contrib/docker-integration/nginx/ssl/registry-noca-cert-key.pem new file mode 100644 index 00000000..20aa48c5 --- /dev/null +++ b/contrib/docker-integration/nginx/ssl/registry-noca-cert-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAthxWELaJGNDImbtYh1IBjZgofdBoXSnS/bGya84xaGCrTVwj +rvI2N2hYJVdQY4wFDjQEq/Uygp24ayOAzT1sCvHEclXk2hJuVsjss5G0F17j0kwo +l45SROf78RXYFCShOqy2FTahI1noFOgsvnY7eL9nfy3vcG5y/I7mXMrC6+RJ4gMC +U4bqyHQXBJaFm3ijHM2naEr1B5yrU3r3KiiksknJHSxynap++pPM+ln144Keytok +ci1b+yzr/jmoMXfRu8+GbH6H3OOJpoV1/I7bsMfNpzk4HbsLY2Pd7emKOGAOnsv7 +KnGxlxfCmwgFdTvkyIOVcHisDG2Dw+Sm3hXFPQIDAQABAoIBAQCbD/eslXCZA7W7 +SM1xs78EzMm1j049/Y3dXIAa0WA6iw1xeoIbxbuqZBuh9/3INYJcfKh5rveKRjew +anOSzrj/fKsT29VYZhczqDP8FpVszOxZtWVe3t1oNMvOlRX+2M28AzGrUG/WhQhb +PPJUXqH3B6tdnERjzHf2WssFudRNPAz3/j2pfgKh3Uy6jkmrhjxXmE3cKsGg1+tA +OGTVAFwy7Uo0OUoa0wZhRsLo7WoFpcyDIy1Q4bm0bAoO1wU5rpwKaP0j1X1I8SdL +j7WN2jBT4/Y2jTIOQ3SYbjEdxVU3owEidyLxKHyeJo4uqQ1RW2amgyMz3p5iq78w +yrG/YORhAoGBAMT3qwNeMbxpI3jgXFxIorva6oq9zXmZQAk6+xjV2ndpDrBo6Xic +D/m8yeAZl/a28WacJ0+rAe0PuDM2FilGLIGvJGNBsex4dIKRY1zTxmJK3IUCFz2C +YdMtyTqL4eYK9S2Nh3n1eluUgNp0xngSFxtZqSH2BConvuLt6RVY8dc1AoGBAOyw +yFZ9hnzckKJvprv9LB9o87B5qEMcgzbVSeZsr/pzLWSQ/qcGnNToXPAH8qlzVf0Y +R9HKjhrE8vcA5neSOjKf7xFKTcPLBNQ4tIYR9g0FZTUCBkWWqF1rb3+ySF4K9r73 +RfBSLYVQbjatrOWZh9UXJjFwtkFXHk8CcieR5A7pAoGAKJguy8PnFkDJCcmb330s +5PCqdCvIJG6cTwqz45t3qjKhz2Pf8nafqEXriV9c/YEY4Z//TiEdhYE+4nccPCd1 +VskFA9vvUqBEywAx7VjMQ0fQiS00Iv4zMTX3ijR4O1Q40cmgiVc5f5RsthlpKif4 +US+6dwBgPVvxsI1+A2NQfJ0CgYBMnZTb2loURNlUm0ufgn4r1K89KsQ6pRocP8Ji +IkB8k5fX+89ShaNyj5y13fzAuSLWgGuPD0AcjjAPoGz5u423IWojcKfnfuobQBe/ +ZkT9RgfStssM742kX8iBz1X5ixcADc7H0fIGO1jRvjo/QAlmAs5MJq34TJj0/lex +U1o9MQKBgQCPyn3FZnAhKwgirzfGVkSE0UF7NBYgLTcZKgRwGl6MXbMbQsPvxGeN +5BcdfSk3Q9QS+53u5OaH740FoOE9UADBjCGX6l4hI9EluSpFO9xJvBC0tJFNTKNo +Z7xGKqRefJDtFoeRG/PG5/mVQazNemHzt7nfmnLTCaq8KBVe6WIjgg== +-----END RSA PRIVATE KEY----- diff --git a/contrib/docker-integration/nginx/ssl/registry-noca-cert.pem b/contrib/docker-integration/nginx/ssl/registry-noca-cert.pem new file mode 100644 index 00000000..73104cb4 --- /dev/null +++ b/contrib/docker-integration/nginx/ssl/registry-noca-cert.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5DCCAc6gAwIBAgIQUpvarzpHjk04FFl3lx40YTALBgkqhkiG9w0BAQswFDES +MBAGA1UEChMJVGVzdCwgSW5jMB4XDTE0MTAxNjE4MjEyNVoXDTE3MDkzMDE4MjEy +NVowFDESMBAGA1UEChMJVGVzdCwgSW5jMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAthxWELaJGNDImbtYh1IBjZgofdBoXSnS/bGya84xaGCrTVwjrvI2 +N2hYJVdQY4wFDjQEq/Uygp24ayOAzT1sCvHEclXk2hJuVsjss5G0F17j0kwol45S +ROf78RXYFCShOqy2FTahI1noFOgsvnY7eL9nfy3vcG5y/I7mXMrC6+RJ4gMCU4bq +yHQXBJaFm3ijHM2naEr1B5yrU3r3KiiksknJHSxynap++pPM+ln144Keytokci1b ++yzr/jmoMXfRu8+GbH6H3OOJpoV1/I7bsMfNpzk4HbsLY2Pd7emKOGAOnsv7KnGx +lxfCmwgFdTvkyIOVcHisDG2Dw+Sm3hXFPQIDAQABozYwNDAOBgNVHQ8BAf8EBAMC +AKAwDAYDVR0TAQH/BAIwADAUBgNVHREEDTALgglsb2NhbGhvc3QwCwYJKoZIhvcN +AQELA4IBAQBfdYyCYeG8c/nzm9HDDFW11zS1EI9o0TjLWj/8f44lYPMyrBMn0z84 +wOJW3Gnu7OCfifj8TEFJqaXuZmNIr4bhHCLj7bFuvCJpaXDJ55mm8IN0qdkCC29w +pcLYtB5YiRhDpkXH7fEuS4G1Ak8cgVNaIOGHxiaQsGK2ecHm2R8hVMsB+Wb2xhOf +jfNouLJjXAbjG0atoVPoMjQ3r6zdzamnCD8f1qwFTjxAg6oJwDMfsEzgsRHub9la +NHIYmSUunolPz5R8HMvYvGWw82uHau9KNVCQZMWJbAafaXzMpwsIDlbn9yRIf4OY +CbOZJSLGSbUZrYAfCWd2h/2VhHjM5fNw +-----END CERTIFICATE----- diff --git a/contrib/docker-integration/nginx/test.passwd b/contrib/docker-integration/nginx/test.passwd new file mode 100644 index 00000000..4e55de81 --- /dev/null +++ b/contrib/docker-integration/nginx/test.passwd @@ -0,0 +1 @@ +testuser:$apr1$YmLhHjm6$AjP4z8J1WgcUNxU8J4ue5.