commit bd99d6c9e04670e5dac3ae406ab3a59822bcd479 Author: Gilles Mouchet Date: Sat Nov 30 17:13:33 2024 +0100 initial commit diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..b3ee43d --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,5 @@ +{ + "editor.fontSize": 13, + "terminal.integrated.fontSize": 13, + "window.zoomLevel": 1.4, +} \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..9cb0510 --- /dev/null +++ b/README.md @@ -0,0 +1,91 @@ +## Description +This docker compose run registry on docker + +## Install +```bash +mkdir -p /home/docker/certs +mkdir -p /home/docker/registry-ui/conf +mkdir -p /home/docker/registry-ui/data +``` +Set ***password:*** in file `config.yml` and copy in `/home/docker/registry-ui/conf/` +```bash +sudo cp config.yml /home/docker/registry-ui/conf/ +``` + +## Certificats +Copy crt, key and CA cert files on `/home/docker/certs/` + + +## Run +### docker +```bash +docker run --network=host -d -p 8000:8000 -v /home/docker/certs/gmolabCA.crt:/etc/ssl/certs/ca-certificates.crt:ro -v ./config.yml:/opt/config.yml:ro quiq/registry-ui:latest +``` +Teh optin `--network` tell to docker to use /etc/hosts instead DNS + +### docker compose +```bash +docker compose up -d +``` + +## Config apache +### http-registry-ui.conf +```bash +# General setup for the virtual host + + ServerName registry-ui.gmolab.net + ServerAlias registry-ui + CustomLog logs/registry-ui_access_log common + ErrorLog logs/registry-ui_error_log + # redirect to https + RewriteEngine on + RewriteCond %{SERVER_NAME} =registry-ui [OR] + RewriteCond %{SERVER_NAME} =registry-ui.gmolab.net + RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] + +``` +### https-registry-ui.conf +```bash +# general setup for the virtual host + + ServerName registry-ui.gmolab.net + ServerAlias registry-ui + CustomLog logs/registry-ui_access_log common + ErrorLog logs/registry-ui_error_log + + # ssl + SSLEngine on + SSLHonorCipherOrder on + SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 + SSLHonorCipherOrder on + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE- +RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4 + + # enable HTTP/2, if available + Protocols h2 http/1.1 + + # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) + Header always set Strict-Transport-Security "max-age=63072000" + + # certificats + SSLCertificateFile "/etc/httpd/auth/cert/gmolab.net.crt" + SSLCertificateKeyFile "/etc/httpd/auth/cert/gmolab.net.key" + SSLCertificateChainFile "/etc/httpd/auth/cert/gmolabCA.crt" + + # proxy + SSLProxyEngine On + ProxyPreserveHost On + ProxyRequests off + ProxyPass "/" "http://127.0.0.1:8000/" + ProxyPassReverse "/" "http://127.0.0.1:8000/" + +``` + +## Sources +https://medium.com/quiq-blog/docker-registry-ui-874c890d2c9b +https://github.com/Quiq/registry-ui + +## Changelog +### v1.0 - 2024-11-30 +#### Added +- initial version by [GMo](mailto:gilles.mouchet@gmail.com) \ No newline at end of file diff --git a/config.yml b/config.yml new file mode 100644 index 0000000..f180859 --- /dev/null +++ b/config.yml @@ -0,0 +1,86 @@ +# Listen interface. +listen_addr: 0.0.0.0:8000 + +# Base path of Registry UI. +uri_base_path: / + +# Background tasks. +performance: + # Catalog list page size. It depends from the underlying storage performance. + catalog_page_size: 100 + + # Catalog (repo list) refresh interval in minutes. + # If set to 0 it will never refresh but will run once. + catalog_refresh_interval: 10 + + # Tags counting refresh interval in minutes. + # If set to 0 it will never run. This is fast operation. + tags_count_refresh_interval: 60 + +# Registry endpoint and authentication. +registry: + # Registry hostname (without protocol but may include port). + hostname: registry-docker.gmolab.net + # Allow to access non-https enabled registry. + insecure: false + + # Registry credentials. + # They need to have a full access to the registry. + # If token authentication service is enabled, it will be auto-discovered and those credentials + # will be used to obtain access tokens. + username: gilles + password: pa55w0rd + # Set password to '' in order to read it from the file below. Otherwise, it is ignored. + password_file: /run/secrets/registry_password_file + + # Alternatively, you can do auth with Keychain, useful for local development. + # When enabled the above credentials will not be used. + auth_with_keychain: false + +# UI access management. +access_control: + # Whether users can the event log. Otherwise, only admins listed below. + anyone_can_view_events: true + # Whether users can delete tags. Otherwise, only admins listed below. + anyone_can_delete_tags: true + # The list of users to do everything. + # User identifier should be set via X-WEBAUTH-USER header from your proxy + # because registry UI itself does not employ any auth. + admins: [] + +# Event listener configuration. +event_listener: + # The same token should be configured on Docker registry as Authorization Bearer token. + bearer_token: xxx + # Retention of records to keep. + retention_days: 7 + + # Event listener storage. + database_driver: sqlite3 + database_location: data/registry_events.db + # database_driver: mysql + # database_location: user:password@tcp(localhost:3306)/docker_events + + # You can disable event deletion on some hosts when you are running registry UI on MySQL master-master or + # cluster setup to avoid deadlocks or replication breaks. + deletion_enabled: true + +# Options for tag purging. +purge_tags: + # How many days to keep tags but also keep the minimal count provided no matter how old. + keep_days: 90 + keep_count: 10 + + # Keep tags matching regexp no matter how old, e.g. '^latest$' + # Empty string disables this feature. + keep_regexp: '' + + # Keep tags listed in the file no matter how old. + # File format is JSON: {"repo1": ["tag1", "tag2"], "repoX": ["tagX"]} + # Empty string disables this feature. + keep_from_file: '' + +# Debug mode. +debug: + # Affects only templates. + templates: false diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 0000000..9a4df70 --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,15 @@ +services: + registry-ui: + image: 'quiq/registry-ui:latest' + network_mode: "host" #use hosts file instead DNS + ports: + - '8000:8000' + restart: always + container_name: registry-ui + environment: + TZ: Europe/Zurich + volumes: + - /home/docker/certs/gmolabCA.crt:/etc/ssl/certs/ca-certificates.crt + - /home/docker/registry-ui/conf/config.yml:/opt/config.yml:ro + - /home/docker/registry-ui/data:/opt/data + \ No newline at end of file