- 1Eclipse配置Maven_eclpse maven 依赖
- 2OpenHarmony NAPI 类对象导出及其生命周期管理(上)_napi_unwrap
- 3用C++写一个小游戏——扫雷(1)_扫雷c++
- 4Unity AssetBundle原理_unitybundle原理
- 5制作数据库导出模板,导出数据库设计说明书_数据库如何导出数据库设计说明书
- 6vuecli+elementUI修改主题色element-variables.scss_vue-cli element-variables
- 7ant design vue 当中的表格自定义结构超出隐藏的自适应 动态显示省略号_a-table-column 超过 变。。。
- 8CUDA Error: out of memory darknet: ./src/cuda.c:36: check_error: Assertion `0' failed. Aborted
- 9【Vue】使用elementPlus的table时,实现自定义tooltip效果,单行显示,超出则显示省略号,鼠标移入后,当文字数量大于20则换行自定义展示的tooltip_table tooltip
- 10three.js 使用canvas加载图片作为模型的纹理贴图_threejs canvas贴图
docker-registry-web
赞
踩
摘录自:https://github.com/mkuchin/docker-registry-web
Web UI, authentication service and event recorder for private docker registry v2.
Features:
- Browsing repositories, tags and images in docker registry v2
- Optional token based authentication provider with role-based permissions
- Docker registry notification recording and audit
Warning: this version config is not compatible with configuration of versions prior 0.1.0
Migrating configuration from 0.0.4 to 0.1.x
Docker pull command
docker pull hyper/docker-registry-web
How to run
Quick start (config with environment variables, no authentication)
Do not use registry as registry container name, it will break REGISTRY_NAME environment variable.
- docker run -d -p 5000:5000 --name registry-srv registry:2
- docker run -it -p 8080:8080 --name registry-web --link registry-srv -e REGISTRY_URL=http://registry-srv:5000/v2 -e REGISTRY_NAME=localhost:5000 hyper/docker-registry-web
Connecting to docker registry with basic authentication and self-signed certificate
- docker run -it -p 8080:8080 --name registry-web --link registry-srv \
- -e REGISTRY_URL=https://registry-srv:5000/v2 \
- -e REGISTRY_TRUST_ANY_SSL=true \
- -e REGISTRY_BASIC_AUTH="YWRtaW46Y2hhbmdlbWU=" \
- -e REGISTRY_NAME=localhost:5000 hyper/docker-registry-web
No authentication, with config file
-
Create configuration file
config.yml(Any property in this config may be overridden with environment variable, for example property
registry.auth.enabledwill becomeREGISTRY_AUTH_ENABLED)- registry:
- # Docker registry url
- url: http://registry-srv:5000/v2
- # Docker registry fqdn
- name: localhost:5000
- # To allow image delete, should be false
- readonly: false
- auth:
- # Disable authentication
- enabled: false
-
Run with docker
- docker run -p 5000:5000 --name registry-srv -d registry:2
- docker run -it -p 8080:8080 --name registry-web --link registry-srv -v $(pwd)/config.yml:/conf/config.yml:ro hyper/docker-registry-web
-
Web UI will be available on
http://localhost:8080
With authentication enabled
Token authentication requires RSA private key in PEM format and certificate matched with this key
-
Generate private key and certificate
- mkdir conf
- openssl req -new -newkey rsa:4096 -days 365 -subj "/CN=localhost" \
- -nodes -x509 -keyout conf/auth.key -out conf/auth.cert
-
Create registry config
conf/registry-srv.yml- version: 0.1
- storage:
- filesystem:
- rootdirectory: /var/lib/registry
- http:
- addr: 0.0.0.0:5000
- auth:
- token:
- # external url to docker-web authentication endpoint
- realm: http://localhost:8080/api/auth
- # should be same as registry.name of registry-web
- service: localhost:5000
- # should be same as registry.auth.issuer of registry-web
- issuer: 'my issuer'
- # path to auth certificate
- rootcertbundle: /etc/docker/registry/auth.cert
-
Start docker registry
- docker run -v $(pwd)/conf/registry-srv.yml:/etc/docker/registry/config.yml:ro \
- -v $(pwd)/conf/auth.cert:/etc/docker/registry/auth.cert:ro -p 5000:5000 --name registry-srv -d registry:2
-
Create configuration file
conf/registry-web.yml- registry:
- # Docker registry url
- url: http://registry-srv:5000/v2
- # Docker registry fqdn
- name: localhost:5000
- # To allow image delete, should be false
- readonly: false
- auth:
- # Enable authentication
- enabled: true
- # Token issuer
- # should equals to auth.token.issuer of docker registry
- issuer: 'my issuer'
- # Private key for token signing
- # certificate used on auth.token.rootcertbundle should signed by this key
- key: /conf/auth.key
-
Start registry-web
- docker run -v $(pwd)/conf/registry-web.yml:/conf/config.yml:ro \
- -v $(pwd)/conf/auth.key:/conf/auth.key -v $(pwd)/db:/data \
- -it -p 8080:8080 --link registry-srv --name registry-web hyper/docker-registry-web
-
Web UI will be available on
http://localhost:8080with default admin user/passwordadmin/admin.
Role system
After first start you will have following roles:
- UI_ADMIN
- UI_USER
- UI_DELETE
- read-all
- write-all
You can't delete or modify UI_ADMIN and UI_USER role, they are special roles and allows admin or user access to UI respectively.
User access allows to browse registry, admin access allows to create, delete and modify users and roles in addition to user access.
UI_DELETE role allows deleting images in the UI based on ACLs.
Every non-special role has a list of ACLs, each of ACL grants permission grants permission to pull, pull+push or pull+push+delete based on IP and image name glob matching. For example read-all role matches any IP and any image name with glob * and grants pull permission and write-all role grants pull+push permission for any IP and any image name.
Configuration reference
Docker Compose configuration examples
Migrating configuration from 0.0.4 to 0.1.x
| config option in 0.0.4 | config option in 0.1.x | Comment |
|---|---|---|
| REGISTRY_HOST | REGISTRY_URL | URL should start with protocol, e.g. https://registry-srv:5000/v2 |
| REGISTRY_PORT | ||
| REGISTRY_NAME | REGISTRY_NAME | visible name of registry |
| REGISTRY_AUTH | REGISTRY_BASIC_AUTH | Base64 encoded authentication string, e.g. YWRtaW46Y2hhbmdlbWU= |
| READONLY | REGISTRY_READONLY | true|false |
| TRUST_ANY_SSL | REGISTRY_TRUST_ANY_SSL | true|false |
| CONTEXT_PATH | REGISTRY_CONTEXT_PATH | url prefix if you need to host web registry on non-root path |
