refactor: restructure registry with auth and agent guidelines

- Add built-in authentication with Apache utils - Add AGENTS.md for coding guidelines - Enhance security with authentication enabled by default - Remove unnecessary template files - Simplify configuration and setup process
2025-11-05 04:11:21 -08:00
parent f4611b4d23
commit d8bfde5796
9 changed files with 106 additions and 187 deletions
--- a/.env.example
+++ b/.env.example
@@ -1,30 +0,0 @@
-# Lightweight Docker Registry Configuration
-# Copy this file to .env and customize for your environment
-
-# Registry Configuration
-REGISTRY_STORAGE_PATH=/var/lib/registry
-REGISTRY_DATA_PATH=./data
-REGISTRY_LOG_LEVEL=info
-REGISTRY_DELETE_ENABLED=true
-
-# Note: Authentication and TLS are disabled by default
-# To enable them, you'll need to mount custom config.yml
-# See README.md for advanced configuration
-
-# UI Configuration
-REGISTRY_TITLE=Docker Registry
-REGISTRY_URL=http://registry:5000
-SINGLE_REGISTRY=true
-DELETE_IMAGES=true
-SHOW_CONTENT_DIGEST=true
-SHOW_CATALOG_NB_TAGS=true
-CATALOG_MIN_BRANCHES=1
-CATALOG_MAX_BRANCHES=1
-TAGLIST_PAGE_SIZE=100
-CATALOG_ELEMENTS_LIMIT=1000
-
-# Coolify-specific variables (override as needed)
-# These can be set in Coolify's environment variables section
-# DOMAIN=your-domain.com
-# REGISTRY_DOMAIN=registry.your-domain.com
-# UI_DOMAIN=ui.your-domain.com
--- a/.gitignore
+++ b/.gitignore
@@ -1,22 +0,0 @@
-# Ignore data directories
-data/
-auth/
-certs/
-
-# Ignore environment file with secrets
-.env
-
-# Ignore Docker files
-.dockerignore
-
-# Ignore logs
-*.log
-logs/
-
-# Ignore temporary files
-.tmp/
-*.tmp
-
-# Ignore OS files
-.DS_Store
-Thumbs.db
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -0,0 +1,36 @@
+# Agent Guidelines for Docker Registry Project
+
+## Build & Run
+```bash
+# Build and start services
+docker-compose up -d --build
+
+# Rebuild single service
+docker-compose up -d --build registry
+```
+
+## Code Style
+- YAML files: 2 space indentation
+- Shell scripts: Follow [Google Shell Style Guide](https://google.github.io/styleguide/shellguide.html)
+- Docker best practices:
+  - Use multi-stage builds when possible
+  - Minimize layer size and number
+  - Pin base image versions
+  - Place volatile commands last
+  - One service per container
+
+## Error Handling
+- Shell scripts: Use set -e for strict error handling
+- Log errors to stdout/stderr for Docker logging
+- Follow the fail-fast principle
+- Include error context in messages
+
+## File Structure
+```
+.
+├── config.yml        # Registry configuration
+├── docker-compose.yml # Service orchestration
+├── Dockerfile        # Registry image build
+├── entrypoint.sh    # Container initialization
+└── setup.sh         # Local environment setup
+```
--- a/16
+++ b/16
@@ -0,0 +1,16 @@
+FROM registry:2
+
+# Install Apache utilities for htpasswd management
+RUN apt-get update && apt-get install -y \
+    apache2-utils \
+    && rm -rf /var/lib/apt/lists/*
+
+# Create auth directory
+RUN mkdir -p /etc/docker/registry/auth
+
+# Copy custom entrypoint script
+COPY entrypoint.sh /usr/local/bin/
+RUN chmod +x /usr/local/bin/entrypoint.sh
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+CMD ["/etc/docker/registry/config.yml"]
--- a/README.md
+++ b/README.md
@@ -1,107 +0,0 @@
-# Lightweight Docker Registry
-
-A simple, lightweight Docker registry with web UI using docker-compose.
-
-## Features
- Lightweight Docker Registry (official registry:2 image)
- Web UI for browsing and managing images
- Configurable via environment variables
- Optional authentication and TLS support
- Perfect for Coolify deployment
-
-## Quick Start
-
-1. Copy environment file:
-```bash
-cp .env.example .env
-```
-
-2. Start the registry:
-```bash
-docker-compose up -d
-```
-
-3. Access:
- Registry API: http://your-domain:5000
- Web UI: http://your-domain
-
-## Coolify Deployment
-
-In Coolify, set these environment variables as needed:
-
-### Basic Configuration
- `REGISTRY_TITLE`: Registry title for UI
- `REGISTRY_URL`: Internal registry URL
-
-### Storage
- `REGISTRY_DATA_PATH`: Data storage path
- `REGISTRY_DELETE_ENABLED`: Allow image deletion (true/false)
-
-### Security (Optional)
-For authentication and TLS, mount a custom `config.yml` file:
-```yaml
-version: 0.1
-auth:
-  htpasswd:
-    realm: basic-realm
-    path: /auth/htpasswd
-http:
-  tls:
-    certificate: /certs/server.crt
-    key: /certs/server.key
-```
-
-### UI Settings
- `DELETE_IMAGES`: Allow deletion via UI (true/false)
- `SHOW_CONTENT_DIGEST`: Show image digests (true/false)
- `TAGLIST_PAGE_SIZE`: Number of tags per page
-
-## Usage
-
-### Push an image
-```bash
-docker tag myimage your-domain:5000/myimage
-docker push your-domain:5000/myimage
-```
-
-### Pull an image
-```bash
-docker pull your-domain:5000/myimage
-```
-
-### List images
-```bash
-curl http://your-domain:5000/v2/_catalog
-```
-
-## Advanced Configuration
-
-For authentication, TLS, or other advanced features:
-
-1. Create a custom `config.yml` file
-2. Mount it to `/etc/docker/registry/config.yml`
-3. Reference Docker Registry documentation for all options
-
-Example with auth and TLS:
-```yaml
-version: 0.1
-auth:
-  htpasswd:
-    realm: basic-realm
-    path: /auth/htpasswd
-http:
-  tls:
-    certificate: /certs/server.crt
-    key: /certs/server.key
-storage:
-  delete:
-    enabled: true
-```
-
-## Resource Usage
-
- **RAM**: ~100-200MB total
- **Storage**: Minimal base + image storage
- **CPU**: Very low usage
-
-Perfect for resource-constrained environments!
--- a/config.yml
+++ b/config.yml
@@ -0,0 +1,22 @@
+version: 0.1
+log:
+  fields:
+    service: registry
+storage:
+  cache:
+    blobdescriptor: inmemory
+  filesystem:
+    rootdirectory: /var/lib/registry
+http:
+  addr: :5000
+  headers:
+    X-Content-Type-Options: [nosniff]
+auth:
+  htpasswd:
+    realm: basic-realm
+    path: /etc/docker/registry/auth/htpasswd
+health:
+  storagedriver:
+    enabled: true
+    interval: 10s
+    threshold: 3
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,13 +2,15 @@ version: '3.8'

 services:
  registry:
-    image: registry:2
+    build: .
    container_name: registry
    restart: unless-stopped
    expose:
      - "5000"
    volumes:
      - registry-data:/var/lib/registry
+      - registry-auth:/etc/docker/registry/auth
+      - ./config.yml:/etc/docker/registry/config.yml
    networks:
      - registry-network

@@ -28,7 +30,7 @@ services:
      - CATALOG_MIN_BRANCHES=${CATALOG_MIN_BRANCHES:-1}
      - CATALOG_MAX_BRANCHES=${CATALOG_MAX_BRANCHES:-1}
      - TAGLIST_PAGE_SIZE=${TAGLIST_PAGE_SIZE:-100}
-      - REGISTRY_SECURED=${REGISTRY_SECURED:-false}
+      - REGISTRY_SECURED=${REGISTRY_SECURED:-true}
      - CATALOG_ELEMENTS_LIMIT=${CATALOG_ELEMENTS_LIMIT:-1000}
    depends_on:
      - registry
@@ -41,4 +43,6 @@ networks:

 volumes:
  registry-data:
+    driver: local
+  registry-auth:
    driver: local
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+# Initialize auth file if it doesn't exist
+if [ ! -f /etc/docker/registry/auth/htpasswd ]; then
+    echo "Initializing auth file with default user 'recruas'"
+    htpasswd -B -c /etc/docker/registry/auth/htpasswd recruas
+    echo "Auth file created. Default user: recruas"
+fi
+
+# Start the registry
+exec /bin/registry /etc/docker/registry/config.yml "$@"
--- a/setup.sh
+++ b/setup.sh
@@ -1,33 +1,22 @@
 #!/bin/bash

-# Setup script for Lightweight Docker Registry
+echo "Setting up Docker Registry with authentication..."

-echo "🐳 Setting up Lightweight Docker Registry..."
+# Build and start the registry
+docker-compose up -d --build

-# Create necessary directories
-mkdir -p data auth certs
+echo "Waiting for registry to start..."
+sleep 5

-# Copy environment file if it doesn't exist
-if [ ! -f .env ]; then
-    cp .env.example .env
-    echo "✅ Created .env file from template"
-else
-    echo "ℹ️  .env file already exists"
-fi
-
-# Set proper permissions
-chmod 755 data auth certs
-
-echo "🚀 Starting registry..."
-docker-compose up -d
+# Set initial password for recruas user
+echo "Setting password for 'recruas' user..."
+docker exec -it registry htpasswd -B /etc/docker/registry/auth/htpasswd recruas

+echo "Setup complete!"
+echo "Registry is running with authentication enabled."
+echo "Default user: recruas"
+echo "UI will be available on port 80 (exposed)"
+echo "Registry API available on port 5000 (exposed)"
 echo ""
-echo "✅ Registry is running!"
-echo "📊 Web UI: http://your-domain"
-echo "🔌 Registry API: http://your-domain:5000"
-echo ""
-echo "💡 To push an image:"
-echo "   docker tag myimage your-domain:5000/myimage"
-echo "   docker push your-domain:5000/myimage"
-echo ""
-echo "📝 Edit .env file to customize configuration"
+echo "To change password later:"
+echo "docker exec -it registry htpasswd -B /etc/docker/registry/auth/htpasswd recruas"