Craftmatrix.org/Registry
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: restructure registry with auth and agent guidelines

Browse Source 
- Add built-in authentication with Apache utils
- Add AGENTS.md for coding guidelines
- Enhance security with authentication enabled by default
- Remove unnecessary template files
- Simplify configuration and setup process
This commit is contained in:
renzaspiras
2025-11-05 04:11:21 -08:00
parent f4611b4d23
commit d8bfde5796
9 changed files with 106 additions and 187 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
.env.example
View File

@@ -1,30 +0,0 @@
# Lightweight Docker Registry Configuration
# Copy this file to .env and customize for your environment
# Registry Configuration
REGISTRY_STORAGE_PATH=/var/lib/registry
REGISTRY_DATA_PATH=./data
REGISTRY_LOG_LEVEL=info
REGISTRY_DELETE_ENABLED=true
# Note: Authentication and TLS are disabled by default
# To enable them, you'll need to mount custom config.yml
# See README.md for advanced configuration
# UI Configuration
REGISTRY_TITLE=Docker Registry
REGISTRY_URL=http://registry:5000
SINGLE_REGISTRY=true
DELETE_IMAGES=true
SHOW_CONTENT_DIGEST=true
SHOW_CATALOG_NB_TAGS=true
CATALOG_MIN_BRANCHES=1
CATALOG_MAX_BRANCHES=1
TAGLIST_PAGE_SIZE=100
CATALOG_ELEMENTS_LIMIT=1000
# Coolify-specific variables (override as needed)
# These can be set in Coolify's environment variables section
# DOMAIN=your-domain.com
# REGISTRY_DOMAIN=registry.your-domain.com
# UI_DOMAIN=ui.your-domain.com

22
.gitignore vendored
View File

@@ -1,22 +0,0 @@
# Ignore data directories
data/
auth/
certs/
# Ignore environment file with secrets
.env
# Ignore Docker files
.dockerignore
# Ignore logs
*.log
logs/
# Ignore temporary files
.tmp/
*.tmp
# Ignore OS files
.DS_Store
Thumbs.db

36
AGENTS.md Normal file
View File

@@ -0,0 +1,36 @@
# Agent Guidelines for Docker Registry Project
## Build & Run
```bash
# Build and start services
docker-compose up -d --build
# Rebuild single service
docker-compose up -d --build registry
```
## Code Style
- YAML files: 2 space indentation
- Shell scripts: Follow [Google Shell Style Guide](https://google.github.io/styleguide/shellguide.html)
- Docker best practices:
- Use multi-stage builds when possible
- Minimize layer size and number
- Pin base image versions
- Place volatile commands last
- One service per container
## Error Handling
- Shell scripts: Use set -e for strict error handling
- Log errors to stdout/stderr for Docker logging
- Follow the fail-fast principle
- Include error context in messages
## File Structure
```
.
├── config.yml # Registry configuration
├── docker-compose.yml # Service orchestration
├── Dockerfile # Registry image build
├── entrypoint.sh # Container initialization
└── setup.sh # Local environment setup
```

16
Dockerfile Normal file
View File

@@ -0,0 +1,16 @@
FROM registry:2
# Install Apache utilities for htpasswd management
RUN apt-get update && apt-get install -y \
apache2-utils \
&& rm -rf /var/lib/apt/lists/*
# Create auth directory
RUN mkdir -p /etc/docker/registry/auth
# Copy custom entrypoint script
COPY entrypoint.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/entrypoint.sh
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
CMD ["/etc/docker/registry/config.yml"]

107
README.md
View File

@@ -1,107 +0,0 @@
# Lightweight Docker Registry
A simple, lightweight Docker registry with web UI using docker-compose.
## Features
- Lightweight Docker Registry (official registry:2 image)
- Web UI for browsing and managing images
- Configurable via environment variables
- Optional authentication and TLS support
- Perfect for Coolify deployment
## Quick Start
1. Copy environment file:
```bash
cp .env.example .env
```
2. Start the registry:
```bash
docker-compose up -d
```
3. Access:
- Registry API: http://your-domain:5000
- Web UI: http://your-domain
## Coolify Deployment
In Coolify, set these environment variables as needed:
### Basic Configuration
- `REGISTRY_TITLE`: Registry title for UI
- `REGISTRY_URL`: Internal registry URL
### Storage
- `REGISTRY_DATA_PATH`: Data storage path
- `REGISTRY_DELETE_ENABLED`: Allow image deletion (true/false)
### Security (Optional)
For authentication and TLS, mount a custom `config.yml` file:
```yaml
version: 0.1
auth:
htpasswd:
realm: basic-realm
path: /auth/htpasswd
http:
tls:
certificate: /certs/server.crt
key: /certs/server.key
```
### UI Settings
- `DELETE_IMAGES`: Allow deletion via UI (true/false)
- `SHOW_CONTENT_DIGEST`: Show image digests (true/false)
- `TAGLIST_PAGE_SIZE`: Number of tags per page
## Usage
### Push an image
```bash
docker tag myimage your-domain:5000/myimage
docker push your-domain:5000/myimage
```
### Pull an image
```bash
docker pull your-domain:5000/myimage
```
### List images
```bash
curl http://your-domain:5000/v2/_catalog
```
## Advanced Configuration
For authentication, TLS, or other advanced features:
1. Create a custom `config.yml` file
2. Mount it to `/etc/docker/registry/config.yml`
3. Reference Docker Registry documentation for all options
Example with auth and TLS:
```yaml
version: 0.1
auth:
htpasswd:
realm: basic-realm
path: /auth/htpasswd
http:
tls:
certificate: /certs/server.crt
key: /certs/server.key
storage:
delete:
enabled: true
```
## Resource Usage
- **RAM**: ~100-200MB total
- **Storage**: Minimal base + image storage
- **CPU**: Very low usage
Perfect for resource-constrained environments!

22
config.yml Normal file
View File

@@ -0,0 +1,22 @@
version: 0.1
log:
fields:
service: registry
storage:
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
auth:
htpasswd:
realm: basic-realm
path: /etc/docker/registry/auth/htpasswd
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3

8
docker-compose.yml
View File

@@ -2,13 +2,15 @@ version: '3.8'
services: services:
registry: registry:
image: registry:2 build: .
container_name: registry container_name: registry
restart: unless-stopped restart: unless-stopped
expose: expose:
- "5000" - "5000"
volumes: volumes:
- registry-data:/var/lib/registry - registry-data:/var/lib/registry
- registry-auth:/etc/docker/registry/auth
- ./config.yml:/etc/docker/registry/config.yml
networks: networks:
- registry-network - registry-network
@@ -28,7 +30,7 @@ services:
- CATALOG_MIN_BRANCHES=${CATALOG_MIN_BRANCHES:-1} - CATALOG_MIN_BRANCHES=${CATALOG_MIN_BRANCHES:-1}
- CATALOG_MAX_BRANCHES=${CATALOG_MAX_BRANCHES:-1} - CATALOG_MAX_BRANCHES=${CATALOG_MAX_BRANCHES:-1}
- TAGLIST_PAGE_SIZE=${TAGLIST_PAGE_SIZE:-100} - TAGLIST_PAGE_SIZE=${TAGLIST_PAGE_SIZE:-100}
- REGISTRY_SECURED=${REGISTRY_SECURED:-false} - REGISTRY_SECURED=${REGISTRY_SECURED:-true}
- CATALOG_ELEMENTS_LIMIT=${CATALOG_ELEMENTS_LIMIT:-1000} - CATALOG_ELEMENTS_LIMIT=${CATALOG_ELEMENTS_LIMIT:-1000}
depends_on: depends_on:
- registry - registry
@@ -41,4 +43,6 @@ networks:
volumes: volumes:
registry-data: registry-data:
driver: local
registry-auth:
driver: local driver: local

11
entrypoint.sh Normal file
View File

@@ -0,0 +1,11 @@
#!/bin/sh
# Initialize auth file if it doesn't exist
if [ ! -f /etc/docker/registry/auth/htpasswd ]; then
echo "Initializing auth file with default user 'recruas'"
htpasswd -B -c /etc/docker/registry/auth/htpasswd recruas
echo "Auth file created. Default user: recruas"
fi
# Start the registry
exec /bin/registry /etc/docker/registry/config.yml "$@"

41
setup.sh
View File

@@ -1,33 +1,22 @@
#!/bin/bash #!/bin/bash
# Setup script for Lightweight Docker Registry echo "Setting up Docker Registry with authentication..."
echo "🐳 Setting up Lightweight Docker Registry..." # Build and start the registry
docker-compose up -d --build
# Create necessary directories echo "Waiting for registry to start..."
mkdir -p data auth certs sleep 5
# Copy environment file if it doesn't exist # Set initial password for recruas user
if [ ! -f .env ]; then echo "Setting password for 'recruas' user..."
cp .env.example .env docker exec -it registry htpasswd -B /etc/docker/registry/auth/htpasswd recruas
echo "✅ Created .env file from template"
else
echo " .env file already exists"
fi
# Set proper permissions
chmod 755 data auth certs
echo "🚀 Starting registry..."
docker-compose up -d
echo "Setup complete!"
echo "Registry is running with authentication enabled."
echo "Default user: recruas"
echo "UI will be available on port 80 (exposed)"
echo "Registry API available on port 5000 (exposed)"
echo "" echo ""
echo "✅ Registry is running!" echo "To change password later:"
echo "📊 Web UI: http://your-domain" echo "docker exec -it registry htpasswd -B /etc/docker/registry/auth/htpasswd recruas"
echo "🔌 Registry API: http://your-domain:5000"
echo ""
echo "💡 To push an image:"
echo " docker tag myimage your-domain:5000/myimage"
echo " docker push your-domain:5000/myimage"
echo ""
echo "📝 Edit .env file to customize configuration"