registry-ui's Introduction

Docker Registry UI

Features

Minimal web interface
Basic Auth & login
multi-arch support

Built with python, sanic, and water.css

Run

docker run -p 8000:8000 chickenbellyfin/registry-ui -r <http://registry.url>

Or, checkout this repo and run:

pip install -r requirements.txt

python3 -m src.main -r <http://registry.url>

# If you don't have a registry already, you can use the demo data from this repo:
$ python3 -m src.main -r http://chickenbellyfin.github.io/registry-ui

Configuration

CLI

CLI args take precendence over environment variables.

usage: main.py [-h] [-r REGISTRY] [-l] [-u USERNAME] [-p PASSWORD]

optional arguments:
  -h, --help            show this help message and exit
  -r REGISTRY, --registry REGISTRY
                        Registry URL (with http:// or https://)
  -l, --login           Show a login page for registries which require basic auth.
  -u USERNAME, --username USERNAME
                        Username for registry basic auth
  -p PASSWORD, --password PASSWORD
                        Password for registry basic auth

Environment

ENV	Required?	Default	Description
REGISTRY_URL	Required		URL for docker registry, including http[s]://
REGISTRY_USERNAME			Username for Basic Auth. If `REGISTRY_PASSWORD` is not set, will not be used See Authorization section
REGISTRY_PASSWORD			Password for Basic Auth. Must be set along with `REGISTRY_USERNAME` See Authorization section
APP_THEME		`auto`	CSS theme to use. Must be `light`, `dark`, or `auto`. auto selects light or dark based on browser settings.
APP_ENABLE_LOGIN		`true`	Shows a login page if the registry requires credentials. The credentials are forwarded to the registry with basic auth. See Authorization section
APP_DEBUG		`true` in development, `false` in docker	Whether to run sanic server in debug mode.

About Authorization

The authorization works by simply forwarding username and password in a Basic Auth HTTP header to the API, whether those were set in the server settings or from the user's login cookies.
If the Regsitry username & password are set using -u/-p or REGISTRY_USERNAME/REGISTRY_PASSWORD, the app will always try to use those credentials, even if the user has not logged in. If you set --login or APP_ENABLE_LOGIN, it is recommended to not set the registry username and password. This will force each user to enter the credentials on the login page before getting access.
It is required to enable HTTPS on any registry which requires Basic Auth.
It is recommended to enable authorization if your registry is facing the public internet.

This app provides a couple options for authorization but does not provide any security guarantees or enforce any secure practices by the user.

Docker Build

docker build . -t registryui

Docker Run

docker run -p 8000:8000 -it registryui http://registry.url

docker-compose

services:
  registry-ui:
    image: registry-ui
    container_name: registry-ui
    ports:
      - 8000:8000
    environment:
      - REGISTRY_URL=http://registry.url
    restart: unless-stopped

Example: Hosting alongside regsitry with HTTPS & basic auth

It is possible to host the web app at the same URL as the registry using a web server/reverse proxy such as caddy.

This setup will allow you to host a registry at https://my.registry.url which allows image push/pull to my.registry.url/<image>:<tag>, and shows a web ui with a login page at that url in the browser. The credentials for docker client and for web access will be the same as what is configured in the registry's htpasswd.

docker-compose.yaml:

services:
  caddy:
    image: caddy
    container_name: caddy
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - certs-volume:/data

  registry:
    image: registry:2
    container_name: registry
    restart: unless-stopped
    volumes:
      - 'registry-volume:/var/lib/registry'
      - './htpasswd:/auth'
    environment:
    # How to configure registry basic auth
    # https://docs.docker.com/registry/deploying/#native-basic-auth
      - REGSITRY_AUTH=htpasswd
      - REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm
      - REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd

  registry-ui:
    image: chickenbellyfin/registry-ui
    container_name: registry-ui
    restart: unless-stopped
    environment:
      - REGISTRY_URL=https://my.registry.url
      - APP_ENABLE_LOGIN=true

volumes:
  certs-volume:
  registry-volume:

Caddyfile:

my.registry.url {
  handle /v2* {
    reverse_proxy registry:5000
  }
  reverse_proxy registry-ui:8000
}

Test

python3 -m pytest

coverage run && coverage report

# open htmlcov/index.html
coverage html

Push

docker buildx build --platform linux/amd64,linux/arm64 --tag chickenbellyfin/registry-ui --push .

registry-ui's People

Contributors

Stargazers

Watchers

registry-ui's Issues

500 Internal Server Error when uploading images

Hey @chickenbellyfin ! Great UI for docker registry, really appreciate it.

I've had an issue maybe you can take a look.

I got an internal server error with the following page:

and the following logs:
[2022-11-28 18:15:11 +0000] [1] [ERROR] Exception occurred while handling uri: 'http://docker.{reducted}/' Traceback (most recent call last): File "handle_request", line 83, in handle_request from sanic.models.handler_types import ListenerType, MiddlewareType File "/app/src/app.py", line 46, in wrapped return await func(request, *args, **kwargs, creds=creds) File "/app/src/app.py", line 69, in list_repositories repositories = await fetch_repositories(registry, creds=creds) File "/app/src/data_fetch.py", line 55, in fetch_repositories tags = await asyncio.gather(*[api.get_tags(r, creds=creds) for r in repositories]) File "/app/src/api.py", line 53, in get_tags return res['tags'] KeyError: 'tags' [2022-11-28 18:15:11 +0000] - (sanic.access)[INFO][10.0.1.213:55462]: GET http://docker.{reducted}/ 500 799

From my investigation the issue seems to be the following:

When pushing a new image to a repo, it is listed in the catalog as follows:
GET: {reducted_domain}/v2/_catalog
returns:
{"repositories":["{image1}","{image2}","{image3}","{image4}","{image5}"]}
as it is expected to.

But the thing is, the image5 is currently being uploaded/pushed from my computer. The catalog shows it as an image as it is currently being pushed and created an entry for it, but there are no "data" on it when requesting it's tags.

So when requesting https://registry.{reducted}/v2/image5/master/tags/list the registry returns {"errors":[{"code":"NAME_UNKNOWN","message":"repository name not known to registry","detail":{"name":"testimage5"}}]}

So can we have a handle for it, maybe an entry of the image on the screen, but with no links for details?

Thanks again for the project, looks awesome!

404 /repo/image not found

First of thank you for creating this interface.

I get the following error when accessing a image.

⚠️ 404 — Not Found
Requested URL /repo/diony/base not found

After a quick test it appears that viewing a image does not work when it is placed in a separate repository.
For example:
registry.test.com/test will show the tag list
registry.test.com/diony/base will not show the tag list & 404's

Manifest application/vnd.oci.image.manifest.v1+json

I use podman/buildah to create images which I push to a private instance of the Docker registry.

I tried using this nice UI but ran into a problem immediately because the images that podman creates have
"ManifestType": "application/vnd.oci.image.manifest.v1+json"
while images from Docker (for example the one for this UI) have
"ManifestType": "application/vnd.docker.distribution.manifest.v2+json"

After some quick hackery (replacing the Accept Header in api.py) I was able to use the ui with my images without any problems which leads me to believe that the two manifest types must be similar enough.

I am not terribly familiar with these low level image aspects and was wondering what a proper solution would be. Do I need to build my images differently or can the UI just show both types without problems?

Recommend Projects

chickenbellyfin / registry-ui Goto Github PK