As simple as possible frontend for your private docker registry
- V2 registries support only (secure, self-signed and insecure, DNS and IP:PORT)
- internal DB (BoltBD) gives it ability to store info, and as a result it responses much faster than after direct api call, and can provide more data
- app can parse, store and show info from registry such as:
- image layers info:
- name / tag
- image size and push numbers
- upload and push dates
- image creating commands history
- image layers info:
- it is possible to set multiple repositories and watch all registries in one place
- show statistics pretty, draw curves of uploads number and image sizes for a tag with respects to dates
- find a parent of an image, in case, the parent in the same repo (it is clickable!)
- show tree-graph of parents for image
- (new) enabled image deletion (registry --version >= 2.4.0)
- (the newest) API compatibility checks
- (killer feature) Bearer token auth support (secure and self-signed auth servers)
To enable image deletion you need to:
- Run your registry with the flag
docker run -d -p 5000:5000 --restart=always --name registry \ -v ./auth:/auth \ -e "REGISTRY_AUTH=htpasswd" \ -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \ -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \ -e REGISTRY_STORAGE_DELETE_ENABLED=true \ registry:2
- Set up cron to run garbage collection
10 * * * * docker exec registry bin/registry garbage-collect /etc/docker/registry/config.yml
- Also be aware, that there is a known issue in docker registry 2.5.1 in earlier. It means, that if you delete an image from a repository, you will not able to push the exactly same image in that repository. To fix it, you will need each time to perform rebuilding of image with
--no-cachemode or restarting the registry
docker restart registry.
Bearer token auth
I can say that this app almost fit my needs, so in all likelihood, soon, I will not improve it hardly, but this is the list of ideas just for case:
- "update repos" button (not wait for sleep time)
- info for the whole repository: size, the number of pushes so on so on so on
How to start use Bow
docker run -d \ --name=Bow \ -e BS_LOG_SILENT=yes \ -v ~/db/bow:/var/lib/bow \ -p 5001:19808 \ evedel/bow
How to start contribute to Bow
If you have interest, you can easily start with
git clone https://github.com/evedel/bow.git git clone https://github.com/fperucic/treant-js project/resources/treant-js cd bow docker-compose -f develop/devlinux.yml up -d docker exec -it develop_golang_1 go get docker exec -it develop_golang_1 go test -v qurl -repo='https://UsErNaMe:PaSsWoRd@myownregistry.org' docker exec -it develop_golang_1 go run main.go
Code and packages
This app is written on golang with use of standard packages and:
https://github.com/boltdb/bolt -- BoltDB
https://github.com/fatih/color -- to make cli shiny
https://github.com/wader/disable_sendfile_vbox_linux -- to develop on docker-machine
http://www.chartjs.org/ -- to draw best graphs ever
https://github.com/fperucic/treant-js -- to draw parents graphs
Yes, such feature has been realised from the very beginning, but garbage-collector didn't work at that time, so I kept it commented. Thank you, that mentioned it! =) Will check it soon and uncomment.
Is it possible, or can you add a function, to delete an image from the repository?
It's a bit crappy, to go to command-line, delete the repository and then go to the container for the garbage-collection (especially, if there are more people working on the images and you are the only one with a command-line)
When I disable my crets, then it works. But with https, I have to play with the servers common names, cause there are too many (from docker net, from localhost, from outside net,....). And all have to work!
It seems, that I have to place a multi-host cert for the machin^^
Yeah =) I've got this case.
As far as they are both inside of containers, they are not 127.0.0.1 for each other, even if they are on the same machine.
The best way is, of course, make --link for them, and then write in "Repo addr" field "registry:5000".
Other way is use your host machine gateway.
In that case, "Repo addr" field is "172.17.0.1:5000".
Also, you need to write your password again, if you are editing repo config, but not creating new one. This is my fault =)
To check with cli, than it is possible, you need to use, for example, "curl test:email@example.com:5000/v2/_catalog", 'couse v1 is far depricated.
Yes, but I'm testing with official registry:latest and a very basic configuration. So it seems not possible to connect via http. (curl -X GET http://127.0.0.1:5000/v1/ gives some control charachters. In my oppinion, there's no possibility to connect without SSL)
Hi, there. Have you tried to choose "http" scheme instead of "https" (in the config page)?
Hi, I'm looking for your killer feature, but I'm not able to connect to an insecure registry with your instructions.
What do I have to set / change / add, to connect to my registry???