joxit / docker-registry-ui Goto Github PK
View Code? Open in Web Editor NEWThe simplest and most complete UI for your private registry
Home Page: https://joxit.dev/docker-registry-ui/
License: GNU Affero General Public License v3.0
The simplest and most complete UI for your private registry
Home Page: https://joxit.dev/docker-registry-ui/
License: GNU Affero General Public License v3.0
Hello,
I already run a registry behind nginx. Registry listen on http://registry.example:5000 and don't require authentication. Authentication and HTTPS is handled by nginx. My registry is available as https://example.org, Nginx authenticate and serve https://example.org/v2/ via proxy_pass from http://registry.example:5000
Running a container "joxit/docker-registry-ui:static" runs an other nginx at the end of the day.
So I tried to
and let nginx serve /ui as alias to dist/
On access I receive a "Mixed Content error" ( https://github.com/Joxit/docker-registry-ui/blob/master/src/scripts/http.js#L93 )
Can I aviod / circumvent this?
Andreas
I can just see the first page of the catalog, it can be quite misleading.
href for the next page seems to come as the Link
header
Delete button does not work in Chrome, showing message about enabling "Docker-Content-Digest" headers. This header exist in the response, but it is in lowercase. Putting breakpoint to warning message:
this.getAllResponseHeaders()
"docker-content-digest: sha256:9d080a16c6eee3bffa0552c2775c0a2d9b489d5e1e882c135e1898f5a9a33213
content-type: application/vnd.docker.distribution.manifest.v2+json
"
this.getAllResponseHeaders().includes("Docker-Content-Digest")
false
this.getAllResponseHeaders().includes("docker-content-digest")
true
Making the same request via curl I'm getting CamelCase headers.
Try to update message error when the registry url is on http and the UI on https (mixed content error)
It would be very helpful if the creation date would be displayed in the tag list.
Maybe even a "last updated" in the repository list.
Hi,
I have setup the registry-ui and registry itself using the below docker-compose.yml file:
version: '2'
services:
registry-srv:
image: registry:latest
restart: always
#ports:
# - 5000:5000
volumes:
- storage:/var/lib/registry
- ./registry/config.yml:/etc/docker/registry/config.yml:ro
networks:
- registry-ui-net
container_name: registry-srv
registry-ui:
image: joxit/docker-registry-ui:static
restart: always
ports:
- 8080:80
environment:
- REGISTRY_TITLE=Private Docker Registry
- REGISTRY_URL=http://registry-srv:5000
- DELETE_IMAGES=true
depends_on:
- registry-srv
networks:
- registry-ui-net
container_name: registry-ui
networks:
registry-ui-net:
volumes:
storage:
driver: local
my registry config.yml is as below:
version: 0.1
log:
fields:
service: registry
storage:
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
delete:
enabled: true
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
Access-Control-Allow-Origin: ['*']
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
Access-Control-Expose-Headers: ['Docker-Content-Digest']
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
The registry-ui is configured as a reverse proxy for the registry container. I can see that it is working correctly:
curl http://localhost:8080/v2/_catalog
{"repositories":[]}
The registry-ui also has been added as in insecure registry in the docker config.
cat /etc/docker/daemon.json
{
"insecure-registries" : ["127.0.0.1:8080"]
}
But even after doing this I am unable to push images to this local registry. I get retrying message when pushing images:
docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
joxit/docker-registry-ui static e247d643a5da 11 days ago 21.3MB
127.0.0.1:8080/registry latest f32a97de94e1 3 months ago 25.8MB
registry latest f32a97de94e1 3 months ago 25.8MB
docker push 127.0.0.1:8080/registry
The push refers to repository [127.0.0.1:8080/registry]
73d61bf022fd: Pushing [==================================================>] 155B/155B
5bbc5831d696: Pushing [==================================================>] 3.584kB
d5974ddb5a45: Retrying in 1 second
f641ef7a37ad: Retrying in 1 second
d9ff549177a9: Retrying in 1 second
dial tcp 127.0.0.1:80: connect: connection refused
Could you please help out and let me know what I am doing wrong here?
docker run -d -p 8000:80 -e URL=https://somedomain.com:5000 -e DELETE_IMAGES=true joxit/docker-registry-ui:static
results in:
<!DOCTYPE html> <html> <head> <title>Error</title> <style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>An error occurred.</h1> <p>Sorry, the page you are looking for is currently unavailable.<br/> Please try again later.</p> <p>If you are the system administrator of this resource then you should check the error log for details.</p> <p><em>Faithfully yours, nginx.</em></p> </body> </html>
Log:
[error] 13#13: *10 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 44.33.22.11, server: localhost, request: "GET /v2/_catalog?n=100000 HTTP/1.1", upstream: "https://11.22.33.44:5000/v2/_catalog?n=100000"
How to enable a prompt before delete a tag?
I would love to have a button to delete certain image (tags)
Hi,
I would like to have a raspberryPi (arm32v6 and/or arm32v7) compatible image.
Is it possible?
Thanks
I try to use docker-registry-ui on my localhost.
I use the following docker-compose file(for docker-registry-ui)
`version: '3'
services:
registry-ui:
image: joxit/docker-registry-ui
ports:
- "80:80"
networks:
- registry-network
networks:
registry-network:
external:
name: registry-ui-net`
and the following for docker-registry:
`version: '3'
services:
registry:
restart: always
image: registry:2
ports:
- "5000:5000"
environment:
#REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt
#REGISTRY_HTTP_TLS_KEY: /certs/domain.key
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
volumes:
#- /path/data:/var/lib/registry
#- /path/certs:/certs
- ./auth:/auth
- ./config.yml:/etc/docker/registry/config.yml
networks:
- registry-network
networks:
registry-network:
external:
name: registry-ui-net`
The problem is that I can't connect by ui container to my registry. It returns 404 http error code.
But If I will come to the address: http://127.0.0.1:5000/v2/_catalog (which is address of my registry), it returs json array with my repository, which I pushed earlier.
So why docker container ui cant connect itself to my registry?
The are both in the same network, too.
Thank you for the image!
I think adding support for HTTPS will improve security of using this image in production.
We uses "lets-nginx" image in docker-compose with "registry" to provide worldwide approved SSL certificates. I think ability to use TLS certificate for this image is a good idea.
I deployed joxit/docker-registry-ui:arm64v8 via k8s, all went well, but after I add a registry I get the following warning as a popup on the bottom:
An error occured: Check your connection and your registry must have
Access-Control-Allow-Origin
header set tohttp://192.168.126.3
The frontend is opening http://192.168.126.2:5000/v2/_catalog?n=100000 but this request is blocked.
When opening the url in a new tab I get a response:
{ "repositories": [ "helloworld" ] }
So registry and registry ui are working, I just don't know how to get it working without DNS entries?
Any suggestions?
Hi,
I'm unable to connect to my registry using either the static option with URL
, with REGISTRY_URL
or the dynamic one.
I'm always getting a "toast" with the response from the server:
{
"errors": [
{
"code": "UNAUTHORIZED",
"message": "authentication required",
"detail": null
}
]
}
Things to note:
docker login stable.registry.example.com
without any issue.https://joxit.github.com
(which I did).Here's my docker-compose.yml
version: '3.5'
services:
ui:
image: joxit/docker-registry-ui:static
environment:
#- URL=https://stable.registry.example.com
- REGISTRY_URL=http://registry:5000
networks:
- traefik-net
deploy:
placement:
constraints:
- node.role == worker
- node.platform.os == linux
update_config:
order: start-first
labels:
- "traefik.port=80"
- "traefik.docker.network=traefik-net"
- "traefik.enable=true"
- "traefik.frontend.rule=Host:ui.registry.example.com"
- "traefik.backend.loadbalancer.stickiness=true"
- "traefik.backend.loadbalancer.method=drr"
registry:
image: registry:2
networks:
- traefik-net
volumes:
- /mnt/registry:/var/lib/registry
env_file: env.env # The env file only contains the HTTP secret key
deploy:
placement:
constraints:
- node.role == worker
- node.platform.os == linux
- node.labels.registry == true
update_config:
order: start-first
labels:
- "traefik.port=5000"
- "traefik.docker.network=traefik-net"
- "traefik.enable=true"
- "traefik.frontend.rule=Host:edge.registry.example.com,stable.registry.example.com"
- "traefik.backend.loadbalancer.stickiness=true"
- "traefik.backend.loadbalancer.method=drr"
configs:
- source: docker_auth.pem
target: /docker_auth.pem
- source: registry_config.yml
target: /etc/docker/registry/config.yml
networks:
traefik-net:
external: true
configs:
docker_auth.pem:
file: ./docker_auth.pem
registry_config.yml:
file: ./registry_config.yml
name: registry_config_v${REGISTRY_CONFIG_VERSION}.yml
and my registry_config.yml
version: 0.1
log:
fields:
service: registry
storage:
delete:
enabled: true
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
Access-Control-Allow-Origin: ['https://ui.registry.example.com']
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
Access-Control-Allow-Headers: ['Authorization']
Access-Control-Max-Age: [1728000]
Access-Control-Allow-Credentials: [true]
Access-Control-Expose-Headers: ['Docker-Content-Digest']
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
auth:
token:
rootcertbundle: /docker_auth.pem
realm: "https://stable.docker-auth.example.com/auth"
service: "Docker registry"
issuer: "example docker auth server"
Hi there!
First of all: Thank you very much for providing such a nice simple docker-registry-ui. We ware really happy to have your application up and running in our team for our private company registry.
I am currently working on a feature displaying the image tag's history (that the content you are getting at the REST endpoint
The progress I did so far is quite nice, but I stuck at using your application's router...
I created the following elements for navigating to a new page:
go
functionregistryUI.taghistory.go = function (image, tag) {
route('taglist/joxit/docker-registry-ui');
};
<main>
section<tag-history if="{route.routeName == 'taghistory'}"></tag-history>
route('/taghistory/image/*/tag/*', function (image, tag) {
console.log("Welcome to the tag history");
console.log("Image='" + image + "' with tag='" + tag + "'");
route.routeName = 'taghistory';
registryUI.taghistory.image = image;
registryUI.taghistory.tag = tag;
if (registryUI.taghistory.display){
console.log("Displaying Tag History");
registryUI.taghistory.loadend = false;
registryUI.taghistory.display();
}
registryUI.appTag.update();
});
I commited and pushed my code right here and I'd be totally thankful if you give me a hint why the navigation does not work. From my point of view there is no obvious difference between my implementation and the change from catalog-view to taglist-view.
Thank you in advance! And thanks again for your great work! 👍
Cheers from Germany,
Lennart
A bug was found, when I browse with the browser cache, the tag history does not load because it receives a response with a docker schema v2 and it needs a v1 schema.
/v2/image/manifests/tag?history
but I didn't like itHi,
it would be great to have the possibility to select all images in the current view in order to speed-up the deletion of many tags.
I am using this to connect to a plain vanilla private registry running on localhost:5000
and, while I'm sure the registry works just fine (a GET localhost:5000/v2/_catalog
returns all correct values (there is no authentication, no https) and another UI works just fine, this just fails with a:
An Error occurred
and no information about what could possibly have gone wrong.
I start the UI with:
$ docker run -d -p 80:80 -e URL=http://127.0.0.1:5000 -e DELETE_IMAGES=true joxit/docker-registry-ui:static
81445a6f88c7dcdcd82e034143179707b63544f398653fbc911a69a7f33a0f00
This is a simple example to verify the registry API is reachable:
$ curl -fs http://localhost:5000/v2/_catalog | python -m json.tool
{
"repositories": [
"8caa8/entry",
"server/base"
]
}
Hello,
What is the command for the garbage-collect?
Does it execute on the host?
Thank you!
I'm using the latest image with k8s, the following env is set for the container:
Environment variables:
DELETE_IMAGES: true
REGISTRY_URL: http://registry:5000
REGISTRY_TITLE: My Title
Still the JS Client tries to XHR to the UI host which of course fails.
[error] 6#6: *3 open() "/usr/share/nginx/html/v2/_catalog" failed (2: No such file or directory), client: 10.244.2.40, server: localhost, request: "GET /v2/_catalog?n=100000 HTTP/1.1"
Looking at the env inside the container everything seems fine, among others, those two are set:
REGISTRY_SERVICE_HOST='10.97.115.29'
REGISTRY_SERVICE_PORT='5000'
Hello,
Thank you for your tool!
README contains following:
If your docker registry does not need credentials, you will need to send this HEADER:
Access-Control-Allow-Origin: '*'
But that leads to line 16: cannot unmarshal !!str
* into []string
, because this parameter is expected to be an array. Later you have valid example of Access-Control-Allow-Origin: ['http://127.0.0.1:8001']
So it must be
Access-Control-Allow-Origin: ['*']
At least that worked for me.
Remove material-lite-design dependencies and use riot-mui instead
Generate url:
http://ui-docker.kube.local/#!/taglist/kube/docker, with referrer to
https://docker.local/v2/kube/docker/tags/list
but it's wrong,
needed be:
https://docker.local/v2/kube/docker/bower/tags/list
from: docker pull 192.168.1.29:4080/drone-test:latest
to: docker pull test.io/drone-test:latest
Is there an option for this?
thanks~
When you have a lot of images like
xxx/image1
xxx/image2
yyy/image1
yyy/image2
it would be great to print it like
xxx/
image1
image2
yyy/
image1
image2
Hi,
Following your remarks when I've submitted my PR, you asked me about improvements.
One feature I really appreciate in other registry frontend, is the generated link "docker pull registry/image:tag" which avoid me to type the long command myself.
But it will be very more helpful if you can add the @sha256.
For keeping the UI as light as now, you can just add a "copy to clipboard" icon.
What do you think?
Hi!
I just deployed the Docker Registry and Joxit, but when I browse to it I just get a blank page. The UI container starts and I can see the source code of the website:
<!--
Copyright (C) 2016-2019 Jones Magloire @Joxit
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
--><!DOCTYPE html><html><head><meta charset="UTF-8"><link rel="stylesheet" href="vendor.css"><link rel="stylesheet" href="style.css"><link href="https://fonts.googleapis.com/css?family=Roboto:regular,bold,italic,thin,light,bolditalic,black,medium&lang=en" rel="stylesheet" type="text/css"><meta name="viewport" content="width=device-width,initial-scale=1"><meta property="og:site_name" content="Docker Registry UI"><meta name="twitter:card" content="summary"><meta name="twitter:site" content="@Joxit"><meta name="twitter:creator" content="@Jones Magloire"><title>Docker Registry UI</title></head><body><app></app><script src="scripts/vendor.js"></script><script src="scripts/docker-registry-ui.js"></script></body></html>
But can't see anything else.
My Apache config:
<VirtualHost *:443>
# Servername / domain
ServerName registry.domain.com
# Enable SSL and SSLProxy
SSLEngine On
SSLProxyEngine On
# Set the path to SSL certificate
SSLCertificateFile /etc/letsencrypt/live/registry.domain.com/domain.crt
SSLCertificateKeyFile /etc/letsencrypt/live/registry.domain.com/domain.key
# Higher Strength SSL Ciphers
SSLProtocol all -SSLv2 -SSLv3 -TLSv1
SSLCipherSuite RC4-SHA:HIGH
SSLHonorCipherOrder on
# Headers
Header always set "Docker-Distribution-Api-Version" "registry/2.0"
Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0"
RequestHeader set X-Forwarded-Proto "https"
# Proying
ProxyRequests off
ProxyPreserveHost on
ProxyPass /error/ !
# Proxy /v2 to the Registry container
ProxyPass /v2 https://localhost:5000/v2
ProxyPassReverse /v2 https://localhost:5000/v2
ProxyPass /ui http://localhost:5001
ProxyPassReverse /ui http://localhost:5001
# Logs
ErrorLog ${APACHE_LOG_DIR}/registry-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/registry-access.log combined
</VirtualHost>
How I start the Registry:
docker run -d -p 5000:443 --restart=always --name registry \
-v /etc/letsencrypt/live/registry.domain.com:/certs \
-v /mnt/docker-registry:/var/lib/registry \
-v /mnt/docker-registry/config.yml:/etc/docker/registry/config.yml \
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
-e REGISTRY_AUTH=htpasswd \
-e REGISTRY_AUTH_HTPASSWD_REALM="Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/var/lib/registry/passfile \
registry:latest
Registry config:
version: 0.1
log:
fields:
service: registry
storage:
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
delete:
enabled: true
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
Access-Control-Allow-Origin: ['http://127.0.0.1:8001']
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
Access-Control-Allow-Headers: ['Authorization']
Access-Control-Max-Age: [1728000]
Access-Control-Allow-Credentials: [true]
Access-Control-Expose-Headers: ['Docker-Content-Digest']
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
And how I start the UI:
docker run -d -p 5001:80 --name ui \
-e REGISTRY_TITLE="Docker Registry" \
-e DELETE_IMAGES=true \
-e REGISTRY_URL=https://localhost:5000 \
joxit/docker-registry-ui:static
What am I missing?
THANKS!
Hi
I am having some issues with image: joxit/docker-registry-ui:arm64v8-static
kubectl -n internal-system log registry-58b6ddf478-l9szk registry-ui
/bin/sh: relocation error: /bin/sh: symbol geteuid, version GLIBC_2.17 not defined in file libc.so.6 with link time reference
Is there any support for docker registry authentication ?
hi, firstly thanks for creating this cool UI for docker private registries, i've been spending a bit of time this weekend trying to get it working and so far I've got it mostly working and can see/list my registry images.
the issue i'm having here is the error message that keeps popping up when i'm browsing through my images:
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"registry","Class":"","Name":"catalog","Action":"*"}]}]}
now, I know this means my authentication is off somewhere, but I'm able to see & browse my repo images with no problem.
so I check my registry (running in a container) and see
time="2017-06-11T11:52:31Z" level=warning msg="error authorizing context: basic authentication challenge for realm \"Registry Realm\": invalid authorization credential" go.version=go1.7.3 http.request.host="dockeregistry.localhost:5000" http.request.id=61ec0a47-1a25-43ac-808e-2097731c660c http.request.method=GET http.request.referer="http://dockeregistry.localhost/" http.request.remoteaddr="172.16.45.11:55752" http.request.uri="/v2/_catalog" http.request.useragent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" instance.id=a86c3a58-c692-46ae-a6cd-7ed4659eee28 version=v2.6.1 172.16.45.11 - - [11/Jun/2017:11:52:31 +0000] "GET /v2/_catalog HTTP/2.0" 401 145 "http://dockeregistry.localhost/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" time="2017-06-11T11:52:31Z" level=info msg="response completed" go.version=go1.7.3 http.request.host="dockeregistry.localhost:5000" http.request.id=2c66c4f6-722e-4f1b-b108-2e12ec2373c6 http.request.method=GET http.request.referer="http://dockeregistry.localhost/" http.request.remoteaddr="172.16.45.11:55758" http.request.uri="/v2/_catalog" http.request.useragent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" http.response.contenttype="application/json; charset=utf-8" http.response.duration=8.118256ms http.response.status=200 http.response.written=101 instance.id=a86c3a58-c692-46ae-a6cd-7ed4659eee28 version=v2.6.1 172.16.45.11 - - [11/Jun/2017:11:52:31 +0000] "GET /v2/_catalog HTTP/2.0" 200 101 "http://dockeregistry.localhost/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"
I can see one GET request which gets a 401, and then a following GET request which gets a 200 OK.. So I check my browser console and see the request which gets the 401 is missing the "authorization: Basic xxxxx" request header.
That's as far as I got troubleshooting wise - so, just wondering if you could have a look and possibly advise me where I might be going wrong?
some info that might put things in the right contexts:
any help appreciated, thanks.
I'm missing a button to delete the entire library/redis
image for instance.
Hey Joxit,
Thanks for quick and slick UI that just plain works!
Can you tell me how to get an insecure configuration working. I just cant seem to figure out how to push or pull from a docker client. I get https errors.. I know its probably because no TLS certs are loaded on either side. I would like s simple insecure registry is all.
Could you help with a quick config?
Thanks!!
Add a support for secured registries
I got:
/bin/entrypoint: 6: /bin/entrypoint: [[: not found
/bin/entrypoint: 10: /bin/entrypoint: [[: not found
/bin/entrypoint: 15: /bin/entrypoint: [[: not found
with the 1.0 image (arm32v7-static and arm64v8-static)
Please replace #!/bin/sh by #:/bin/bash in the entrypoint to fix it (https://stackoverflow.com/questions/3401183/bash-syntax-error-not-found).
# docker 私库
# 暂不支持设置时区
registry:
container_name: registry
image: registry:2.6.2
restart: always
hostname: registry
# ports:
# - 5000
volumes:
- ../dev-ops-repo/registry:/var/lib/registry
environment:
# - TZ=${TIME_ZONE}
- REGISTRY_STORAGE_DELETE_ENABLED=true
labels:
- "traefik.enable=false"
registry-ui:
container_name: registry-ui
image: joxit/docker-registry-ui:0.6-static
restart: always
hostname: registry-ui
# ports:
# - 80
environment:
- TZ=${TIME_ZONE}
- REGISTRY_TITLE=registry.${SERVER_DOMAIN:-localhost}
- REGISTRY_URL=http://registry:5000
- DELETE_IMAGES=true
depends_on:
- registry
labels:
- "traefik.enable=true"
- "traefik.backend=registry"
- "traefik.port=80"
- "traefik.frontend.redirect.entryPoint=https"
- "traefik.frontend.rule=Host:registry.${SERVER_DOMAIN:-localhost}"
- "traefik.frontend.auth.basic=${REGISTRY_AUTH_BASIC}"
it doesn't work.
Deleting drone/agent:latest.Run 'registry garbage-collect config.yml' on your registry
/ # registry garbage-collect /etc/docker/registry/config.yml
drone/agent
0 blobs marked, 4 blobs eligible for deletion
blob eligible for deletion: sha256:03b8136cc18224af5130c57deeda55ebdd1eeee526cb7687c717a01a28b84bbc
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/03/03b8136cc18224af5130c57deeda55ebdd1eeee526cb7687c717a01a28b84bbc go.version=go1.7.6 instance.id=877d732d-12ca-49ae-a100-f85f938b92ef
blob eligible for deletion: sha256:3f9dacdd38ec35912f9cdd4e8d26657c787cd15840d45cb81efb415163df0dcb
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/3f/3f9dacdd38ec35912f9cdd4e8d26657c787cd15840d45cb81efb415163df0dcb go.version=go1.7.6 instance.id=877d732d-12ca-49ae-a100-f85f938b92ef
blob eligible for deletion: sha256:8134ff21f146fe331df44fe610daab5a8873997f78420c84a84af70a90b6a438
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/81/8134ff21f146fe331df44fe610daab5a8873997f78420c84a84af70a90b6a438 go.version=go1.7.6 instance.id=877d732d-12ca-49ae-a100-f85f938b92ef
blob eligible for deletion: sha256:8fd8aa6e549885b2d86b9cf3f5ac4baee218b06b4e2f44cd721d3a7fe1823b8e
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/8f/8fd8aa6e549885b2d86b9cf3f5ac4baee218b06b4e2f44cd721d3a7fe1823b8e go.version=go1.7.6 instance.id=877d732d-12ca-49ae-a100-f85f938b92ef
/ # ls
bin entrypoint.sh home linuxrc mnt root sbin sys usr
dev etc lib media proc run srv tmp var
/ # cd var/lib/registry/docker/registry/v2/repositories/drone/agent/_
_layers/ _manifests/ _uploads/
/ # cd var/lib/registry/docker/registry/v2/repositories/drone/agent/_layers/sha256/
/var/lib/registry/docker/registry/v2/repositories/drone/agent/_layers/sha256 # ls
03b8136cc18224af5130c57deeda55ebdd1eeee526cb7687c717a01a28b84bbc 8fd8aa6e549885b2d86b9cf3f5ac4baee218b06b4e2f44cd721d3a7fe1823b8e
8134ff21f146fe331df44fe610daab5a8873997f78420c84a84af70a90b6a438
/var/lib/registry/docker/registry/v2/repositories/drone/agent/_layers/sha256 #
Hi,
I quickly searched for similar issue, but did not find anything.
I just thought, that it would be a lot clearer to indent aggregated entries, so that after expanding it would look somewhat like this:
aggregated/
aggregated/image1
aggregated/image2
.....
Instead of
aggregated/
aggregated/image1
aggregated/image2
.....
Hello!
I decided to start a new issue because I don't have any idea what else I can try to make this work.
I deployed secure docker registry (with certs and auth) and this registry is fully functional (I can push and pull images from other nodes after docker login). Registry is behind nginx-proxy but this doesn't change anything - my issue is also reproducible without nginx-proxy by directly calling registry via 5000 port.
Here is my registry config file:
version: 0.1 [2/1010]
log:
fields:
service: registry
storage:
delete:
enabled: true
cache:
blobdescriptor: inmemory
s3:
accesskey: MINIO_USER
secretkey: MINIO_SECRET
region: us-east-1
regionendpoint: MINIO_ADDRESS
bucket: registry
encrypt: false
secure: false
v4auth: true
chunksize: 5242880
rootdirectory: /
http:
addr: :443
headers:
X-Content-Type-Options: [nosniff]
Access-Control-Allow-Origin: ['http://registry.zylowski.net:8000']
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
Access-Control-Allow-Headers: ['Authorization']
Access-Control-Max-Age: [1728000]
Access-Control-Allow-Credentials: [true]
Access-Control-Expose-Headers: ['Docker-Content-Digest']
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
auth:
htpasswd:
realm: basic-realm
path: /auth/htpasswd
This how to I start my docker registry (docker run equivalent):
docker run \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
--net=zylowski.net --ip=172.18.0.102 \
--name=docker-registry \
-v /opt/registry/config.yml:/etc/docker/registry/config.yml \
-v /opt/registry/certs:/certs \
-v /opt/registry/auth:/auth \
registry:2
And the UI starts via:
docker run -d -p 8000:80 -e URL=https://registry.zylowski.net:443 -e DELETE_IMAGES=true joxit/docker-registry-ui:latest
Also after logging list of repositories are available:
But clicking on
causes infinity loading for images,
click on
causes
I believe Access-Control fields from config are set properly, especially when list of repositories and auth works well.
Here is the log from registry container, after click in thrash bin icon:
kwi 06 13:53:15 k8s-storage docker[24033]: time="2019-04-06T13:53:15.822591136Z" level=warning msg="error authorizing context: basic authentication challenge for realm "Registry Realm": invalid authorization credential" go.version=go1.11.2 http.request.host=registry.zylowski.net http.request.id=93cc1313-db3e-4bcb-a24c-ac2cadec2ae0 http.request.method=HEAD http.request.referer="http://registry.zylowski.net:8000/" http.request.remoteaddr=194.99.105.228 http.request.uri="/v2/ubuntu/manifests/14.04" http.request.useragent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" vars.name=ubuntu vars.reference=14.04
kwi 06 13:53:15 k8s-storage docker[24033]: 172.18.0.100 - - [06/Apr/2019:13:53:15 +0000] "HEAD /v2/ubuntu/manifests/14.04 HTTP/1.0" 401 149 "http://registry.zylowski.net:8000/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
kwi 06 13:53:16 k8s-storage docker[24033]: time="2019-04-06T13:53:16.092275204Z" level=info msg="authorized request" go.version=go1.11.2 http.request.host=registry.zylowski.net http.request.id=60589348-0eb0-4d2e-b7b0-54e8bb1a1853 http.request.method=HEAD http.request.referer="http://registry.zylowski.net:8000/" http.request.remoteaddr=194.99.105.228 http.request.uri="/v2/ubuntu/manifests/14.04" http.request.useragent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" vars.name=ubuntu vars.reference=14.04
kwi 06 13:53:16 k8s-storage docker[24033]: time="2019-04-06T13:53:16.096250901Z" level=info msg="response completed" go.version=go1.11.2 http.request.host=registry.zylowski.net http.request.id=60589348-0eb0-4d2e-b7b0-54e8bb1a1853 http.request.method=HEAD http.request.referer="http://registry.zylowski.net:8000/" http.request.remoteaddr=194.99.105.228 http.request.uri="/v2/ubuntu/manifests/14.04" http.request.useragent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" http.response.duration=9.982045ms http.response.status=304 http.response.written=0
kwi 06 13:53:16 k8s-storage docker[24033]: 172.18.0.100 - - [06/Apr/2019:13:53:16 +0000] "HEAD /v2/ubuntu/manifests/14.04 HTTP/1.0" 304 0 "http://registry.zylowski.net:8000/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
kwi 06 13:53:16 k8s-storage docker[24033]: time="2019-04-06T13:53:16.164573765Z" level=warning msg="error authorizing context: basic authentication challenge for realm "Registry Realm": invalid authorization credential" go.version=go1.11.2 http.request.host=registry.zylowski.net http.request.id=5190575e-a1e2-4a83-ad4e-4febcc171f99 http.request.method=OPTIONS http.request.referer="http://registry.zylowski.net:8000/" http.request.remoteaddr=194.99.105.228 http.request.uri="/v2/ubuntu/manifests/sha256:187b4f1d2adc16cc50149ff2aff054feb673e23566dad0132f5973a4c7fef1f0" http.request.useragent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" vars.name=ubuntu vars.reference="sha256:187b4f1d2adc16cc50149ff2aff054feb673e23566dad0132f5973a4c7fef1f0"
kwi 06 13:53:16 k8s-storage docker[24033]: 172.18.0.100 - - [06/Apr/2019:13:53:16 +0000] "OPTIONS /v2/ubuntu/manifests/sha256:187b4f1d2adc16cc50149ff2aff054feb673e23566dad0132f5973a4c7fef1f0 HTTP/1.0" 401 87 "http://registry.zylowski.net:8000/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
Hi! first of all, thanks for open sourcing this great project.
I have a problem connecting it with My registry that is behind caddy https reverse proxy which handles multi domain. The error happens when tls handshake is being made
http: TLS handshake error from 172.19.0.2:56438: no certificate available for ''
.
It seems that no SNI extension are sent to the registry. I figure out that adding
proxy_ssl_server_name on
in the nginx config will fix this issue
Hey,
I'm using the examples/ui-as-proxy/simple.yml
example. Here is my config:
version: '3'
services:
registry:
image: registry:2.7.1
restart: always
ports:
- "6666:5000"
environment:
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
volumes:
- /datasets/docker-registry/data:/data
networks:
- registry-ui-net
ui:
image: joxit/docker-registry-ui:static
restart: always
ports:
- 8080:80
environment:
- REGISTRY_TITLE=Example Local Docker Registry
- REGSITRY_URL=http://registry:6666
depends_on:
- registry
networks:
- registry-ui-net
networks:
registry-ui-net:
Looking at the HTTP headers it seems to think that the registry is running on http://192.168.1.84:8080/v2/_catalog?n=100000
? Which is the UI?
I cannot enter URL with a port in either the static or dynamic container. It returns a 404 not found of the base url.
I have successfully set up everything using the joxit/docker-registry-ui:1.1-static
docker image, with its port published via docker and accessed from my browser. I use the proxy-to-registry feature to avoid messing with CORS and it works.
My registry is in another docker container with its port directly published:
http://dockerlab.home:5000/
http://dockerlab.home:5080/
REGISTRY_URL=http://dockerlab.home:5000 PULL_URL=http://dockerlab.home:5000
Now if I try to put a reverse proxy (Traefik, but I can reproduce with Nginx or Apache) and configure it to forward http://dockerlab.home/registry/
to the registry-ui stripping the base path (/registry/foo
gets forwarded as /foo
), the registry proxy feature does not work correctly.
I get all registry-ui assets loaded correctly in my browser, thanks to it using relative URLs, but then it tries to load registry data from http://dockerlab.home/v2/_catalog?n=100000
instead of http://dockerlab.home/registry/v2/_catalog?n=100000
.
Seems like there is something in the code that is generating absolute URIs for the registry calls instead of relative ones as used for all other assets.
Is it possible to get relative URLs for the registry proxy links and/or an environment variable to specify the base url to generate URLs from (which in my case would be http://dockerlab.home/registry/
)?
Hi I have tested the app using the fix suggested by #27. First of all, I can confirm that the PR solves the problem.
Yet another small issue arises when using REGISTRY_URL: No title is being set.
Would it be possible to pass a custom name via an optional environment variable i.e. REGISTRY_TITLE
?
Thanks for considering :)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.