docker-registry-web
来源:互联网 发布:国际大酒店网站源码 编辑:程序博客网 时间:2024/06/05 09:57
摘录自:https://github.com/mkuchin/docker-registry-web
Web UI, authentication service and event recorder for private docker registry v2.
Features:
- Browsing repositories, tags and images in docker registry v2
- Optional token based authentication provider with role-based permissions
- Docker registry notification recording and audit
Warning: this version config is not compatible with configuration of versions prior 0.1.0
Migrating configuration from 0.0.4 to 0.1.x
Docker pull command
docker pull hyper/docker-registry-web
How to run
Quick start (config with environment variables, no authentication)
Do not use registry as registry container name, it will break REGISTRY_NAME
environment variable.
docker run -d -p 5000:5000 --name registry-srv registry:2docker run -it -p 8080:8080 --name registry-web --link registry-srv -e REGISTRY_URL=http://registry-srv:5000/v2 -e REGISTRY_NAME=localhost:5000 hyper/docker-registry-web
Connecting to docker registry with basic authentication and self-signed certificate
docker run -it -p 8080:8080 --name registry-web --link registry-srv \ -e REGISTRY_URL=https://registry-srv:5000/v2 \ -e REGISTRY_TRUST_ANY_SSL=true \ -e REGISTRY_BASIC_AUTH="YWRtaW46Y2hhbmdlbWU=" \ -e REGISTRY_NAME=localhost:5000 hyper/docker-registry-web
No authentication, with config file
Create configuration file
config.yml
(Any property in this config may be overridden with environment variable, for example property
registry.auth.enabled
will becomeREGISTRY_AUTH_ENABLED
)registry: # Docker registry url url: http://registry-srv:5000/v2 # Docker registry fqdn name: localhost:5000 # To allow image delete, should be false readonly: false auth: # Disable authentication enabled: false
Run with docker
docker run -p 5000:5000 --name registry-srv -d registry:2docker run -it -p 8080:8080 --name registry-web --link registry-srv -v $(pwd)/config.yml:/conf/config.yml:ro hyper/docker-registry-web
Web UI will be available on
http://localhost:8080
With authentication enabled
Token authentication requires RSA private key in PEM format and certificate matched with this key
Generate private key and certificate
mkdir confopenssl req -new -newkey rsa:4096 -days 365 -subj "/CN=localhost" \ -nodes -x509 -keyout conf/auth.key -out conf/auth.cert
Create registry config
conf/registry-srv.yml
version: 0.1 storage: filesystem: rootdirectory: /var/lib/registry http: addr: 0.0.0.0:5000 auth: token: # external url to docker-web authentication endpoint realm: http://localhost:8080/api/auth # should be same as registry.name of registry-web service: localhost:5000 # should be same as registry.auth.issuer of registry-web issuer: 'my issuer' # path to auth certificate rootcertbundle: /etc/docker/registry/auth.cert
Start docker registry
docker run -v $(pwd)/conf/registry-srv.yml:/etc/docker/registry/config.yml:ro \ -v $(pwd)/conf/auth.cert:/etc/docker/registry/auth.cert:ro -p 5000:5000 --name registry-srv -d registry:2
Create configuration file
conf/registry-web.yml
registry: # Docker registry url url: http://registry-srv:5000/v2 # Docker registry fqdn name: localhost:5000 # To allow image delete, should be false readonly: false auth: # Enable authentication enabled: true # Token issuer # should equals to auth.token.issuer of docker registry issuer: 'my issuer' # Private key for token signing # certificate used on auth.token.rootcertbundle should signed by this key key: /conf/auth.key
Start registry-web
docker run -v $(pwd)/conf/registry-web.yml:/conf/config.yml:ro \ -v $(pwd)/conf/auth.key:/conf/auth.key -v $(pwd)/db:/data \ -it -p 8080:8080 --link registry-srv --name registry-web hyper/docker-registry-web
Web UI will be available on
http://localhost:8080
with default admin user/passwordadmin/admin
.
Role system
After first start you will have following roles:
- UI_ADMIN
- UI_USER
- UI_DELETE
- read-all
- write-all
You can't delete or modify UI_ADMIN and UI_USER role, they are special roles and allows admin or user access to UI respectively.
User access allows to browse registry, admin access allows to create, delete and modify users and roles in addition to user access.
UI_DELETE role allows deleting images in the UI based on ACLs.
Every non-special role has a list of ACLs, each of ACL grants permission grants permission to pull
, pull+push
or pull+push+delete
based on IP and image name glob matching. For example read-all role matches any IP and any image name with glob *
and grants pull
permission and write-all role grants pull+push
permission for any IP and any image name.
Configuration reference
Docker Compose configuration examples
Migrating configuration from 0.0.4 to 0.1.x
- docker-registry-web
- docker registry + docker registry web + docker container web ui
- docker registry - web展现小站点 docker-registry-web
- Docker Registry
- docker-registry
- [docker]docker registry
- Docker-搭建Docker Registry
- [docker]docker registry简单试用
- Docker中级学习-Docker Registry
- Docker Registry--私有docker站
- Docker私服Registry搭建
- 自建Docker Registry
- docker 搭建私有registry
- docker-registry[centos]
- docker-registry测试
- 安装docker-registry
- 安装docker registry
- docker registry 搭建步骤
- 通用审批流程
- c/c++ regex正则使用
- TensorRT Samples: MNIST(Plugin, add a custom layer)
- 【mac+Android Studio】【持续集成优化】搭建Jenkins+svn+Android Studio+发布到蒲公英+发邮件
- 学习:C#读取ini配置文件数据
- docker-registry-web
- 高仿《One》APP Design + MVP + RxJava2 + Retrofit + Dagger2 + Realm
- input 默认宽度测试
- Flume Sink
- Echarts图表开发之饼图
- 家电品牌新售后该起风了
- 编写 kafka Partition 分配算法
- spring配置文件详解
- Sqoop导入问题汇总