Add Docker Registry Browser service

This commit is contained in:
Slavi Pantaleev 2023-03-19 09:14:12 +02:00
parent a0b2889455
commit b180d88420
6 changed files with 117 additions and 2 deletions

View file

@ -0,0 +1,74 @@
# Docker Registry Browser
[Docker Registry Browser](https://github.com/klausmeyer/docker-registry-browser) is a Web Interface for the Docker Registry HTTP API V2 written in Ruby on Rails.
## Dependencies
This service requires the following other services:
- a [Traefik](traefik.md) reverse-proxy server
## Configuration
To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process:
```yaml
########################################################################
# #
# docker-registry-browser #
# #
########################################################################
docker_registry_browser_enabled: true
# Hosting under a subpath (such as `/browser`) allows the browser to co-exist
# on the same hostname as a Docker Registry instance (see `docker-registry.md`).
docker_registry_browser_hostname: registry.example.com
docker_registry_browser_path_prefix: /browser
# If the browser will be able to delete images and live on the same private container network
# as the registry itself (like we do below), it's recommended to protect it with HTTP Basic Auth.
#
# If you're running a read-only browser, you may leave it publicly accessible.
docker_registry_browser_basic_auth_enabled: true
docker_registry_browser_basic_auth_username: admin
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
docker_registry_browser_basic_auth_password: ''
# To integrate with a locally running (in a container) Docker Registry,
# point to its local container address and change the browser to run in the registry's network.
docker_registry_browser_docker_registry_url: "http://{{ docker_registry_identifier }}:5000"
docker_registry_browser_container_network: "{{ docker_registry_container_network }}"
# Alternatively, to use a registry running elsewhere, delete both lines above
# (docker_registry_browser_docker_registry_url and docker_registry_browser_container_network),
# and use something this instead:
# docker_registry_browser_docker_registry_url: "https://registry.example.com"
# Image deletion is disabled by default, so you need to explicitly enable it if you need it.
docker_registry_browser_enabled_delete_images: true
########################################################################
# #
# /docker-registry-browser #
# #
########################################################################
```
In the example configuration above, we configure the service to be hosted at `https://registry.example.com/browser`.
If you make the registry browser live on the same container network as the [Docker Registry](docker-registry.md) itself (like we've done by overriding `docker_registry_browser_container_network` above), the browser will be able to talk to the registry over the private container network and IP restrictions (such as those defined in `docker_registry_private_services_whitelisted_ip_ranges`) will not be able to stop it.
## Usage
After installation, you should be able to go to the URL as configured via `docker_registry_browser_hostname` and `docker_registry_browser_path_prefix`.
You should be able to browse the images and possibly delete them (if enabled via `docker_registry_browser_enabled_delete_images`).
## Recommended other services
- [Docker Registry](docker-registry.md) -a container image distribution registry developed by [Docker Inc](https://www.docker.com/)

View file

@ -77,10 +77,10 @@ docker rmi registry.example.com/alpine:3.17.2
docker pull registry.example.com/alpine:3.17.2 docker pull registry.example.com/alpine:3.17.2
``` ```
The base URL (e.g. `https://registry.example.com`) serves an empty (blank) page. To browse your registry's images, you may need another piece of software, like [klausmeyer/docker-registry-browser](https://github.com/klausmeyer/docker-registry-browser/tree/master) which is not yet supported by this playbook, but will be supported soon. The base URL (e.g. `https://registry.example.com`) serves an empty (blank) page. To browse your registry's images via a web interface, you may need another piece of software, like [Docker Registry Browser](docker-registry-browser.md).
## Recommended other services ## Recommended other services
- Docker Registry Browser - support coming to this playbook soon - [Docker Registry Browser](docker-registry-browser.md) - Web Interface for the Docker Registry HTTP API V2 written in Ruby on Rails
- Docker Registry Purger - support coming to this playbook soon - Docker Registry Purger - support coming to this playbook soon

View file

@ -5,6 +5,7 @@
| [Collabora Online](https://www.collaboraoffice.com/) | Your Private Office Suite In The Cloud | [Link](services/collabora-online.md) | | [Collabora Online](https://www.collaboraoffice.com/) | Your Private Office Suite In The Cloud | [Link](services/collabora-online.md) |
| [Docker](https://www.docker.com/) | Open-source software for deploying containerized applications | [Link](services/docker.md) | | [Docker](https://www.docker.com/) | Open-source software for deploying containerized applications | [Link](services/docker.md) |
| [Docker Registry](https://docs.docker.com/registry/) | A container image distribution registry | [Link](services/docker-registry.md) | | [Docker Registry](https://docs.docker.com/registry/) | A container image distribution registry | [Link](services/docker-registry.md) |
| [Docker Registry Browser](docker-registry-browser.md) | Web Interface for the Docker Registry HTTP API V2 written in Ruby on Rails | [Link](services/docker-registry-browser.md) |
| [Gitea](https://gitea.io/) | A painless self-hosted Git service. | [Link](services/gitea.md) | | [Gitea](https://gitea.io/) | A painless self-hosted Git service. | [Link](services/gitea.md) |
| [Miniflux](https://miniflux.app/) | Minimalist and opinionated feed reader. | [Link](services/miniflux.md) | | [Miniflux](https://miniflux.app/) | Minimalist and opinionated feed reader. | [Link](services/miniflux.md) |
| [Nextcloud](https://nextcloud.com/) | The most popular self-hosted collaboration solution for tens of millions of users at thousands of organizations across the globe. | [Link](services/nextcloud.md) | | [Nextcloud](https://nextcloud.com/) | The most popular self-hosted collaboration solution for tens of millions of users at thousands of organizations across the globe. | [Link](services/nextcloud.md) |

View file

@ -61,6 +61,8 @@ devture_systemd_service_manager_services_list_auto: |
+ +
([{'name': (docker_registry_identifier + '-garbage-collect.timer'), 'priority': 2500, 'groups': ['mash', 'docker-registry', 'gc']}] if docker_registry_enabled else []) ([{'name': (docker_registry_identifier + '-garbage-collect.timer'), 'priority': 2500, 'groups': ['mash', 'docker-registry', 'gc']}] if docker_registry_enabled else [])
+ +
([{'name': (docker_registry_browser_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'docker-registry-browser']}] if docker_registry_browser_enabled else [])
+
([{'name': (gitea_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'gitea', 'gitea-server']}] if gitea_enabled else []) ([{'name': (gitea_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'gitea', 'gitea-server']}] if gitea_enabled else [])
+ +
([{'name': (nextcloud_identifier + '-server.service'), 'priority': 2000, 'groups': ['mash', 'nextcloud', 'nextcloud-server']}] if nextcloud_enabled else []) ([{'name': (nextcloud_identifier + '-server.service'), 'priority': 2000, 'groups': ['mash', 'nextcloud', 'nextcloud-server']}] if nextcloud_enabled else [])
@ -398,6 +400,39 @@ docker_registry_container_labels_traefik_tls_certResolver: "{{ devture_traefik_c
########################################################################
# #
# docker-registry-browser #
# #
########################################################################
docker_registry_browser_enabled: false
docker_registry_browser_identifier: "{{ mash_playbook_service_identifier_prefix }}docker-registry-browser"
docker_registry_browser_base_path: "{{ mash_playbook_base_path }}/docker-registry-browser"
docker_registry_browser_uid: "{{ mash_playbook_uid }}"
docker_registry_browser_gid: "{{ mash_playbook_gid }}"
docker_registry_browser_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
docker_registry_browser_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
docker_registry_browser_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
docker_registry_browser_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
docker_registry_browser_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /docker-registry-browser #
# #
########################################################################
######################################################################## ########################################################################
# # # #
# gitea # # gitea #

View file

@ -77,6 +77,10 @@
name: docker_registry name: docker_registry
version: v2.8.1-1 version: v2.8.1-1
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-docker-registry-browser.git
name: docker_registry_browser
version: v1.6.0-0
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-gitea.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-gitea.git
name: gitea name: gitea
version: v1.18.5-3 version: v1.18.5-3

View file

@ -57,6 +57,7 @@
- role: galaxy/collabora_online - role: galaxy/collabora_online
- role: galaxy/docker_registry - role: galaxy/docker_registry
- role: galaxy/docker_registry_browser
- role: galaxy/gitea - role: galaxy/gitea