joxit / docker-registry-ui Goto Github PK

Hello,

I already run a registry behind nginx. Registry listen on http://registry.example:5000 and don't require authentication. Authentication and HTTPS is handled by nginx. My registry is available as https://example.org, Nginx authenticate and serve https://example.org/v2/ via proxy_pass from http://registry.example:5000

Running a container "joxit/docker-registry-ui:static" runs an other nginx at the end of the day.
So I tried to

• use only the dist/ directory
• copied docker-registry-ui-static.js to docker-registry-ui.js
• sed -i "s,${URL},http://registry.local:5000," docker-registry-ui.js
• sed -i "s,${REGISTRY_TITLE},my Registry," docker-registry-ui.js

and let nginx serve /ui as alias to dist/

On access I receive a "Mixed Content error" ( https://github.com/Joxit/docker-registry-ui/blob/master/src/scripts/http.js#L93 )

Can I aviod / circumvent this?

Andreas

I can just see the first page of the catalog, it can be quite misleading.
href for the next page seems to come as the Link header

Delete button does not work in Chrome, showing message about enabling "Docker-Content-Digest" headers. This header exist in the response, but it is in lowercase. Putting breakpoint to warning message:

this.getAllResponseHeaders()
"docker-content-digest: sha256:9d080a16c6eee3bffa0552c2775c0a2d9b489d5e1e882c135e1898f5a9a33213
content-type: application/vnd.docker.distribution.manifest.v2+json
"
this.getAllResponseHeaders().includes("Docker-Content-Digest")
false
this.getAllResponseHeaders().includes("docker-content-digest")
true

Making the same request via curl I'm getting CamelCase headers.

Try to update message error when the registry url is on http and the UI on https (mixed content error)

It would be very helpful if the creation date would be displayed in the tag list.
Maybe even a "last updated" in the repository list.

Hi,

I have setup the registry-ui and registry itself using the below docker-compose.yml file:

version: '2'

services:
  registry-srv:
    image: registry:latest
    restart: always
    #ports:
    #  - 5000:5000
    volumes:
      - storage:/var/lib/registry
      - ./registry/config.yml:/etc/docker/registry/config.yml:ro
    networks:
      - registry-ui-net
    container_name: registry-srv
  registry-ui:
    image: joxit/docker-registry-ui:static
    restart: always
    ports:
      - 8080:80
    environment:
      - REGISTRY_TITLE=Private Docker Registry
      - REGISTRY_URL=http://registry-srv:5000
      - DELETE_IMAGES=true
    depends_on:
      - registry-srv
    networks:
      - registry-ui-net
    container_name: registry-ui

networks:
    registry-ui-net:

volumes:
    storage:
      driver: local

my registry config.yml is as below:

version: 0.1
log:
  fields:
    service: registry
storage:
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
  delete:
    enabled: true
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
    Access-Control-Allow-Origin: ['*']
    Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
    Access-Control-Expose-Headers: ['Docker-Content-Digest']
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3

The registry-ui is configured as a reverse proxy for the registry container. I can see that it is working correctly:

curl http://localhost:8080/v2/_catalog
{"repositories":[]}

The registry-ui also has been added as in insecure registry in the docker config.

cat /etc/docker/daemon.json
{
        "insecure-registries" : ["127.0.0.1:8080"]
}

But even after doing this I am unable to push images to this local registry. I get retrying message when pushing images:

docker image ls
REPOSITORY                 TAG                 IMAGE ID            CREATED             SIZE
joxit/docker-registry-ui   static              e247d643a5da        11 days ago         21.3MB
127.0.0.1:8080/registry    latest              f32a97de94e1        3 months ago        25.8MB
registry                   latest              f32a97de94e1        3 months ago        25.8MB

 docker push 127.0.0.1:8080/registry
The push refers to repository [127.0.0.1:8080/registry]
73d61bf022fd: Pushing [==================================================>]     155B/155B
5bbc5831d696: Pushing [==================================================>]  3.584kB
d5974ddb5a45: Retrying in 1 second
f641ef7a37ad: Retrying in 1 second
d9ff549177a9: Retrying in 1 second
dial tcp 127.0.0.1:80: connect: connection refused

Could you please help out and let me know what I am doing wrong here?

docker run -d -p 8000:80 -e URL=https://somedomain.com:5000 -e DELETE_IMAGES=true joxit/docker-registry-ui:static

results in:

<!DOCTYPE html> <html> <head> <title>Error</title> <style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>An error occurred.</h1> <p>Sorry, the page you are looking for is currently unavailable.<br/> Please try again later.</p> <p>If you are the system administrator of this resource then you should check the error log for details.</p> <p><em>Faithfully yours, nginx.</em></p> </body> </html>

Log:

[error] 13#13: *10 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 44.33.22.11, server: localhost, request: "GET /v2/_catalog?n=100000 HTTP/1.1", upstream: "https://11.22.33.44:5000/v2/_catalog?n=100000"

How to enable a prompt before delete a tag?

Add infinite scroll for registry with a lot of images

Liked to #39 and #36

I would love to have a button to delete certain image (tags)

Hi,

I would like to have a raspberryPi (arm32v6 and/or arm32v7) compatible image.
Is it possible?

Thanks

I try to use docker-registry-ui on my localhost.
I use the following docker-compose file(for docker-registry-ui)

`version: '3'
services:
  registry-ui:
    image: joxit/docker-registry-ui
    ports:
      - "80:80"
    networks:
      - registry-network

networks:
  registry-network:
    external:
      name: registry-ui-net`

and the following for docker-registry:

`version: '3'
services:
  registry:
    restart: always
    image: registry:2
    ports:
       - "5000:5000"
    environment:
      #REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt
      #REGISTRY_HTTP_TLS_KEY: /certs/domain.key
      REGISTRY_AUTH: htpasswd
      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
      REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
    volumes:
      #- /path/data:/var/lib/registry
      #- /path/certs:/certs
      - ./auth:/auth
      - ./config.yml:/etc/docker/registry/config.yml
    networks:
      - registry-network

networks:
  registry-network:
    external:
      name: registry-ui-net`

The problem is that I can't connect by ui container to my registry. It returns 404 http error code.
But If I will come to the address: http://127.0.0.1:5000/v2/_catalog (which is address of my registry), it returs json array with my repository, which I pushed earlier.

So why docker container ui cant connect itself to my registry?
The are both in the same network, too.

Thank you for the image!
I think adding support for HTTPS will improve security of using this image in production.
We uses "lets-nginx" image in docker-compose with "registry" to provide worldwide approved SSL certificates. I think ability to use TLS certificate for this image is a good idea.

I deployed joxit/docker-registry-ui:arm64v8 via k8s, all went well, but after I add a registry I get the following warning as a popup on the bottom:

An error occured: Check your connection and your registry must have Access-Control-Allow-Origin header set to http://192.168.126.3

The frontend is opening http://192.168.126.2:5000/v2/_catalog?n=100000 but this request is blocked.

When opening the url in a new tab I get a response:

{ "repositories": [ "helloworld" ] }

So registry and registry ui are working, I just don't know how to get it working without DNS entries?

Any suggestions?

Hi,
I'm unable to connect to my registry using either the static option with URL, with REGISTRY_URL or the dynamic one.

I'm always getting a "toast" with the response from the server:

{
    "errors": [
        {
            "code": "UNAUTHORIZED",
            "message": "authentication required",
            "detail": null
        }
    ]
}

Here's a screenshot:

Things to note:

• Both run inside a company network, not accessible from the internet
• The registry works fine with authentication. I can docker login stable.registry.example.com without any issue.
• I tried to use the demo version, it didn't work either. I got an error saying to check my connectivity and set the Access-Control-Allow-Origin header to https://joxit.github.com (which I did).
• Both services are served through Traefik, which handles the routing and the TLS part.

Here's my docker-compose.yml

version: '3.5'

services:
  ui:
    image: joxit/docker-registry-ui:static
    environment:
      #- URL=https://stable.registry.example.com
      - REGISTRY_URL=http://registry:5000
    networks:
      - traefik-net
    deploy:
      placement:
        constraints:
          - node.role == worker
          - node.platform.os == linux
      update_config:
        order: start-first
      labels:
        - "traefik.port=80"
        - "traefik.docker.network=traefik-net"
        - "traefik.enable=true"
        - "traefik.frontend.rule=Host:ui.registry.example.com"
        - "traefik.backend.loadbalancer.stickiness=true"
        - "traefik.backend.loadbalancer.method=drr"
  registry:
    image: registry:2
    networks:
      - traefik-net
    volumes:
      - /mnt/registry:/var/lib/registry
    env_file: env.env  # The env file only contains the HTTP secret key
    deploy:
      placement:
        constraints:
          - node.role == worker
          - node.platform.os == linux
          - node.labels.registry == true
      update_config:
        order: start-first
      labels:
        - "traefik.port=5000"
        - "traefik.docker.network=traefik-net"
        - "traefik.enable=true"
        - "traefik.frontend.rule=Host:edge.registry.example.com,stable.registry.example.com"
        - "traefik.backend.loadbalancer.stickiness=true"
        - "traefik.backend.loadbalancer.method=drr"
    configs:
      - source: docker_auth.pem
        target: /docker_auth.pem
      - source: registry_config.yml
        target: /etc/docker/registry/config.yml

networks:
  traefik-net:
    external: true

configs:
  docker_auth.pem:
    file: ./docker_auth.pem
  registry_config.yml:
    file: ./registry_config.yml
    name: registry_config_v${REGISTRY_CONFIG_VERSION}.yml

and my registry_config.yml

version: 0.1
log:
  fields:
    service: registry
storage:
  delete:
    enabled: true
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
    Access-Control-Allow-Origin: ['https://ui.registry.example.com']
    Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
    Access-Control-Allow-Headers: ['Authorization']
    Access-Control-Max-Age: [1728000]
    Access-Control-Allow-Credentials: [true]
    Access-Control-Expose-Headers: ['Docker-Content-Digest']
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3
auth:
  token:
    rootcertbundle: /docker_auth.pem
    realm: "https://stable.docker-auth.example.com/auth"
    service: "Docker registry"
    issuer: "example docker auth server"

I have a so many images but it is only use v2/_category, I can not bring a list of all our images. If you change v2 / _category?n=100000 instead of v2 / _category we will see more images.

Hi there!
First of all: Thank you very much for providing such a nice simple docker-registry-ui. We ware really happy to have your application up and running in our team for our private company registry.

I am currently working on a feature displaying the image tag's history (that the content you are getting at the REST endpoint

The progress I did so far is quite nice, but I stuck at using your application's router...

I created the following elements for navigating to a new page:

1. Define a suitable go function

registryUI.taghistory.go = function (image, tag) {
    route('taglist/joxit/docker-registry-ui');
};

2. Implement an entry in the app.tag <main> section

<tag-history if="{route.routeName == 'taghistory'}"></tag-history>

3. Programm the route function:

route('/taghistory/image/*/tag/*', function (image, tag) {
    console.log("Welcome to the tag history");
    console.log("Image='" + image + "' with tag='" + tag + "'");
    route.routeName = 'taghistory';

    registryUI.taghistory.image = image;
    registryUI.taghistory.tag = tag;

    if (registryUI.taghistory.display){
        console.log("Displaying Tag History");
        registryUI.taghistory.loadend = false;
        registryUI.taghistory.display();
    }
    registryUI.appTag.update();
});

I commited and pushed my code right here and I'd be totally thankful if you give me a hint why the navigation does not work. From my point of view there is no obvious difference between my implementation and the change from catalog-view to taglist-view.

Thank you in advance! And thanks again for your great work! 👍

Cheers from Germany,
Lennart

A bug was found, when I browse with the browser cache, the tag history does not load because it receives a response with a docker schema v2 and it needs a v1 schema.

• We can't send no-cache request (can be blocked by browser/registry)
• We can use an ignored query parameter for example /v2/image/manifests/tag?history but I didn't like it
• We can move to v2 schema instead of v1 (with this, I can use DockerImage object with listeners/triggers)

Hi there,

here is another feature I would love to see in the UI. What do you think about it?

Hi,

it would be great to have the possibility to select all images in the current view in order to speed-up the deletion of many tags.

I am using this to connect to a plain vanilla private registry running on localhost:5000 and, while I'm sure the registry works just fine (a GET localhost:5000/v2/_catalog returns all correct values (there is no authentication, no https) and another UI works just fine, this just fails with a:

An Error occurred

and no information about what could possibly have gone wrong.

I start the UI with:

$ docker run -d -p 80:80 -e URL=http://127.0.0.1:5000 -e DELETE_IMAGES=true joxit/docker-registry-ui:static
81445a6f88c7dcdcd82e034143179707b63544f398653fbc911a69a7f33a0f00

This is a simple example to verify the registry API is reachable:

$ curl -fs http://localhost:5000/v2/_catalog | python -m json.tool
{
    "repositories": [
        "8caa8/entry",
        "server/base"
    ]
}

Hello,

What is the command for the garbage-collect?

Does it execute on the host?

Thank you!

I'm using the latest image with k8s, the following env is set for the container:

Environment variables:
DELETE_IMAGES: true
REGISTRY_URL: http://registry:5000
REGISTRY_TITLE: My Title

Still the JS Client tries to XHR to the UI host which of course fails.

[error] 6#6: *3 open() "/usr/share/nginx/html/v2/_catalog" failed (2: No such file or directory), client: 10.244.2.40, server: localhost, request: "GET /v2/_catalog?n=100000 HTTP/1.1"

Looking at the env inside the container everything seems fine, among others, those two are set:
REGISTRY_SERVICE_HOST='10.97.115.29'
REGISTRY_SERVICE_PORT='5000'

Hello,
Thank you for your tool!
README contains following:

If your docker registry does not need credentials, you will need to send this HEADER:
Access-Control-Allow-Origin: '*'

But that leads to line 16: cannot unmarshal !!str * into []string, because this parameter is expected to be an array. Later you have valid example of Access-Control-Allow-Origin: ['http://127.0.0.1:8001']
So it must be
Access-Control-Allow-Origin: ['*']
At least that worked for me.

Remove material-lite-design dependencies and use riot-mui instead

Generate url:
http://ui-docker.kube.local/#!/taglist/kube/docker, with referrer to
https://docker.local/v2/kube/docker/tags/list
but it's wrong,
needed be:
https://docker.local/v2/kube/docker/bower/tags/list

from: docker pull 192.168.1.29:4080/drone-test:latest
to: docker pull test.io/drone-test:latest

Is there an option for this?

thanks~

When you have a lot of images like

• xxx/image1

• xxx/image2

• yyy/image1

• yyy/image2

it would be great to print it like

• xxx/

  image1

  image2

• yyy/

  image1
  image2

Hi,

Following your remarks when I've submitted my PR, you asked me about improvements.
One feature I really appreciate in other registry frontend, is the generated link "docker pull registry/image:tag" which avoid me to type the long command myself.

But it will be very more helpful if you can add the @sha256.
For keeping the UI as light as now, you can just add a "copy to clipboard" icon.

What do you think?

Hi!

I just deployed the Docker Registry and Joxit, but when I browse to it I just get a blank page. The UI container starts and I can see the source code of the website:

<!--
 Copyright (C) 2016-2019 Jones Magloire @Joxit

 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU Affero General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU Affero General Public License for more details.

 You should have received a copy of the GNU Affero General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
--><!DOCTYPE html><html><head><meta charset="UTF-8"><link rel="stylesheet" href="vendor.css"><link rel="stylesheet" href="style.css"><link href="https://fonts.googleapis.com/css?family=Roboto:regular,bold,italic,thin,light,bolditalic,black,medium&amp;lang=en" rel="stylesheet" type="text/css"><meta name="viewport" content="width=device-width,initial-scale=1"><meta property="og:site_name" content="Docker Registry UI"><meta name="twitter:card" content="summary"><meta name="twitter:site" content="@Joxit"><meta name="twitter:creator" content="@Jones Magloire"><title>Docker Registry UI</title></head><body><app></app><script src="scripts/vendor.js"></script><script src="scripts/docker-registry-ui.js"></script></body></html>

But can't see anything else.

My Apache config:

<VirtualHost *:443>

    # Servername / domain

    ServerName registry.domain.com

    # Enable SSL and SSLProxy

    SSLEngine On
    SSLProxyEngine On

    # Set the path to SSL certificate

    SSLCertificateFile /etc/letsencrypt/live/registry.domain.com/domain.crt
    SSLCertificateKeyFile /etc/letsencrypt/live/registry.domain.com/domain.key

    # Higher Strength SSL Ciphers

    SSLProtocol all -SSLv2 -SSLv3 -TLSv1
    SSLCipherSuite RC4-SHA:HIGH
    SSLHonorCipherOrder on

    # Headers

    Header always set "Docker-Distribution-Api-Version" "registry/2.0"
    Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0"
    RequestHeader set X-Forwarded-Proto "https"

    # Proying

    ProxyRequests     off
    ProxyPreserveHost on
    ProxyPass /error/ !

    # Proxy /v2 to the Registry container

    ProxyPass        /v2 https://localhost:5000/v2
    ProxyPassReverse /v2 https://localhost:5000/v2

    ProxyPass        /ui http://localhost:5001
    ProxyPassReverse /ui http://localhost:5001

    # Logs

    ErrorLog ${APACHE_LOG_DIR}/registry-error.log
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/registry-access.log combined

</VirtualHost>

How I start the Registry:

docker run -d -p 5000:443 --restart=always --name registry \
  -v /etc/letsencrypt/live/registry.domain.com:/certs \
  -v /mnt/docker-registry:/var/lib/registry \
  -v /mnt/docker-registry/config.yml:/etc/docker/registry/config.yml \
  -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
  -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
  -e REGISTRY_AUTH=htpasswd \
  -e REGISTRY_AUTH_HTPASSWD_REALM="Registry Realm" \
  -e REGISTRY_AUTH_HTPASSWD_PATH=/var/lib/registry/passfile \
  registry:latest

Registry config:

version: 0.1
log:
  fields:
    service: registry
storage:
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
  delete:
    enabled: true
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
    Access-Control-Allow-Origin: ['http://127.0.0.1:8001']
    Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
    Access-Control-Allow-Headers: ['Authorization']
    Access-Control-Max-Age: [1728000]
    Access-Control-Allow-Credentials: [true]
    Access-Control-Expose-Headers: ['Docker-Content-Digest']
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3

And how I start the UI:

docker run -d -p 5001:80 --name ui \
-e REGISTRY_TITLE="Docker Registry" \
-e DELETE_IMAGES=true \
-e REGISTRY_URL=https://localhost:5000 \
joxit/docker-registry-ui:static

What am I missing?

THANKS!

Hi

I am having some issues with image: joxit/docker-registry-ui:arm64v8-static

kubectl -n internal-system log registry-58b6ddf478-l9szk registry-ui
/bin/sh: relocation error: /bin/sh: symbol geteuid, version GLIBC_2.17 not defined in file libc.so.6 with link time reference

Is there any support for docker registry authentication ?

hi, firstly thanks for creating this cool UI for docker private registries, i've been spending a bit of time this weekend trying to get it working and so far I've got it mostly working and can see/list my registry images.

the issue i'm having here is the error message that keeps popping up when i'm browsing through my images:

{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"registry","Class":"","Name":"catalog","Action":"*"}]}]}

now, I know this means my authentication is off somewhere, but I'm able to see & browse my repo images with no problem.

so I check my registry (running in a container) and see

time="2017-06-11T11:52:31Z" level=warning msg="error authorizing context: basic authentication challenge for realm \"Registry Realm\": invalid authorization credential" go.version=go1.7.3 http.request.host="dockeregistry.localhost:5000" http.request.id=61ec0a47-1a25-43ac-808e-2097731c660c http.request.method=GET http.request.referer="http://dockeregistry.localhost/" http.request.remoteaddr="172.16.45.11:55752" http.request.uri="/v2/_catalog" http.request.useragent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" instance.id=a86c3a58-c692-46ae-a6cd-7ed4659eee28 version=v2.6.1 172.16.45.11 - - [11/Jun/2017:11:52:31 +0000] "GET /v2/_catalog HTTP/2.0" 401 145 "http://dockeregistry.localhost/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" time="2017-06-11T11:52:31Z" level=info msg="response completed" go.version=go1.7.3 http.request.host="dockeregistry.localhost:5000" http.request.id=2c66c4f6-722e-4f1b-b108-2e12ec2373c6 http.request.method=GET http.request.referer="http://dockeregistry.localhost/" http.request.remoteaddr="172.16.45.11:55758" http.request.uri="/v2/_catalog" http.request.useragent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" http.response.contenttype="application/json; charset=utf-8" http.response.duration=8.118256ms http.response.status=200 http.response.written=101 instance.id=a86c3a58-c692-46ae-a6cd-7ed4659eee28 version=v2.6.1 172.16.45.11 - - [11/Jun/2017:11:52:31 +0000] "GET /v2/_catalog HTTP/2.0" 200 101 "http://dockeregistry.localhost/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"

I can see one GET request which gets a 401, and then a following GET request which gets a 200 OK.. So I check my browser console and see the request which gets the 401 is missing the "authorization: Basic xxxxx" request header.

That's as far as I got troubleshooting wise - so, just wondering if you could have a look and possibly advise me where I might be going wrong?

some info that might put things in the right contexts:

• my registry is TLS-configured = certs and CA's all in the right place
• htpasswd setup with bcrypt switch (-Bbn) as per other issues I've seen in some forums
• docker login, pull, tag, push = all working as expected from the CLI

any help appreciated, thanks.

I'm missing a button to delete the entire library/redis image for instance.

Hey Joxit,

Thanks for quick and slick UI that just plain works!

Can you tell me how to get an insecure configuration working. I just cant seem to figure out how to push or pull from a docker client. I get https errors.. I know its probably because no TLS certs are loaded on either side. I would like s simple insecure registry is all.

Could you help with a quick config?

My host is Centos7

Running the docker compose "credentials" file out of examples/ui-as-proxy to get all spun up.

Thanks!!

Add a support for secured registries

I got:

/bin/entrypoint: 6: /bin/entrypoint: [[: not found
/bin/entrypoint: 10: /bin/entrypoint: [[: not found
/bin/entrypoint: 15: /bin/entrypoint: [[: not found

with the 1.0 image (arm32v7-static and arm64v8-static)

Please replace #!/bin/sh by #:/bin/bash in the entrypoint to fix it (https://stackoverflow.com/questions/3401183/bash-syntax-error-not-found).

  # docker 私库
  # 暂不支持设置时区
  registry:
    container_name: registry
    image: registry:2.6.2
    restart: always
    hostname: registry
#    ports:
#      - 5000
    volumes:
      - ../dev-ops-repo/registry:/var/lib/registry
    environment:
#      - TZ=${TIME_ZONE}
      - REGISTRY_STORAGE_DELETE_ENABLED=true
    labels:
      - "traefik.enable=false"

  registry-ui:
    container_name: registry-ui
    image: joxit/docker-registry-ui:0.6-static
    restart: always
    hostname: registry-ui
#    ports:
#      - 80
    environment:
      - TZ=${TIME_ZONE}
      - REGISTRY_TITLE=registry.${SERVER_DOMAIN:-localhost}
      - REGISTRY_URL=http://registry:5000
      - DELETE_IMAGES=true
    depends_on:
      - registry
    labels:
      - "traefik.enable=true"
      - "traefik.backend=registry"
      - "traefik.port=80"
      - "traefik.frontend.redirect.entryPoint=https"
      - "traefik.frontend.rule=Host:registry.${SERVER_DOMAIN:-localhost}"
      - "traefik.frontend.auth.basic=${REGISTRY_AUTH_BASIC}"

it doesn't work.

Deleting drone/agent:latest.Run 'registry garbage-collect config.yml' on your registry

/ # registry garbage-collect /etc/docker/registry/config.yml
drone/agent

0 blobs marked, 4 blobs eligible for deletion
blob eligible for deletion: sha256:03b8136cc18224af5130c57deeda55ebdd1eeee526cb7687c717a01a28b84bbc
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/03/03b8136cc18224af5130c57deeda55ebdd1eeee526cb7687c717a01a28b84bbc  go.version=go1.7.6 instance.id=877d732d-12ca-49ae-a100-f85f938b92ef
blob eligible for deletion: sha256:3f9dacdd38ec35912f9cdd4e8d26657c787cd15840d45cb81efb415163df0dcb
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/3f/3f9dacdd38ec35912f9cdd4e8d26657c787cd15840d45cb81efb415163df0dcb  go.version=go1.7.6 instance.id=877d732d-12ca-49ae-a100-f85f938b92ef
blob eligible for deletion: sha256:8134ff21f146fe331df44fe610daab5a8873997f78420c84a84af70a90b6a438
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/81/8134ff21f146fe331df44fe610daab5a8873997f78420c84a84af70a90b6a438  go.version=go1.7.6 instance.id=877d732d-12ca-49ae-a100-f85f938b92ef
blob eligible for deletion: sha256:8fd8aa6e549885b2d86b9cf3f5ac4baee218b06b4e2f44cd721d3a7fe1823b8e
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/8f/8fd8aa6e549885b2d86b9cf3f5ac4baee218b06b4e2f44cd721d3a7fe1823b8e  go.version=go1.7.6 instance.id=877d732d-12ca-49ae-a100-f85f938b92ef
/ # ls
bin            entrypoint.sh  home           linuxrc        mnt            root           sbin           sys            usr
dev            etc            lib            media          proc           run            srv            tmp            var
/ # cd var/lib/registry/docker/registry/v2/repositories/drone/agent/_
_layers/     _manifests/  _uploads/
/ # cd var/lib/registry/docker/registry/v2/repositories/drone/agent/_layers/sha256/
/var/lib/registry/docker/registry/v2/repositories/drone/agent/_layers/sha256 # ls
03b8136cc18224af5130c57deeda55ebdd1eeee526cb7687c717a01a28b84bbc  8fd8aa6e549885b2d86b9cf3f5ac4baee218b06b4e2f44cd721d3a7fe1823b8e
8134ff21f146fe331df44fe610daab5a8873997f78420c84a84af70a90b6a438
/var/lib/registry/docker/registry/v2/repositories/drone/agent/_layers/sha256 #

I've got many tags and they get sorted alphabetically by default. Could it be by date, the most recent first?

Cheers,

Hi!

Thanks for that greate project!

Works well, but I can not see any info about image creation date:

How to fix that?

I used v0.5.0

Hi,

I quickly searched for similar issue, but did not find anything.

I just thought, that it would be a lot clearer to indent aggregated entries, so that after expanding it would look somewhat like this:

aggregated/
        aggregated/image1
        aggregated/image2
        .....

Instead of

aggregated/
aggregated/image1
aggregated/image2
.....

Hi there,

this is my third and last suggestion on what would add a lot of value to the project, displaying image size. I leave this here for discussion :)

Hello!
I decided to start a new issue because I don't have any idea what else I can try to make this work.

I deployed secure docker registry (with certs and auth) and this registry is fully functional (I can push and pull images from other nodes after docker login). Registry is behind nginx-proxy but this doesn't change anything - my issue is also reproducible without nginx-proxy by directly calling registry via 5000 port.

Here is my registry config file:

version: 0.1                                                                                                                                  [2/1010]
log:
  fields:
    service: registry
storage:
  delete:
    enabled: true
  cache:
    blobdescriptor: inmemory
  s3:
    accesskey: MINIO_USER
    secretkey: MINIO_SECRET
    region: us-east-1
    regionendpoint: MINIO_ADDRESS
    bucket: registry
    encrypt: false
    secure: false
    v4auth: true
    chunksize: 5242880
    rootdirectory: /
http:
  addr: :443
  headers:
    X-Content-Type-Options: [nosniff]
    Access-Control-Allow-Origin: ['http://registry.zylowski.net:8000']
    Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
    Access-Control-Allow-Headers: ['Authorization']
    Access-Control-Max-Age: [1728000]
    Access-Control-Allow-Credentials: [true]
    Access-Control-Expose-Headers: ['Docker-Content-Digest']
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3
auth:
  htpasswd:
    realm: basic-realm
    path: /auth/htpasswd

This how to I start my docker registry (docker run equivalent):

                       docker run \
                        -e "REGISTRY_AUTH=htpasswd" \
                        -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
                        -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
                        -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
                        -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
                        --net=zylowski.net --ip=172.18.0.102 \
                        --name=docker-registry \
                        -v /opt/registry/config.yml:/etc/docker/registry/config.yml \
                        -v /opt/registry/certs:/certs \
                        -v /opt/registry/auth:/auth \
                        registry:2

And the UI starts via:

docker run -d -p 8000:80 -e URL=https://registry.zylowski.net:443 -e DELETE_IMAGES=true joxit/docker-registry-ui:latest

Loging in browser works well:

Also after logging list of repositories are available:

But clicking on
causes infinity loading for images,
click on
causes

I believe Access-Control fields from config are set properly, especially when list of repositories and auth works well.

Here is the log from registry container, after click in thrash bin icon:

kwi 06 13:53:15 k8s-storage docker[24033]: time="2019-04-06T13:53:15.822591136Z" level=warning msg="error authorizing context: basic authentication challenge for realm "Registry Realm": invalid authorization credential" go.version=go1.11.2 http.request.host=registry.zylowski.net http.request.id=93cc1313-db3e-4bcb-a24c-ac2cadec2ae0 http.request.method=HEAD http.request.referer="http://registry.zylowski.net:8000/" http.request.remoteaddr=194.99.105.228 http.request.uri="/v2/ubuntu/manifests/14.04" http.request.useragent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" vars.name=ubuntu vars.reference=14.04
kwi 06 13:53:15 k8s-storage docker[24033]: 172.18.0.100 - - [06/Apr/2019:13:53:15 +0000] "HEAD /v2/ubuntu/manifests/14.04 HTTP/1.0" 401 149 "http://registry.zylowski.net:8000/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
kwi 06 13:53:16 k8s-storage docker[24033]: time="2019-04-06T13:53:16.092275204Z" level=info msg="authorized request" go.version=go1.11.2 http.request.host=registry.zylowski.net http.request.id=60589348-0eb0-4d2e-b7b0-54e8bb1a1853 http.request.method=HEAD http.request.referer="http://registry.zylowski.net:8000/" http.request.remoteaddr=194.99.105.228 http.request.uri="/v2/ubuntu/manifests/14.04" http.request.useragent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" vars.name=ubuntu vars.reference=14.04
kwi 06 13:53:16 k8s-storage docker[24033]: time="2019-04-06T13:53:16.096250901Z" level=info msg="response completed" go.version=go1.11.2 http.request.host=registry.zylowski.net http.request.id=60589348-0eb0-4d2e-b7b0-54e8bb1a1853 http.request.method=HEAD http.request.referer="http://registry.zylowski.net:8000/" http.request.remoteaddr=194.99.105.228 http.request.uri="/v2/ubuntu/manifests/14.04" http.request.useragent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" http.response.duration=9.982045ms http.response.status=304 http.response.written=0
kwi 06 13:53:16 k8s-storage docker[24033]: 172.18.0.100 - - [06/Apr/2019:13:53:16 +0000] "HEAD /v2/ubuntu/manifests/14.04 HTTP/1.0" 304 0 "http://registry.zylowski.net:8000/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
kwi 06 13:53:16 k8s-storage docker[24033]: time="2019-04-06T13:53:16.164573765Z" level=warning msg="error authorizing context: basic authentication challenge for realm "Registry Realm": invalid authorization credential" go.version=go1.11.2 http.request.host=registry.zylowski.net http.request.id=5190575e-a1e2-4a83-ad4e-4febcc171f99 http.request.method=OPTIONS http.request.referer="http://registry.zylowski.net:8000/" http.request.remoteaddr=194.99.105.228 http.request.uri="/v2/ubuntu/manifests/sha256:187b4f1d2adc16cc50149ff2aff054feb673e23566dad0132f5973a4c7fef1f0" http.request.useragent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" vars.name=ubuntu vars.reference="sha256:187b4f1d2adc16cc50149ff2aff054feb673e23566dad0132f5973a4c7fef1f0"
kwi 06 13:53:16 k8s-storage docker[24033]: 172.18.0.100 - - [06/Apr/2019:13:53:16 +0000] "OPTIONS /v2/ubuntu/manifests/sha256:187b4f1d2adc16cc50149ff2aff054feb673e23566dad0132f5973a4c7fef1f0 HTTP/1.0" 401 87 "http://registry.zylowski.net:8000/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"

Hi! first of all, thanks for open sourcing this great project.

I have a problem connecting it with My registry that is behind caddy https reverse proxy which handles multi domain. The error happens when tls handshake is being made
http: TLS handshake error from 172.19.0.2:56438: no certificate available for ''.
It seems that no SNI extension are sent to the registry. I figure out that adding
proxy_ssl_server_name on in the nginx config will fix this issue

Hey,
I'm using the examples/ui-as-proxy/simple.yml example. Here is my config:

version: '3'
services:
    registry:
        image: registry:2.7.1
        restart: always
        ports:
            - "6666:5000"
        environment:
            REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
        volumes:
            - /datasets/docker-registry/data:/data
        networks:
            - registry-ui-net
    ui:
        image: joxit/docker-registry-ui:static
        restart: always
        ports:
            - 8080:80
        environment:
            - REGISTRY_TITLE=Example Local Docker Registry
            - REGSITRY_URL=http://registry:6666
        depends_on:
            - registry
        networks:
            - registry-ui-net

networks:
  registry-ui-net:

Looking at the HTTP headers it seems to think that the registry is running on http://192.168.1.84:8080/v2/_catalog?n=100000? Which is the UI?

I cannot enter URL with a port in either the static or dynamic container. It returns a 404 not found of the base url.

I have successfully set up everything using the joxit/docker-registry-ui:1.1-static docker image, with its port published via docker and accessed from my browser. I use the proxy-to-registry feature to avoid messing with CORS and it works.

My registry is in another docker container with its port directly published:

• registry: http://dockerlab.home:5000/
• registry-ui: http://dockerlab.home:5080/
• REGISTRY_URL=http://dockerlab.home:5000 PULL_URL=http://dockerlab.home:5000

Now if I try to put a reverse proxy (Traefik, but I can reproduce with Nginx or Apache) and configure it to forward http://dockerlab.home/registry/ to the registry-ui stripping the base path (/registry/foo gets forwarded as /foo), the registry proxy feature does not work correctly.

I get all registry-ui assets loaded correctly in my browser, thanks to it using relative URLs, but then it tries to load registry data from http://dockerlab.home/v2/_catalog?n=100000 instead of http://dockerlab.home/registry/v2/_catalog?n=100000.

Seems like there is something in the code that is generating absolute URIs for the registry calls instead of relative ones as used for all other assets.

Is it possible to get relative URLs for the registry proxy links and/or an environment variable to specify the base url to generate URLs from (which in my case would be http://dockerlab.home/registry/)?

Also, as far as I can see, there is no ability to delete even empty repository:

Here is no links for that:

If I am not missing something on setting up, this is feature request.

Also, as far as I can see, there is no ability to delete even empty repository:

Here is no links for that:

If I am not missing something on setting up, this is feature request.

Hi I have tested the app using the fix suggested by #27. First of all, I can confirm that the PR solves the problem.

Yet another small issue arises when using REGISTRY_URL: No title is being set.

Would it be possible to pass a custom name via an optional environment variable i.e. REGISTRY_TITLE?

Thanks for considering :)