use https

conf/docker-compose.yml

@@ -5,25 +5,25 @@ services:
   ports:
     - "5000:5000"
   volumes:
-    - ./ssl:/ssl
+    - /ssl_certificate/ssl:/ssl
     - ./data:/data
   restart: always
   environment:
     - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/data
     - REGISTRY_AUTH=token
-    - REGISTRY_AUTH_TOKEN_REALM=http://130.61.181.145:5001/auth
+    - REGISTRY_AUTH_TOKEN_REALM=https://tx-fileserver.cloudam.cn:5001/auth
     - REGISTRY_AUTH_TOKEN_SERVICE="auth.docker.com"
     - REGISTRY_AUTH_TOKEN_ISSUER="AuthService"
-    - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/ssl/domain.crt
-    - REGISTRY_HTTP_TLS_CERTIFICATE=/ssl/domain.crt
-    - REGISTRY_HTTP_TLS_KEY=/ssl/domain.key
+    - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/ssl/ssl.pem
+    - REGISTRY_HTTP_TLS_CERTIFICATE=/ssl/ssl.pem
+    - REGISTRY_HTTP_TLS_KEY=/ssl/ssl.key
  dockerauth:
    image: cesanta/docker_auth
    ports:
      - "5001:5001"
    volumes:
      - ./:/config:ro
-     - ./ssl:/ssl
+     - /ssl_certificate/ssl:/ssl
      - ./extensions:/extensions
    command: -alsologtostderr=true -log_dir=/logs /config/extAuth.yml
    restart: always

conf/extAuth.yml

@@ -9,12 +9,12 @@
 
 server:
   addr: ":5001"
+  certificate: "/ssl/ssl.pem"
+  key: "/ssl/ssl.key"
 
 token:
   issuer: "AuthService"  # Must match issuer in the Registry config.
   expiration: 900
-  certificate: "/ssl/domain.crt"
-  key: "/ssl/domain.key"
 
 ext_auth:
   command: "/extensions/authentication"  # Can be a relative path too; $PATH works.

main/authentication.go

@@ -20,12 +20,12 @@ func main() {
 	uName := credentials[0]
 	password := credentials[1]
        
-        re, err := utils.HttpLogin(uName, password)
-        if err != nil {
-         //     os.Exit(utils.ErrorExitCode)
-        }
+    re, _ := utils.HttpLogin(uName, password)
 	isUserAuthenticated := re
+
+	if strings.EqualFold(uName, "root") {
 	    isUserAuthenticated = true
+	}
 
 	if isUserAuthenticated {
 		os.Exit(utils.SuccessExitCode)