initial commit

.vscode/settings.json

@@ -0,0 +1,5 @@
+{
+   "editor.fontSize": 13,
+   "terminal.integrated.fontSize": 13,
+   "window.zoomLevel": 1.4,
+}

README.md

@@ -0,0 +1,91 @@
+## Description
+This docker compose run registry on docker
+
+## Install
+```bash
+mkdir -p /home/docker/certs
+mkdir -p /home/docker/registry-ui/conf
+mkdir -p /home/docker/registry-ui/data
+```
+Set ***password:*** in file `config.yml` and copy in `/home/docker/registry-ui/conf/`
+```bash
+sudo cp config.yml /home/docker/registry-ui/conf/
+```
+
+## Certificats
+Copy crt, key and CA cert files on `/home/docker/certs/`
+
+
+## Run
+### docker
+```bash
+docker run --network=host -d -p 8000:8000 -v /home/docker/certs/gmolabCA.crt:/etc/ssl/certs/ca-certificates.crt:ro -v ./config.yml:/opt/config.yml:ro quiq/registry-ui:latest
+```
+Teh optin `--network` tell to docker to use /etc/hosts instead DNS
+
+### docker compose
+```bash
+docker compose up -d
+```
+
+## Config apache
+### http-registry-ui.conf
+```bash
+# General setup for the virtual host
+<VirtualHost *:80>
+    ServerName registry-ui.gmolab.net
+    ServerAlias registry-ui
+    CustomLog logs/registry-ui_access_log common
+    ErrorLog  logs/registry-ui_error_log
+    # redirect to https
+    RewriteEngine on
+    RewriteCond %{SERVER_NAME} =registry-ui [OR]
+    RewriteCond %{SERVER_NAME} =registry-ui.gmolab.net
+    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
+</VirtualHost>
+```
+### https-registry-ui.conf
+```bash
+#  general setup for the virtual host
+<VirtualHost *:443>
+    ServerName registry-ui.gmolab.net
+    ServerAlias registry-ui
+    CustomLog logs/registry-ui_access_log common
+    ErrorLog  logs/registry-ui_error_log
+
+    # ssl
+    SSLEngine on
+    SSLHonorCipherOrder on
+    SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
+    SSLHonorCipherOrder on
+    SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-
+RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4
+    
+    # enable HTTP/2, if available
+    Protocols h2 http/1.1
+    
+    # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
+    Header always set Strict-Transport-Security "max-age=63072000"
+
+    # certificats
+    SSLCertificateFile "/etc/httpd/auth/cert/gmolab.net.crt"
+    SSLCertificateKeyFile "/etc/httpd/auth/cert/gmolab.net.key"
+    SSLCertificateChainFile "/etc/httpd/auth/cert/gmolabCA.crt"
+
+    # proxy
+    SSLProxyEngine On
+    ProxyPreserveHost On
+    ProxyRequests off
+    ProxyPass "/" "http://127.0.0.1:8000/"
+    ProxyPassReverse "/" "http://127.0.0.1:8000/"
+</VirtualHost>
+```
+
+## Sources
+https://medium.com/quiq-blog/docker-registry-ui-874c890d2c9b  
+https://github.com/Quiq/registry-ui
+
+## Changelog
+### v1.0 - 2024-11-30
+#### Added
+- initial version by [GMo](mailto:gilles.mouchet@gmail.com)

config.yml

@@ -0,0 +1,86 @@
+# Listen interface.
+listen_addr: 0.0.0.0:8000
+
+# Base path of Registry UI.
+uri_base_path: /
+
+# Background tasks.
+performance:
+  # Catalog list page size. It depends from the underlying storage performance.
+  catalog_page_size: 100
+
+  # Catalog (repo list) refresh interval in minutes.
+  # If set to 0 it will never refresh but will run once.
+  catalog_refresh_interval: 10
+
+  # Tags counting refresh interval in minutes.
+  # If set to 0 it will never run. This is fast operation.
+  tags_count_refresh_interval: 60
+
+# Registry endpoint and authentication.
+registry:
+  # Registry hostname (without protocol but may include port).
+  hostname: registry-docker.gmolab.net
+  # Allow to access non-https enabled registry.
+  insecure: false
+
+  # Registry credentials.
+  # They need to have a full access to the registry.
+  # If token authentication service is enabled, it will be auto-discovered and those credentials
+  # will be used to obtain access tokens.
+  username: gilles
+  password: pa55w0rd
+  # Set password to '' in order to read it from the file below. Otherwise, it is ignored.
+  password_file: /run/secrets/registry_password_file
+
+  # Alternatively, you can do auth with Keychain, useful for local development.
+  # When enabled the above credentials will not be used.
+  auth_with_keychain: false
+
+# UI access management.
+access_control:
+  # Whether users can the event log. Otherwise, only admins listed below.
+  anyone_can_view_events: true
+  # Whether users can delete tags. Otherwise, only admins listed below.
+  anyone_can_delete_tags: true
+  # The list of users to do everything.
+  # User identifier should be set via X-WEBAUTH-USER header from your proxy
+  # because registry UI itself does not employ any auth.
+  admins: []
+
+# Event listener configuration.
+event_listener:
+  # The same token should be configured on Docker registry as Authorization Bearer token.
+  bearer_token: xxx
+  # Retention of records to keep.
+  retention_days: 7
+
+  # Event listener storage.
+  database_driver: sqlite3
+  database_location: data/registry_events.db
+  # database_driver: mysql
+  # database_location: user:password@tcp(localhost:3306)/docker_events
+
+  # You can disable event deletion on some hosts when you are running registry UI on MySQL master-master or
+  # cluster setup to avoid deadlocks or replication breaks.
+  deletion_enabled: true
+
+# Options for tag purging.
+purge_tags:
+  # How many days to keep tags but also keep the minimal count provided no matter how old.
+  keep_days: 90
+  keep_count: 10
+
+  # Keep tags matching regexp no matter how old, e.g. '^latest$'
+  # Empty string disables this feature.
+  keep_regexp: ''
+
+  # Keep tags listed in the file no matter how old.
+  # File format is JSON: {"repo1": ["tag1", "tag2"], "repoX": ["tagX"]}
+  # Empty string disables this feature.
+  keep_from_file: ''
+
+# Debug mode.
+debug:
+  # Affects only templates.
+  templates: false

docker-compose.yaml

@@ -0,0 +1,15 @@
+services:
+  registry-ui:
+    image: 'quiq/registry-ui:latest'  
+    network_mode: "host" #use hosts file instead DNS
+    ports:
+      - '8000:8000'
+    restart: always
+    container_name: registry-ui
+    environment:
+      TZ: Europe/Zurich
+    volumes:
+      - /home/docker/certs/gmolabCA.crt:/etc/ssl/certs/ca-certificates.crt
+      - /home/docker/registry-ui/conf/config.yml:/opt/config.yml:ro
+      - /home/docker/registry-ui/data:/opt/data
+