Self-hosted container registry with web UI
Source: https://github.com/Joxit/docker-registry-ui
Docker/Podman compose
1services:
2 registry-ui:
3 image: joxit/docker-registry-ui:main
4 restart: always
5 ports:
6 - "127.0.0.1:4433:80"
7 environment:
8 - SINGLE_REGISTRY=true
9 - REGISTRY_TITLE=hyperreal's Container Registry
10 - DELETE_IMAGES=true
11 - SHOW_CONTENT_DIGEST=true
12 - NGINX_PROXY_PASS_URL=http://registry-server:5000
13 - SHOW_CATALOG_NB_TAGS=true
14 - CATALOG_MIN_BRANCHES=1
15 - CATALOG_MAX_BRANCHES=1
16 - TAGLIST_PAGE_SIZE=100
17 - REGISTRY_SECURED=false
18 - CATALOG_ELEMENTS_LIMIT=1000
19 container_name: registry-ui
20
21 registry-server:
22 image: registry:2.8.2
23 restart: always
24 environment:
25 REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin: '[http://aux-remote.carp-wyvern.ts.net]'
26 REGISTRY_HTTP_HEADERS_Access-Control-Allow-Methods: '[HEAD,GET,OPTIONS,DELETE]'
27 REGISTRY_HTTP_HEADERS_Access-Control-Allow-Credentials: '[true]'
28 REGISTRY_HTTP_HEADERS_Access-Control-Allow-Headers: '[Accept,Cache-Control]'
29 REGISTRY_HTTP_HEADERS_Access-Control-Expose-Headers: '[Docker-Content-Digest]'
30 REGISTRY_STORAGE_DELETE_ENABLED: 'true'
31 volumes:
32 - ./registry/data:/var/lib/registry
33 container_name: registry-serverAuthorization and Authentication
For a public registry with authentication, the following headers are needed:
1environment:
2 REGISTRY_HTTP_HEADERS_Access-Control-Allow-Headers: '[Authorization,Accept,Cache-Control]'For a private registry without authentication, the following headers are needed:
1environment:
2 REGISTRY_HTTP_HEADERS_Access-Control-Allow-Headers: '[Accept,Cache-Control]'Caddy reverse proxy
Public registry
1registry.hyperreal.coffee {
2 reverse_proxy localhost:4433
3}Private registry via Tailnet
1aux-remote.carp-wyvern.ts.net {
2 reverse_proxy localhost:4433
3}Ensure the following is added to /etc/default/tailscaled:
1TS_PERMIT_CERT_UID=caddyThe above will ensure Caddy receives SSL certs from the Tailscale daemon.