From d8bfde57965017441b18371f6a2ea3363ce7fb9a Mon Sep 17 00:00:00 2001 From: renzaspiras Date: Wed, 5 Nov 2025 04:11:21 -0800 Subject: [PATCH] refactor: restructure registry with auth and agent guidelines - Add built-in authentication with Apache utils - Add AGENTS.md for coding guidelines - Enhance security with authentication enabled by default - Remove unnecessary template files - Simplify configuration and setup process --- .env.example | 30 ------------- .gitignore | 22 ---------- AGENTS.md | 36 +++++++++++++++ Dockerfile | 16 +++++++ README.md | 107 --------------------------------------------- config.yml | 22 ++++++++++ docker-compose.yml | 8 +++- entrypoint.sh | 11 +++++ setup.sh | 41 +++++++---------- 9 files changed, 106 insertions(+), 187 deletions(-) delete mode 100644 .env.example delete mode 100644 .gitignore create mode 100644 AGENTS.md create mode 100644 Dockerfile delete mode 100644 README.md create mode 100644 config.yml create mode 100644 entrypoint.sh diff --git a/.env.example b/.env.example deleted file mode 100644 index 8982f5f..0000000 --- a/.env.example +++ /dev/null @@ -1,30 +0,0 @@ -# Lightweight Docker Registry Configuration -# Copy this file to .env and customize for your environment - -# Registry Configuration -REGISTRY_STORAGE_PATH=/var/lib/registry -REGISTRY_DATA_PATH=./data -REGISTRY_LOG_LEVEL=info -REGISTRY_DELETE_ENABLED=true - -# Note: Authentication and TLS are disabled by default -# To enable them, you'll need to mount custom config.yml -# See README.md for advanced configuration - -# UI Configuration -REGISTRY_TITLE=Docker Registry -REGISTRY_URL=http://registry:5000 -SINGLE_REGISTRY=true -DELETE_IMAGES=true -SHOW_CONTENT_DIGEST=true -SHOW_CATALOG_NB_TAGS=true -CATALOG_MIN_BRANCHES=1 -CATALOG_MAX_BRANCHES=1 -TAGLIST_PAGE_SIZE=100 -CATALOG_ELEMENTS_LIMIT=1000 - -# Coolify-specific variables (override as needed) -# These can be set in Coolify's environment variables section -# DOMAIN=your-domain.com -# REGISTRY_DOMAIN=registry.your-domain.com -# UI_DOMAIN=ui.your-domain.com \ No newline at end of file diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 54bbe76..0000000 --- a/.gitignore +++ /dev/null @@ -1,22 +0,0 @@ -# Ignore data directories -data/ -auth/ -certs/ - -# Ignore environment file with secrets -.env - -# Ignore Docker files -.dockerignore - -# Ignore logs -*.log -logs/ - -# Ignore temporary files -.tmp/ -*.tmp - -# Ignore OS files -.DS_Store -Thumbs.db \ No newline at end of file diff --git a/AGENTS.md b/AGENTS.md new file mode 100644 index 0000000..5ec87e4 --- /dev/null +++ b/AGENTS.md @@ -0,0 +1,36 @@ +# Agent Guidelines for Docker Registry Project + +## Build & Run +```bash +# Build and start services +docker-compose up -d --build + +# Rebuild single service +docker-compose up -d --build registry +``` + +## Code Style +- YAML files: 2 space indentation +- Shell scripts: Follow [Google Shell Style Guide](https://google.github.io/styleguide/shellguide.html) +- Docker best practices: + - Use multi-stage builds when possible + - Minimize layer size and number + - Pin base image versions + - Place volatile commands last + - One service per container + +## Error Handling +- Shell scripts: Use set -e for strict error handling +- Log errors to stdout/stderr for Docker logging +- Follow the fail-fast principle +- Include error context in messages + +## File Structure +``` +. +├── config.yml # Registry configuration +├── docker-compose.yml # Service orchestration +├── Dockerfile # Registry image build +├── entrypoint.sh # Container initialization +└── setup.sh # Local environment setup +``` \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..f993cbd --- /dev/null +++ b/Dockerfile @@ -0,0 +1,16 @@ +FROM registry:2 + +# Install Apache utilities for htpasswd management +RUN apt-get update && apt-get install -y \ + apache2-utils \ + && rm -rf /var/lib/apt/lists/* + +# Create auth directory +RUN mkdir -p /etc/docker/registry/auth + +# Copy custom entrypoint script +COPY entrypoint.sh /usr/local/bin/ +RUN chmod +x /usr/local/bin/entrypoint.sh + +ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] +CMD ["/etc/docker/registry/config.yml"] \ No newline at end of file diff --git a/README.md b/README.md deleted file mode 100644 index b44ea53..0000000 --- a/README.md +++ /dev/null @@ -1,107 +0,0 @@ -# Lightweight Docker Registry - -A simple, lightweight Docker registry with web UI using docker-compose. - -## Features -- Lightweight Docker Registry (official registry:2 image) -- Web UI for browsing and managing images -- Configurable via environment variables -- Optional authentication and TLS support -- Perfect for Coolify deployment - -## Quick Start - -1. Copy environment file: -```bash -cp .env.example .env -``` - -2. Start the registry: -```bash -docker-compose up -d -``` - -3. Access: -- Registry API: http://your-domain:5000 -- Web UI: http://your-domain - -## Coolify Deployment - -In Coolify, set these environment variables as needed: - -### Basic Configuration -- `REGISTRY_TITLE`: Registry title for UI -- `REGISTRY_URL`: Internal registry URL - -### Storage -- `REGISTRY_DATA_PATH`: Data storage path -- `REGISTRY_DELETE_ENABLED`: Allow image deletion (true/false) - -### Security (Optional) -For authentication and TLS, mount a custom `config.yml` file: -```yaml -version: 0.1 -auth: - htpasswd: - realm: basic-realm - path: /auth/htpasswd -http: - tls: - certificate: /certs/server.crt - key: /certs/server.key -``` - -### UI Settings -- `DELETE_IMAGES`: Allow deletion via UI (true/false) -- `SHOW_CONTENT_DIGEST`: Show image digests (true/false) -- `TAGLIST_PAGE_SIZE`: Number of tags per page - -## Usage - -### Push an image -```bash -docker tag myimage your-domain:5000/myimage -docker push your-domain:5000/myimage -``` - -### Pull an image -```bash -docker pull your-domain:5000/myimage -``` - -### List images -```bash -curl http://your-domain:5000/v2/_catalog -``` - -## Advanced Configuration - -For authentication, TLS, or other advanced features: - -1. Create a custom `config.yml` file -2. Mount it to `/etc/docker/registry/config.yml` -3. Reference Docker Registry documentation for all options - -Example with auth and TLS: -```yaml -version: 0.1 -auth: - htpasswd: - realm: basic-realm - path: /auth/htpasswd -http: - tls: - certificate: /certs/server.crt - key: /certs/server.key -storage: - delete: - enabled: true -``` - -## Resource Usage - -- **RAM**: ~100-200MB total -- **Storage**: Minimal base + image storage -- **CPU**: Very low usage - -Perfect for resource-constrained environments! \ No newline at end of file diff --git a/config.yml b/config.yml new file mode 100644 index 0000000..3003e55 --- /dev/null +++ b/config.yml @@ -0,0 +1,22 @@ +version: 0.1 +log: + fields: + service: registry +storage: + cache: + blobdescriptor: inmemory + filesystem: + rootdirectory: /var/lib/registry +http: + addr: :5000 + headers: + X-Content-Type-Options: [nosniff] +auth: + htpasswd: + realm: basic-realm + path: /etc/docker/registry/auth/htpasswd +health: + storagedriver: + enabled: true + interval: 10s + threshold: 3 \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index dab2ab2..fc7ec97 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,13 +2,15 @@ version: '3.8' services: registry: - image: registry:2 + build: . container_name: registry restart: unless-stopped expose: - "5000" volumes: - registry-data:/var/lib/registry + - registry-auth:/etc/docker/registry/auth + - ./config.yml:/etc/docker/registry/config.yml networks: - registry-network @@ -28,7 +30,7 @@ services: - CATALOG_MIN_BRANCHES=${CATALOG_MIN_BRANCHES:-1} - CATALOG_MAX_BRANCHES=${CATALOG_MAX_BRANCHES:-1} - TAGLIST_PAGE_SIZE=${TAGLIST_PAGE_SIZE:-100} - - REGISTRY_SECURED=${REGISTRY_SECURED:-false} + - REGISTRY_SECURED=${REGISTRY_SECURED:-true} - CATALOG_ELEMENTS_LIMIT=${CATALOG_ELEMENTS_LIMIT:-1000} depends_on: - registry @@ -41,4 +43,6 @@ networks: volumes: registry-data: + driver: local + registry-auth: driver: local \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..6ef373a --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +# Initialize auth file if it doesn't exist +if [ ! -f /etc/docker/registry/auth/htpasswd ]; then + echo "Initializing auth file with default user 'recruas'" + htpasswd -B -c /etc/docker/registry/auth/htpasswd recruas + echo "Auth file created. Default user: recruas" +fi + +# Start the registry +exec /bin/registry /etc/docker/registry/config.yml "$@" \ No newline at end of file diff --git a/setup.sh b/setup.sh index 2eddcf4..ead02d0 100755 --- a/setup.sh +++ b/setup.sh @@ -1,33 +1,22 @@ #!/bin/bash -# Setup script for Lightweight Docker Registry +echo "Setting up Docker Registry with authentication..." -echo "🐳 Setting up Lightweight Docker Registry..." +# Build and start the registry +docker-compose up -d --build -# Create necessary directories -mkdir -p data auth certs +echo "Waiting for registry to start..." +sleep 5 -# Copy environment file if it doesn't exist -if [ ! -f .env ]; then - cp .env.example .env - echo "✅ Created .env file from template" -else - echo "ℹ️ .env file already exists" -fi - -# Set proper permissions -chmod 755 data auth certs - -echo "🚀 Starting registry..." -docker-compose up -d +# Set initial password for recruas user +echo "Setting password for 'recruas' user..." +docker exec -it registry htpasswd -B /etc/docker/registry/auth/htpasswd recruas +echo "Setup complete!" +echo "Registry is running with authentication enabled." +echo "Default user: recruas" +echo "UI will be available on port 80 (exposed)" +echo "Registry API available on port 5000 (exposed)" echo "" -echo "✅ Registry is running!" -echo "📊 Web UI: http://your-domain" -echo "🔌 Registry API: http://your-domain:5000" -echo "" -echo "💡 To push an image:" -echo " docker tag myimage your-domain:5000/myimage" -echo " docker push your-domain:5000/myimage" -echo "" -echo "📝 Edit .env file to customize configuration" \ No newline at end of file +echo "To change password later:" +echo "docker exec -it registry htpasswd -B /etc/docker/registry/auth/htpasswd recruas" \ No newline at end of file