zebox / registry-admin Goto Github PK
View Code? Open in Web Editor NEWDocker Registry UI tool that allows manage access based on a user actions (pull and push)
License: MIT License
Docker Registry UI tool that allows manage access based on a user actions (pull and push)
License: MIT License
For different user, which login from same browser at same PC, should split UI settings when save.
Settings selector should pickup setting by user id at UI loading.
When user try use own certificates and try loading they for registry token, loadCerts
can throw an error, but it doesn't shows. If error exist registry-admin
try creates new certs. The createCerts
throw an error to because user certs already exist in destination folder.
// in registry/token.go package
if err = rt.loadCerts(); err != nil {
err = rt.createCerts()
if err != nil {
return nil, err
}
}
Need handle loadCerts
errors before call createCerts
.
Hi,
I'm trying to run the app in localhost (for testing purposes for now) using files from _examples/token_auth. I am able to login, but when I hit "Sync" button i see some error in log:
docker-registry-registry-1 | time="2023-08-09T18:24:10.564085228Z" level=warning msg="error authorizing context: authorization token required" go.version=go1.19.9 http.request.host="registry:5000" http.request.id=10dd6015-f1da-4b4f-97af-62b008efad78 http.request.method=GET http.request.remoteaddr="172.19.0.2:38366" http.request.uri="/v2/_catalog?n=50&last=" http.request.useragent="Go-http-client/1.1"
What can be the cause of this?
docker-compose file:
version: '2.1'
services:
registry-admin:
restart: unless-stopped
image: zebox/registry-admin:master
ports:
- 80:80
environment:
- RA_CONFIG_FILE=/app/config/token-ra-config.yml
volumes:
- ./certs:/app/certs
- ./config:/app/config
- ./data:/app/data
registry:
restart: unless-stopped
image: registry:2
ports:
- 50554:5000
environment:
- REGISTRY_AUTH_TOKEN_REALM=http://localhost/api/v1/registry/auth # <- !!! Change this for real hostname of RegistryAdmin and exposed port which accessible for docker clients
volumes:
- ./data:/var/lib/registry
- ./certs:/certs
- ./config/registry-config.yml:/etc/docker/registry/config.yml
depends_on:
- registry-admin
registry-config.yml:
version: 0.1
log:
accesslog:
disabled: false
level: debug
formatter: text
fields:
service: registry
storage:
filesystem:
rootdirectory: /var/lib/registry
maxthreads: 100
delete:
enabled: true
http:
addr: ":5000"
net: tcp
tls:
certificate: /certs/cert.crt
key: /certs/cert.key
auth:
token:
realm: http://localhost/api/v1/registry/auth # <- external ip accessible for clients from outside of container
service: container_registry
issuer: registry_token_issuer
rootcertbundle: /certs/cert.crt
notifications:
events:
includereferences: true
endpoints:
- name: ra-listener
disabled: false
url: http://registry-admin/api/v1/registry/events
headers:
Authorization: [Basic YWRtaW46c3VwZXItc2VjcmV0] # 'admin:super-secret' base64 encode string
timeout: 1s
threshold: 5
backoff: 3s
ignoredmediatypes:
- application/octet-stream
ignore:
mediatypes:
- application/octet-stream
token-ra-config.yml:
hostname: localhost
registry:
host: https://registry
port: 5000
auth_type: token
issuer: registry_token_issuer
service: container_registry
certs:
path: /app/certs
key: /app/certs/cert.key
public_key: /app/certs/cert.pub
ca_root: /app/certs/cert.crt
ip: 127.0.0.1 # <- paste a real IP of docker host which publish the container
fqdns: [registry, demo.host.local, localhost, registry.host.local]
store:
type: embed
admin_password: "super-secret"
embed:
path: /app/data/store.db
I'm recieveing unauthorized: authentication required
error in the middle of image push process:
root@RYZEN:/home/user/# docker push registry.mydomain.com/someimage:latest
The push refers to repository [registry.mydomain.com/someimage]
5f70bf18a086: Layer already exists
865c2d40902c: Layer already exists
d6df4d8f1d2b: Layer already exists
814b91d8ce2a: Pushing [==================================================>] 427.3MB
243673d2c35b: Layer already exists
e0e5c14f683a: Pushing [=======================> ] 212.8MB/459.5MB
3e8300fe133b: Layer already exists
cd6c2464dc51: Layer already exists
f7f303b50df0: Pushing [==================================================>] 240.8MB
d5fcc5cffc99: Pushing [==================================================>] 268.5MB
1fdbf5f06e1e: Layer already exists
eb5e1abd9327: Pushed
1059c10ff87a: Pushed
3cdaf4f3899c: Pushed
57d046864aa6: Pushed
3eb0486809d0: Pushed
1efc5401b6f1: Pushed
b31fe8530467: Pushed
c151effcd197: Pushed
0b0b8e9d2e04: Pushed
a9ed1f92fa62: Pushing [==================================================>] 13.28MB
6e28a572644e: Waiting
67b5ce3064ab: Waiting
88cd9b949e2e: Waiting
e2ef8a51359d: Waiting
unauthorized: authentication required
In logs I found:
registry_1 | time="2023-08-12T11:07:55.859035163Z" level=warning msg="error authorizing context: invalid token" go.version=go1.19.9 http.request.host=registry.mydomain.com http.request.id=1e427dd3-f10a-4be5-8eff-d7fac425db04 http.request.method=PATCH http.request.remoteaddr=XX.XX.XX.XX http.request.uri="/v2/someimage/blobs/uploads/8c879921-b2e4-43eb-982e-e41eb42e174c?_state=S26m-OteMyJ3enZXXezp-PB6ZJCrGYnk-PxV_pxbtTJ7Ik5hbWUiOiJjb3JvZmxleCIsIlVVSUQiOiI4Yzg3OTkyMS1iMmU0LTQzZWItOTgyZS1lNDFlYjQyZTE3NGMiLCJPZmZzZXQiOjAsIlN0YXJ0ZWRBdCI6IjIwMjMtMDgtMTJUMTE6MDU6MzguODQ1MzI0MjA2WiJ9" http.request.useragent="docker/24.0.2 go/go1.20.4 git-commit/659604f kernel/5.15.90.1-microsoft-standard-WSL2 os/linux arch/amd64 UpstreamClient(Docker-Client/24.0.2 \(linux\))" vars.name=someimage vars.uuid=8c879921-b2e4-43eb-982e-e41eb42e174c
I'm using NGINX Proxy Manager, so I'm not sure if it's actually registry-admin problem.
i follow the example : basic_auth
at the beginning every thing is ok
i can login registry-admin ,i can manager user , when i request docker registry the basic auth is worked also.
but ..... i always get "Repositories entry not found" with registry-admin , i tried to click 'sync' nothing changed.
why i get this , what i should to do , can you help me please
oh, by the way , i changed admin default password and i also changed base64 string which used in registry config file , i think it is ok.
i checked registry config , i found this
notifications: events: includereferences: true endpoints: - name: ra-listener disabled: false url: http://{registry_admin_host:port}/api/v1/registry/events
i think this is to set registry to notify registry admin repositery changed then i turned on registry-admin logout , then i'm not found any request to '/api/v1/registry/events' , is that wrong ?
Should delete access for deleted repository when an delete event is occurring
Repositories list form should display summary size of each repository entries. For display list without tag used groupBy
condition in SQL query, which select size only of a top entry.
Required fix this.
When user try sorting by resource type
field in accesses server return error. Resource type
reserved and predefined and should be hide from UI.
Create and publish docker image to Docker Hub
Prepare CI builder for cross-platform binary when release push.
When user delete from RegistryAdmin it also should be delete from access list
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.