Coder Social home page Coder Social logo

registryo's Introduction

Registryo

Web UI and authentication service for private Docker Registry v2

Features

  • Browse repositories, tags and image manifests
  • Create and manage users and permissions
  • Integrated password recovery workflow

How to run

First thing to do is to generate a private key and a certificate for the corresponding pulbic key. Self signed certificates are fine as well. Please note that the private key must not be encrypted.

$ openssl genrsa -out privkey.pem 2048
$ openssl req -new -x509 -key privkey.pem -out certfile.pem -days 360

In the following, suppose we deploy the registry and the authentication server on the following addresses

  • Registry: registry.example.com
  • Auth and ui: ui.registry.example.com

It is also possibile to use just one domain name and rely on reverse proxy, see later on

Then, you need to deploy a private docker registry with token authentication support. This is an example config.yml to configure token authentication on the registry

# config.yml
version: 0.1
log:
  fields:
    service: registry
storage:
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
  delete:
    enabled: true
http:
  addr: :5000
auth:
  token:
    realm: https://ui.registry.example.com/v1/auth/
    service: registry.example.com
    issuer: ui.registry.example.com
    rootcertbundle: /certfile.pem
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3
# docker-compose.yml
version: '3'

services:

  registry-srv:
    restart: always
    image: registry:2
    ports:
      - 80:5000
    volumes:
      # persist uploaded images
      - ./registry:/var/lib/registry
      # share certificate file for token validation
      - ./certfile.pem:/certfile.pem
      # share configuration file
      - ./config.yml:/etc/docker/registry/config.yml

To deploy the UI we need a configuration file (in env format) and a docker-compose.yml

# docker-compose.yml
version: '3'

services:

  registry-web:
    restart: always
    image: inmagik/registryo:latest
    env_file:
      # Configuration file
      - ./config.env
    ports:
      - 8080:80
    volumes:
      # Persist user db
      - ./data:/data
      # Share private key to sign tokens
      - ./privkey.pem:/code/privkey.pem
      # Share certificate file to verify tokens
      - ./certfile.pem:/code/certfile.pem
# config.env
SERVER_FQDN=ui.registry.example.com
REGISTRY_NAME=registry.example.com
REGISTRY_URL=https://registry.example.com/v2
EMAIL_FROM=NoReply <[email protected]>

# If you want to use SendInBlue to send emails
EMAIL_DRIVER=sendinblue
SENDINBLUE_API_KEY=xkeysib-s3cr3t

# If you want to use plain SMTP
EMAIL_BACKEND=smtp
EMAIL_HOST=smtp.example.com
EMAIL_PORT=22
EMAIL_HOST_USER=example
EMAIL_HOST_PASSWORD=s3cr3t
EMAIL_USE_TLS=1             # Set this only if needed
EMAIL_USE_SSL=0             # Set this only if needed
EMAIL_TIMEOUT=              # Set this only if needed
EMAIL_SSL_KEYFILE=          # Set this only if needed
EMAIL_SSL_CERTFILE=         # Set this only if needed

# If you don't want emails
EMAIL_BACKEND=none

Create two directories (one for registry and one for the web ui), with those configuration files, then run docker-compose up -d in both directories.

Finally, we need to create the first user in the web ui. This user will be the superadmin of your installation, so choose credentials carefully.

Move with the terminal in the directory where you put the web ui configuration files and run docker-compose exec registry-web setup, fill in the required information and you should be ready to access the web ui listening at http://localhost:8080!

Other deployment setups

In the deploy folder of this repository you can find some example configurations to deploy the registry and the authentication service in some common environments.

  • standard: dual host configuration, as described in this readme
  • traefik: single host with reverse proxy, using Traefik
  • nginx: single host with reverse proxy, using Nginx

Contributing

Contributions are always welcome, given the conformance to the code of conduct.

For instance, you may contribute by:

  • fixing bugs
  • adding new languages to the web interface
  • adding new common deployment configurations

If you have some deployment configuration you wish to share, please remember to anonimize the FQDNs and DNSs entries. You can use example.com and subdomains to this extent.

registryo's People

Contributors

osioalberto avatar

Stargazers

Thomas Coats avatar Lennard Timm avatar avatar Vladislav Glinsky avatar Nikolaus Schlemm avatar Songpon Phusing avatar avatar Astor Palmeira avatar Mauro Bianchi avatar Giovanni Fumagalli avatar

Watchers

James Cloos avatar Lorenzo Bianchi avatar Matteo Scaffidi avatar

registryo's Issues

Image is broken

Hey, thanks for all your work, currently I use Registryo on my k3s cluster, updated today as long overdue task, but, got this error message as the pod deployed...

160 static files copied to '/var/www/statik'.
2023-04-12T18:10:34.306011472-05:00 System check identified some issues:
2023-04-12T18:10:34.306106382-05:00 
2023-04-12T18:10:34.306126138-05:00 WARNINGS:
2023-04-12T18:10:34.306161870-05:00 main.ACLEntry: (models.W042) Auto-created primary key used when not defining a primary key type, by default 'django.db.models.AutoField'.
2023-04-12T18:10:34.306183786-05:00 	HINT: Configure the DEFAULT_AUTO_FIELD setting or the MainConfig.default_auto_field attribute to point to a subclass of AutoField, e.g. 'django.db.models.BigAutoField'.
2023-04-12T18:10:34.636964779-05:00 Operations to perform:
2023-04-12T18:10:34.637037879-05:00   Apply all migrations: admin, auth, authtoken, contenttypes, main, sessions
2023-04-12T18:10:34.637056808-05:00 Running migrations:
2023-04-12T18:10:34.637075383-05:00   No migrations to apply.
2023-04-12T18:10:35.255410344-05:00 2023/04/12 23:10:35 [emerg] 11#11: "upstream" directive is not allowed here in /etc/nginx/conf.d/default.conf:2
2023-04-12T18:10:35.255478289-05:00 nginx: [emerg] "upstream" directive is not allowed here in /etc/nginx/conf.d/default.conf:2

So it seems the NGINX config is bad, the upstream seams outside the http holders.

Regards.

Demo?

Is there a demo of this or screenshots?

Can we add OAuth integration against Gitea?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.