docs: add hugo website (#4101)
59
.github/workflows/docs.yml
vendored
Normal file
|
@ -0,0 +1,59 @@
|
||||||
|
concurrency:
|
||||||
|
group: ${{ github.workflow }}-${{ github.ref }}
|
||||||
|
cancel-in-progress: true
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
paths:
|
||||||
|
- docs/**
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
# Build job
|
||||||
|
build:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
# Build the site and upload artifacts using actions/upload-pages-artifact
|
||||||
|
steps:
|
||||||
|
- name: Checkout
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
- name: Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v2
|
||||||
|
- name: Build docs
|
||||||
|
uses: docker/bake-action@v3
|
||||||
|
with:
|
||||||
|
files: |
|
||||||
|
docker-bake.hcl
|
||||||
|
targets: docs-export
|
||||||
|
set: |
|
||||||
|
*.cache-from=type=gha,scope=docs
|
||||||
|
*.cache-to=type=gha,scope=docs,mode=max
|
||||||
|
- name: Upload Pages artifact
|
||||||
|
uses: actions/upload-pages-artifact@v2
|
||||||
|
with:
|
||||||
|
path: ./build/docs
|
||||||
|
|
||||||
|
# Deploy job
|
||||||
|
deploy:
|
||||||
|
# Add a dependency to the build job
|
||||||
|
needs: build
|
||||||
|
|
||||||
|
# Grant GITHUB_TOKEN the permissions required to make a Pages deployment
|
||||||
|
permissions:
|
||||||
|
pages: write # to deploy to Pages
|
||||||
|
id-token: write # to verify the deployment originates from an appropriate source
|
||||||
|
|
||||||
|
# Deploy to the github-pages environment
|
||||||
|
environment:
|
||||||
|
name: github-pages
|
||||||
|
url: ${{ steps.deployment.outputs.page_url }}
|
||||||
|
|
||||||
|
# Specify runner + deployment step
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Deploy to GitHub Pages
|
||||||
|
id: deployment
|
||||||
|
uses: actions/deploy-pages@v2 # or the latest "vX.X.X" version tag for this action
|
5
.gitignore
vendored
|
@ -38,3 +38,8 @@ bin/*
|
||||||
.idea/*
|
.idea/*
|
||||||
|
|
||||||
tests/miniodata
|
tests/miniodata
|
||||||
|
|
||||||
|
# Docs
|
||||||
|
**/.hugo_build.lock
|
||||||
|
docs/resources
|
||||||
|
docs/public
|
||||||
|
|
|
@ -7,7 +7,7 @@ This is useful if you intend to actively work on the registry.
|
||||||
|
|
||||||
### Alternatives
|
### Alternatives
|
||||||
|
|
||||||
Most people should use the [official Registry docker image](https://hub.docker.com/r/library/registry/).
|
Most people should use prebuilt images, for example, the [Registry docker image](https://hub.docker.com/r/library/registry/) provided by Docker.
|
||||||
|
|
||||||
People looking for advanced operational use cases might consider rolling their own image with a custom Dockerfile inheriting `FROM registry:2`.
|
People looking for advanced operational use cases might consider rolling their own image with a custom Dockerfile inheriting `FROM registry:2`.
|
||||||
|
|
||||||
|
|
|
@ -94,7 +94,7 @@ performance must not be discussed on the pull request.
|
||||||
|
|
||||||
## How are decisions made?
|
## How are decisions made?
|
||||||
|
|
||||||
Docker distribution is an open-source project with an open design philosophy.
|
CNCF distribution is an open-source project with an open design philosophy.
|
||||||
This means that the repository is the source of truth for EVERY aspect of the
|
This means that the repository is the source of truth for EVERY aspect of the
|
||||||
project, including its philosophy, design, road map, and APIs. *If it's part of
|
project, including its philosophy, design, road map, and APIs. *If it's part of
|
||||||
the project, it's in the repo. If it's in the repo, it's part of the project.*
|
the project, it's in the repo. If it's in the repo, it's part of the project.*
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
The toolset to pack, ship, store, and deliver content.
|
The toolset to pack, ship, store, and deliver content.
|
||||||
|
|
||||||
This repository's main product is the Open Source Registry implementation
|
This repository's main product is the Open Source Registry implementation
|
||||||
for storing and distributing container images using the
|
for storing and distributing container images and other content using the
|
||||||
[OCI Distribution Specification](https://github.com/opencontainers/distribution-spec).
|
[OCI Distribution Specification](https://github.com/opencontainers/distribution-spec).
|
||||||
The goal of this project is to provide a simple, secure, and scalable base
|
The goal of this project is to provide a simple, secure, and scalable base
|
||||||
for building a large scale registry solution or running a simple private registry.
|
for building a large scale registry solution or running a simple private registry.
|
||||||
|
|
2
doc.go
|
@ -1,6 +1,6 @@
|
||||||
// Package distribution will define the interfaces for the components of
|
// Package distribution will define the interfaces for the components of
|
||||||
// docker distribution. The goal is to allow users to reliably package, ship
|
// docker distribution. The goal is to allow users to reliably package, ship
|
||||||
// and store content related to docker images.
|
// and store content related to container images.
|
||||||
//
|
//
|
||||||
// This is currently a work in progress. More details are available in the
|
// This is currently a work in progress. More details are available in the
|
||||||
// README.md.
|
// README.md.
|
||||||
|
|
|
@ -94,3 +94,26 @@ target "image-all" {
|
||||||
"linux/s390x"
|
"linux/s390x"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
target "_common_docs" {
|
||||||
|
dockerfile = "./dockerfiles/docs.Dockerfile"
|
||||||
|
}
|
||||||
|
|
||||||
|
target "docs-export" {
|
||||||
|
inherits = ["_common_docs"]
|
||||||
|
target = "out"
|
||||||
|
output = ["type=local,dest=build/docs"]
|
||||||
|
}
|
||||||
|
|
||||||
|
target "docs-image" {
|
||||||
|
inherits = ["_common_docs"]
|
||||||
|
target = "server"
|
||||||
|
output = ["type=docker"]
|
||||||
|
tags = ["registry-docs:local"]
|
||||||
|
}
|
||||||
|
|
||||||
|
target "docs-test" {
|
||||||
|
inherits = ["_common_docs"]
|
||||||
|
target = "test"
|
||||||
|
output = ["type=cacheonly"]
|
||||||
|
}
|
||||||
|
|
35
dockerfiles/docs.Dockerfile
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
# syntax=docker/dockerfile:1
|
||||||
|
|
||||||
|
ARG GO_VERSION=1.20.8
|
||||||
|
ARG ALPINE_VERSION=3.18
|
||||||
|
|
||||||
|
FROM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS base
|
||||||
|
RUN apk add --no-cache git
|
||||||
|
|
||||||
|
FROM base AS hugo
|
||||||
|
ARG HUGO_VERSION=0.119.0
|
||||||
|
RUN --mount=type=cache,target=/go/mod/pkg \
|
||||||
|
go install github.com/gohugoio/hugo@v${HUGO_VERSION}
|
||||||
|
|
||||||
|
FROM base AS build-base
|
||||||
|
COPY --from=hugo $GOPATH/bin/hugo /bin/hugo
|
||||||
|
WORKDIR /src
|
||||||
|
|
||||||
|
FROM build-base AS build
|
||||||
|
RUN --mount=type=bind,rw,source=docs,target=. \
|
||||||
|
hugo --gc --minify --destination /out
|
||||||
|
|
||||||
|
FROM build-base AS server
|
||||||
|
COPY docs .
|
||||||
|
ENTRYPOINT [ "hugo", "server", "--bind", "0.0.0.0" ]
|
||||||
|
EXPOSE 1313
|
||||||
|
|
||||||
|
FROM scratch AS out
|
||||||
|
COPY --from=build /out /
|
||||||
|
|
||||||
|
FROM wjdp/htmltest:v0.17.0 AS test
|
||||||
|
WORKDIR /test
|
||||||
|
COPY --from=build /out ./public
|
||||||
|
ADD docs/.htmltest.yml .htmltest.yml
|
||||||
|
RUN --mount=type=cache,target=tmp/.htmltest \
|
||||||
|
htmltest
|
9
docs/.htmltest.yml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
DirectoryPath: "public"
|
||||||
|
EnforceHTTPS: true
|
||||||
|
CheckDoctype: true
|
||||||
|
CheckExternal: true
|
||||||
|
IgnoreAltMissing: true
|
||||||
|
IgnoreAltEmpty: true
|
||||||
|
IgnoreEmptyHref: true
|
||||||
|
IgnoreInternalEmptyHash: true
|
||||||
|
IgnoreDirectoryMissingTrailingSlash: true
|
77
docs/content/_index.md
Normal file
|
@ -0,0 +1,77 @@
|
||||||
|
---
|
||||||
|
description: High-level overview of the Registry
|
||||||
|
keywords: registry, on-prem, images, tags, repository, distribution
|
||||||
|
title: Distribution Registry
|
||||||
|
---
|
||||||
|
|
||||||
|
## What it is
|
||||||
|
|
||||||
|
The Registry is a stateless, highly scalable server side application that stores
|
||||||
|
and lets you distribute container images and other content. The Registry is open-source, under the
|
||||||
|
permissive [Apache license](https://en.wikipedia.org/wiki/Apache_License).
|
||||||
|
|
||||||
|
## Why use it
|
||||||
|
|
||||||
|
You should use the Registry if you want to:
|
||||||
|
|
||||||
|
* tightly control where your images are being stored
|
||||||
|
* fully own your images distribution pipeline
|
||||||
|
* integrate image storage and distribution tightly into your in-house development workflow
|
||||||
|
|
||||||
|
## Alternatives
|
||||||
|
|
||||||
|
Users looking for a zero maintenance, ready-to-go solution are encouraged to
|
||||||
|
use one of the existing registry services. Many of these provide support and security
|
||||||
|
scanning, and are free for public repositories. For example:
|
||||||
|
- [Docker Hub](https://hub.docker.com)
|
||||||
|
- [Quay.io](https://quay.io/)
|
||||||
|
- [GitHub Packages](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry)
|
||||||
|
|
||||||
|
Cloud infrastructure providers such as [AWS](https://aws.amazon.com/ecr/), [Azure](https://azure.microsoft.com/products/container-registry/), [Google Cloud](https://cloud.google.com/artifact-registry) and [IBM Cloud](https://www.ibm.com/products/container-registry) also have container registry services available at a cost.
|
||||||
|
|
||||||
|
## Compatibility
|
||||||
|
|
||||||
|
The distribution registry implements the [OCI Distribution Spec](https://github.com/opencontainers/distribution-spec) version 1.0.1.
|
||||||
|
|
||||||
|
## Basic commands
|
||||||
|
|
||||||
|
Start your registry
|
||||||
|
|
||||||
|
```sh
|
||||||
|
docker run -d -p 5000:5000 --name registry registry:2
|
||||||
|
```
|
||||||
|
|
||||||
|
Pull (or build) some image from the hub
|
||||||
|
|
||||||
|
```sh
|
||||||
|
docker pull ubuntu
|
||||||
|
```
|
||||||
|
|
||||||
|
Tag the image so that it points to your registry
|
||||||
|
|
||||||
|
```sh
|
||||||
|
docker image tag ubuntu localhost:5000/myfirstimage
|
||||||
|
```
|
||||||
|
|
||||||
|
Push it
|
||||||
|
|
||||||
|
```sh
|
||||||
|
docker push localhost:5000/myfirstimage
|
||||||
|
```
|
||||||
|
|
||||||
|
Pull it back
|
||||||
|
|
||||||
|
```sh
|
||||||
|
docker pull localhost:5000/myfirstimage
|
||||||
|
```
|
||||||
|
|
||||||
|
Now stop your registry and remove all data
|
||||||
|
|
||||||
|
```sh
|
||||||
|
docker container stop registry && docker container rm -v registry
|
||||||
|
```
|
||||||
|
|
||||||
|
## Next
|
||||||
|
|
||||||
|
You should now read the [detailed introduction about the registry](about),
|
||||||
|
or jump directly to [deployment instructions](about/deploying).
|
|
@ -4,12 +4,12 @@ keywords: registry, on-prem, images, tags, repository, distribution, use cases,
|
||||||
title: About Registry
|
title: About Registry
|
||||||
---
|
---
|
||||||
|
|
||||||
A registry is a storage and content delivery system, holding named Docker
|
A registry is a storage and content delivery system, holding named container
|
||||||
images, available in different tagged versions.
|
images and other content, available in different tagged versions.
|
||||||
|
|
||||||
> Example: the image `distribution/registry`, with tags `2.0` and `2.1`.
|
> Example: the image `distribution/registry`, with tags `2.0` and `2.1`.
|
||||||
|
|
||||||
Users interact with a registry by using docker push and pull commands.
|
Users interact with a registry by pushing and pulling images.
|
||||||
|
|
||||||
> Example: `docker pull registry-1.docker.io/distribution/registry:2.1`.
|
> Example: `docker pull registry-1.docker.io/distribution/registry:2.1`.
|
||||||
|
|
||||||
|
@ -27,7 +27,7 @@ The Registry GitHub repository includes additional information about advanced
|
||||||
authentication and authorization methods. Only very large or public deployments
|
authentication and authorization methods. Only very large or public deployments
|
||||||
are expected to extend the Registry in this way.
|
are expected to extend the Registry in this way.
|
||||||
|
|
||||||
Finally, the Registry ships with a robust [notification system](notifications.md),
|
Finally, the Registry ships with a robust [notification system](notifications),
|
||||||
calling webhooks in response to activity, and both extensive logging and reporting,
|
calling webhooks in response to activity, and both extensive logging and reporting,
|
||||||
mostly useful for large installations that want to collect metrics.
|
mostly useful for large installations that want to collect metrics.
|
||||||
|
|
||||||
|
@ -35,11 +35,11 @@ mostly useful for large installations that want to collect metrics.
|
||||||
|
|
||||||
Image names as used in typical docker commands reflect their origin:
|
Image names as used in typical docker commands reflect their origin:
|
||||||
|
|
||||||
* `docker pull ubuntu` instructs docker to pull an image named `ubuntu` from the official Docker Hub. This is simply a shortcut for the longer `docker pull docker.io/library/ubuntu` command
|
* `docker pull ubuntu` instructs docker to pull an image named `ubuntu` from Docker Hub. This is simply a shortcut for the longer `docker pull docker.io/library/ubuntu` command
|
||||||
* `docker pull myregistrydomain:port/foo/bar` instructs docker to contact the registry located at `myregistrydomain:port` to find the image `foo/bar`
|
* `docker pull myregistrydomain:port/foo/bar` instructs docker to contact the registry located at `myregistrydomain:port` to find the image `foo/bar`
|
||||||
|
|
||||||
You can find out more about the various Docker commands dealing with images in
|
You can find out more about the various Docker commands dealing with images in
|
||||||
the [official Docker engine documentation](../engine/reference/commandline/cli.md).
|
the [Docker engine documentation](https://docs.docker.com/engine/reference/commandline/cli/).
|
||||||
|
|
||||||
## Use cases
|
## Use cases
|
||||||
|
|
||||||
|
@ -70,4 +70,4 @@ golang are certainly useful as well for advanced operations or hacking.
|
||||||
|
|
||||||
## Next
|
## Next
|
||||||
|
|
||||||
Dive into [deploying your registry](deploying.md)
|
Dive into [deploying your registry](deploying)
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
published: false
|
draft: true
|
||||||
---
|
---
|
||||||
|
|
||||||
# Architecture
|
# Architecture
|
|
@ -5,13 +5,14 @@ title: Registry compatibility
|
||||||
---
|
---
|
||||||
|
|
||||||
## Synopsis
|
## Synopsis
|
||||||
|
|
||||||
If a manifest is pulled by _digest_ from a registry 2.3 with Docker Engine 1.9
|
If a manifest is pulled by _digest_ from a registry 2.3 with Docker Engine 1.9
|
||||||
and older, and the manifest was pushed with Docker Engine 1.10, a security check
|
and older, and the manifest was pushed with Docker Engine 1.10, a security check
|
||||||
causes the Engine to receive a manifest it cannot use and the pull fails.
|
causes the Engine to receive a manifest it cannot use and the pull fails.
|
||||||
|
|
||||||
## Registry manifest support
|
## Registry manifest support
|
||||||
|
|
||||||
Historically, the registry has supported a [single manifest type](./spec/manifest-v2-1.md)
|
Historically, the registry has supported a single manifest type
|
||||||
known as _Schema 1_.
|
known as _Schema 1_.
|
||||||
|
|
||||||
With the move toward multiple architecture images, the distribution project
|
With the move toward multiple architecture images, the distribution project
|
||||||
|
@ -23,7 +24,6 @@ preserve compatibility with older versions of Docker Engine.
|
||||||
This conversion has some implications for pulling manifests by digest and this
|
This conversion has some implications for pulling manifests by digest and this
|
||||||
document enumerates these implications.
|
document enumerates these implications.
|
||||||
|
|
||||||
|
|
||||||
## Content Addressable Storage (CAS)
|
## Content Addressable Storage (CAS)
|
||||||
|
|
||||||
Manifests are stored and retrieved in the registry by keying off a digest
|
Manifests are stored and retrieved in the registry by keying off a digest
|
||||||
|
@ -42,7 +42,6 @@ attempts to send a _Schema 2_ manifest, falling back to sending a
|
||||||
Schema 1 type manifest when it detects that the registry does not
|
Schema 1 type manifest when it detects that the registry does not
|
||||||
support the new version.
|
support the new version.
|
||||||
|
|
||||||
|
|
||||||
## Registry v2.3
|
## Registry v2.3
|
||||||
|
|
||||||
### Manifest push with Docker 1.10
|
### Manifest push with Docker 1.10
|
||||||
|
@ -75,4 +74,3 @@ registry persists to disk.
|
||||||
|
|
||||||
When the manifest is pulled by digest or tag with any Docker version, a
|
When the manifest is pulled by digest or tag with any Docker version, a
|
||||||
_Schema 1_ manifest is returned.
|
_Schema 1_ manifest is returned.
|
||||||
|
|
|
@ -10,7 +10,7 @@ before moving your systems to production.
|
||||||
|
|
||||||
## Override specific configuration options
|
## Override specific configuration options
|
||||||
|
|
||||||
In a typical setup where you run your Registry from the official image, you can
|
In a typical setup where you run your registry as a container, you can
|
||||||
specify a configuration variable from the environment by passing `-e` arguments
|
specify a configuration variable from the environment by passing `-e` arguments
|
||||||
to your `docker run` stanza or from within a Dockerfile using the `ENV`
|
to your `docker run` stanza or from within a Dockerfile using the `ENV`
|
||||||
instruction.
|
instruction.
|
||||||
|
@ -20,7 +20,7 @@ To override a configuration option, create an environment variable named
|
||||||
and the `_` (underscore) represents indention levels. For example, you can
|
and the `_` (underscore) represents indention levels. For example, you can
|
||||||
configure the `rootdirectory` of the `filesystem` storage backend:
|
configure the `rootdirectory` of the `filesystem` storage backend:
|
||||||
|
|
||||||
```none
|
```yaml
|
||||||
storage:
|
storage:
|
||||||
filesystem:
|
filesystem:
|
||||||
rootdirectory: /var/lib/registry
|
rootdirectory: /var/lib/registry
|
||||||
|
@ -28,7 +28,7 @@ storage:
|
||||||
|
|
||||||
To override this value, set an environment variable like this:
|
To override this value, set an environment variable like this:
|
||||||
|
|
||||||
```none
|
```sh
|
||||||
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/somewhere
|
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/somewhere
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -64,7 +64,7 @@ These are all configuration options for the registry. Some options in the list
|
||||||
are mutually exclusive. Read the detailed reference information about each
|
are mutually exclusive. Read the detailed reference information about each
|
||||||
option before finalizing your configuration.
|
option before finalizing your configuration.
|
||||||
|
|
||||||
```none
|
```yaml
|
||||||
version: 0.1
|
version: 0.1
|
||||||
log:
|
log:
|
||||||
accesslog:
|
accesslog:
|
||||||
|
@ -293,7 +293,7 @@ the children marked **required**.
|
||||||
|
|
||||||
## `version`
|
## `version`
|
||||||
|
|
||||||
```none
|
```yaml
|
||||||
version: 0.1
|
version: 0.1
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -307,7 +307,7 @@ The `log` subsection configures the behavior of the logging system. The logging
|
||||||
system outputs everything to stderr. You can adjust the granularity and format
|
system outputs everything to stderr. You can adjust the granularity and format
|
||||||
with this configuration section.
|
with this configuration section.
|
||||||
|
|
||||||
```none
|
```yaml
|
||||||
log:
|
log:
|
||||||
accesslog:
|
accesslog:
|
||||||
disabled: true
|
disabled: true
|
||||||
|
@ -326,7 +326,7 @@ log:
|
||||||
|
|
||||||
### `accesslog`
|
### `accesslog`
|
||||||
|
|
||||||
```none
|
```yaml
|
||||||
accesslog:
|
accesslog:
|
||||||
disabled: true
|
disabled: true
|
||||||
```
|
```
|
||||||
|
@ -338,7 +338,7 @@ Access logging can be disabled by setting the boolean flag `disabled` to `true`.
|
||||||
|
|
||||||
## `hooks`
|
## `hooks`
|
||||||
|
|
||||||
```none
|
```yaml
|
||||||
hooks:
|
hooks:
|
||||||
- type: mail
|
- type: mail
|
||||||
levels:
|
levels:
|
||||||
|
@ -362,7 +362,7 @@ Refer to `loglevel` to configure the level of messages printed.
|
||||||
|
|
||||||
> **DEPRECATED:** Please use [log](#log) instead.
|
> **DEPRECATED:** Please use [log](#log) instead.
|
||||||
|
|
||||||
```none
|
```yaml
|
||||||
loglevel: debug
|
loglevel: debug
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -371,7 +371,7 @@ Permitted values are `error`, `warn`, `info` and `debug`. The default is
|
||||||
|
|
||||||
## `storage`
|
## `storage`
|
||||||
|
|
||||||
```none
|
```yaml
|
||||||
storage:
|
storage:
|
||||||
filesystem:
|
filesystem:
|
||||||
rootdirectory: /var/lib/registry
|
rootdirectory: /var/lib/registry
|
||||||
|
@ -436,15 +436,15 @@ returns an error. You can choose any of these backend storage drivers:
|
||||||
|
|
||||||
| Storage driver | Description |
|
| Storage driver | Description |
|
||||||
|---------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
|---------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||||
| `filesystem` | Uses the local disk to store registry files. It is ideal for development and may be appropriate for some small-scale production applications. See the [driver's reference documentation](https://github.com/docker/docker.github.io/tree/master/registry/storage-drivers/filesystem.md). |
|
| `filesystem` | Uses the local disk to store registry files. It is ideal for development and may be appropriate for some small-scale production applications. See the [driver's reference documentation](/storage-drivers/filesystem). |
|
||||||
| `azure` | Uses Microsoft Azure Blob Storage. See the [driver's reference documentation](https://github.com/docker/docker.github.io/tree/master/registry/storage-drivers/azure.md). |
|
| `azure` | Uses Microsoft Azure Blob Storage. See the [driver's reference documentation](/storage-drivers/azure). |
|
||||||
| `gcs` | Uses Google Cloud Storage. See the [driver's reference documentation](https://github.com/docker/docker.github.io/tree/master/registry/storage-drivers/gcs.md). |
|
| `gcs` | Uses Google Cloud Storage. See the [driver's reference documentation](/storage-drivers/gcs). |
|
||||||
| `s3` | Uses Amazon Simple Storage Service (S3) and compatible Storage Services. See the [driver's reference documentation](https://github.com/docker/docker.github.io/tree/master/registry/storage-drivers/s3.md). |
|
| `s3` | Uses Amazon Simple Storage Service (S3) and compatible Storage Services. See the [driver's reference documentation](/storage-drivers/s3). |
|
||||||
|
|
||||||
For testing only, you can use the [`inmemory` storage
|
For testing only, you can use the [`inmemory` storage
|
||||||
driver](https://github.com/docker/docker.github.io/tree/master/registry/storage-drivers/inmemory.md).
|
driver](/storage-drivers/inmemory).
|
||||||
If you would like to run a registry from volatile memory, use the
|
If you would like to run a registry from volatile memory, use the
|
||||||
[`filesystem` driver](https://github.com/docker/docker.github.io/tree/master/registry/storage-drivers/filesystem.md)
|
[`filesystem` driver](/storage-drivers/filesystem)
|
||||||
on a ramdisk.
|
on a ramdisk.
|
||||||
|
|
||||||
If you are deploying a registry on Windows, a Windows volume mounted from the
|
If you are deploying a registry on Windows, a Windows volume mounted from the
|
||||||
|
@ -453,7 +453,7 @@ data-store. If you do use a Windows volume, the length of the `PATH` to
|
||||||
the mount point must be within the `MAX_PATH` limits (typically 255 characters),
|
the mount point must be within the `MAX_PATH` limits (typically 255 characters),
|
||||||
or this error will occur:
|
or this error will occur:
|
||||||
|
|
||||||
```none
|
```text
|
||||||
mkdir /XXX protocol error and your registry will not function properly.
|
mkdir /XXX protocol error and your registry will not function properly.
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -496,7 +496,7 @@ Use the `delete` structure to enable the deletion of image blobs and manifests
|
||||||
by digest. It defaults to false, but it can be enabled by writing the following
|
by digest. It defaults to false, but it can be enabled by writing the following
|
||||||
on the configuration file:
|
on the configuration file:
|
||||||
|
|
||||||
```none
|
```yaml
|
||||||
delete:
|
delete:
|
||||||
enabled: true
|
enabled: true
|
||||||
```
|
```
|
||||||
|
@ -531,14 +531,14 @@ instance is aggressively caching.
|
||||||
To disable redirects, add a single flag `disable`, set to `true`
|
To disable redirects, add a single flag `disable`, set to `true`
|
||||||
under the `redirect` section:
|
under the `redirect` section:
|
||||||
|
|
||||||
```none
|
```yaml
|
||||||
redirect:
|
redirect:
|
||||||
disable: true
|
disable: true
|
||||||
```
|
```
|
||||||
|
|
||||||
## `auth`
|
## `auth`
|
||||||
|
|
||||||
```none
|
```yaml
|
||||||
auth:
|
auth:
|
||||||
silly:
|
silly:
|
||||||
realm: silly-realm
|
realm: silly-realm
|
||||||
|
@ -593,7 +593,7 @@ security.
|
||||||
|
|
||||||
|
|
||||||
For more information about Token based authentication configuration, see the
|
For more information about Token based authentication configuration, see the
|
||||||
[specification](spec/auth/token.md).
|
[specification](/spec/auth/token).
|
||||||
|
|
||||||
### `htpasswd`
|
### `htpasswd`
|
||||||
|
|
||||||
|
@ -601,7 +601,7 @@ The _htpasswd_ authentication backed allows you to configure basic
|
||||||
authentication using an
|
authentication using an
|
||||||
[Apache htpasswd file](https://httpd.apache.org/docs/2.4/programs/htpasswd.html).
|
[Apache htpasswd file](https://httpd.apache.org/docs/2.4/programs/htpasswd.html).
|
||||||
The only supported password format is
|
The only supported password format is
|
||||||
[`bcrypt`](http://en.wikipedia.org/wiki/Bcrypt). Entries with other hash types
|
[`bcrypt`](https://en.wikipedia.org/wiki/Bcrypt). Entries with other hash types
|
||||||
are ignored. The `htpasswd` file is loaded once, at startup. If the file is
|
are ignored. The `htpasswd` file is loaded once, at startup. If the file is
|
||||||
invalid, the registry will display an error and will not start.
|
invalid, the registry will display an error and will not start.
|
||||||
|
|
||||||
|
@ -629,7 +629,7 @@ object it is wrapping. For instance, a registry middleware must implement the
|
||||||
This is an example configuration of the `cloudfront` middleware, a storage
|
This is an example configuration of the `cloudfront` middleware, a storage
|
||||||
middleware:
|
middleware:
|
||||||
|
|
||||||
```none
|
```yaml
|
||||||
middleware:
|
middleware:
|
||||||
registry:
|
registry:
|
||||||
- name: ARegistryMiddleware
|
- name: ARegistryMiddleware
|
||||||
|
@ -694,7 +694,7 @@ location of a proxy for the layer stored by the S3 storage driver.
|
||||||
|
|
||||||
## `http`
|
## `http`
|
||||||
|
|
||||||
```none
|
```yaml
|
||||||
http:
|
http:
|
||||||
addr: localhost:5000
|
addr: localhost:5000
|
||||||
net: tcp
|
net: tcp
|
||||||
|
@ -834,7 +834,7 @@ to access proxy statistics. These statistics are exposed at `/debug/vars` in JSO
|
||||||
|
|
||||||
#### `prometheus`
|
#### `prometheus`
|
||||||
|
|
||||||
```none
|
```yaml
|
||||||
prometheus:
|
prometheus:
|
||||||
enabled: true
|
enabled: true
|
||||||
path: /metrics
|
path: /metrics
|
||||||
|
@ -879,7 +879,7 @@ settings for the registry.
|
||||||
|
|
||||||
## `notifications`
|
## `notifications`
|
||||||
|
|
||||||
```none
|
```yaml
|
||||||
notifications:
|
notifications:
|
||||||
events:
|
events:
|
||||||
includereferences: true
|
includereferences: true
|
||||||
|
@ -937,7 +937,7 @@ The `events` structure configures the information provided in event notification
|
||||||
|
|
||||||
## `redis`
|
## `redis`
|
||||||
|
|
||||||
```none
|
```yaml
|
||||||
redis:
|
redis:
|
||||||
addr: localhost:6379
|
addr: localhost:6379
|
||||||
password: asecret
|
password: asecret
|
||||||
|
@ -974,7 +974,7 @@ registry does not set an expiration value on keys.
|
||||||
|
|
||||||
### `pool`
|
### `pool`
|
||||||
|
|
||||||
```none
|
```yaml
|
||||||
pool:
|
pool:
|
||||||
maxidle: 16
|
maxidle: 16
|
||||||
maxactive: 64
|
maxactive: 64
|
||||||
|
@ -991,7 +991,7 @@ Use these settings to configure the behavior of the Redis connection pool.
|
||||||
|
|
||||||
### `tls`
|
### `tls`
|
||||||
|
|
||||||
```none
|
```yaml
|
||||||
tls:
|
tls:
|
||||||
enabled: false
|
enabled: false
|
||||||
```
|
```
|
||||||
|
@ -1005,7 +1005,7 @@ Use these settings to configure Redis TLS.
|
||||||
|
|
||||||
## `health`
|
## `health`
|
||||||
|
|
||||||
```none
|
```yaml
|
||||||
health:
|
health:
|
||||||
storagedriver:
|
storagedriver:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
@ -1090,7 +1090,7 @@ attempt fails, the health check will fail.
|
||||||
|
|
||||||
## `proxy`
|
## `proxy`
|
||||||
|
|
||||||
```
|
```yaml
|
||||||
proxy:
|
proxy:
|
||||||
remoteurl: https://registry-1.docker.io
|
remoteurl: https://registry-1.docker.io
|
||||||
username: [username]
|
username: [username]
|
||||||
|
@ -1099,8 +1099,8 @@ proxy:
|
||||||
```
|
```
|
||||||
|
|
||||||
The `proxy` structure allows a registry to be configured as a pull-through cache
|
The `proxy` structure allows a registry to be configured as a pull-through cache
|
||||||
to Docker Hub. See
|
to Docker Hub. See
|
||||||
[mirror](https://github.com/docker/docker.github.io/tree/master/registry/recipes/mirror.md)
|
[mirror](/recipes/mirror)
|
||||||
for more information. Pushing to a registry configured as a pull-through cache
|
for more information. Pushing to a registry configured as a pull-through cache
|
||||||
is unsupported.
|
is unsupported.
|
||||||
|
|
||||||
|
@ -1120,7 +1120,7 @@ username (such as `batman`) and the password for that username.
|
||||||
|
|
||||||
## `validation`
|
## `validation`
|
||||||
|
|
||||||
```none
|
```yaml
|
||||||
validation:
|
validation:
|
||||||
manifests:
|
manifests:
|
||||||
urls:
|
urls:
|
||||||
|
@ -1151,15 +1151,15 @@ If `allow` is unset, pushing a manifest containing URLs fails.
|
||||||
If `allow` is set, pushing a manifest succeeds only if all URLs match
|
If `allow` is set, pushing a manifest succeeds only if all URLs match
|
||||||
one of the `allow` regular expressions **and** one of the following holds:
|
one of the `allow` regular expressions **and** one of the following holds:
|
||||||
|
|
||||||
1. `deny` is unset.
|
1. `deny` is unset.
|
||||||
2. `deny` is set but no URLs within the manifest match any of the `deny` regular
|
2. `deny` is set but no URLs within the manifest match any of the `deny` regular
|
||||||
expressions.
|
expressions.
|
||||||
|
|
||||||
## Example: Development configuration
|
## Example: Development configuration
|
||||||
|
|
||||||
You can use this simple example for local development:
|
You can use this simple example for local development:
|
||||||
|
|
||||||
```none
|
```yaml
|
||||||
version: 0.1
|
version: 0.1
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
@ -1183,10 +1183,9 @@ See
|
||||||
for another simple configuration. Both examples are generally useful for local
|
for another simple configuration. Both examples are generally useful for local
|
||||||
development.
|
development.
|
||||||
|
|
||||||
|
|
||||||
## Example: Middleware configuration
|
## Example: Middleware configuration
|
||||||
|
|
||||||
This example configures [Amazon Cloudfront](http://aws.amazon.com/cloudfront/)
|
This example configures [Amazon Cloudfront](https://aws.amazon.com/cloudfront/)
|
||||||
as the storage middleware in a registry. Middleware allows the registry to serve
|
as the storage middleware in a registry. Middleware allows the registry to serve
|
||||||
layers via a content delivery network (CDN). This reduces requests to the
|
layers via a content delivery network (CDN). This reduces requests to the
|
||||||
storage layer.
|
storage layer.
|
||||||
|
@ -1195,7 +1194,7 @@ Cloudfront requires the S3 storage driver.
|
||||||
|
|
||||||
This is the configuration expressed in YAML:
|
This is the configuration expressed in YAML:
|
||||||
|
|
||||||
```none
|
```yaml
|
||||||
middleware:
|
middleware:
|
||||||
storage:
|
storage:
|
||||||
- name: cloudfront
|
- name: cloudfront
|
||||||
|
@ -1210,6 +1209,8 @@ middleware:
|
||||||
See the configuration reference for [Cloudfront](#cloudfront) for more
|
See the configuration reference for [Cloudfront](#cloudfront) for more
|
||||||
information about configuration options.
|
information about configuration options.
|
||||||
|
|
||||||
> **Note**: Cloudfront keys exist separately from other AWS keys. See
|
{{< hint type=note >}}
|
||||||
> [the documentation on AWS credentials](http://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html)
|
Cloudfront keys exist separately from other AWS keys. See
|
||||||
> for more information.
|
[the documentation on AWS credentials](https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html)
|
||||||
|
for more information.
|
||||||
|
{{< /hint >}}
|
|
@ -9,7 +9,7 @@ A registry is an instance of the `registry` image, and runs within Docker.
|
||||||
|
|
||||||
This topic provides basic information about deploying and configuring a
|
This topic provides basic information about deploying and configuring a
|
||||||
registry. For an exhaustive list of configuration options, see the
|
registry. For an exhaustive list of configuration options, see the
|
||||||
[configuration reference](configuration.md).
|
[configuration reference](../configuration).
|
||||||
|
|
||||||
If you have an air-gapped datacenter, see
|
If you have an air-gapped datacenter, see
|
||||||
[Considerations for air-gapped registries](#considerations-for-air-gapped-registries).
|
[Considerations for air-gapped registries](#considerations-for-air-gapped-registries).
|
||||||
|
@ -27,7 +27,7 @@ The registry is now ready to use.
|
||||||
> **Warning**: These first few examples show registry configurations that are
|
> **Warning**: These first few examples show registry configurations that are
|
||||||
> only appropriate for testing. A production-ready registry must be protected by
|
> only appropriate for testing. A production-ready registry must be protected by
|
||||||
> TLS and should ideally use an access-control mechanism. Keep reading and then
|
> TLS and should ideally use an access-control mechanism. Keep reading and then
|
||||||
> continue to the [configuration guide](configuration.md) to deploy a
|
> continue to the [configuration guide](../configuration) to deploy a
|
||||||
> production-ready registry.
|
> production-ready registry.
|
||||||
|
|
||||||
## Copy an image from Docker Hub to your registry
|
## Copy an image from Docker Hub to your registry
|
||||||
|
@ -38,40 +38,40 @@ as `my-ubuntu`, then pushes it to the local registry. Finally, the
|
||||||
`ubuntu:16.04` and `my-ubuntu` images are deleted locally and the
|
`ubuntu:16.04` and `my-ubuntu` images are deleted locally and the
|
||||||
`my-ubuntu` image is pulled from the local registry.
|
`my-ubuntu` image is pulled from the local registry.
|
||||||
|
|
||||||
1. Pull the `ubuntu:16.04` image from Docker Hub.
|
1. Pull the `ubuntu:16.04` image from Docker Hub.
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ docker pull ubuntu:16.04
|
$ docker pull ubuntu:16.04
|
||||||
```
|
```
|
||||||
|
|
||||||
2. Tag the image as `localhost:5000/my-ubuntu`. This creates an additional tag
|
2. Tag the image as `localhost:5000/my-ubuntu`. This creates an additional tag
|
||||||
for the existing image. When the first part of the tag is a hostname and
|
for the existing image. When the first part of the tag is a hostname and
|
||||||
port, Docker interprets this as the location of a registry, when pushing.
|
port, Docker interprets this as the location of a registry, when pushing.
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ docker tag ubuntu:16.04 localhost:5000/my-ubuntu
|
$ docker tag ubuntu:16.04 localhost:5000/my-ubuntu
|
||||||
```
|
```
|
||||||
|
|
||||||
3. Push the image to the local registry running at `localhost:5000`:
|
3. Push the image to the local registry running at `localhost:5000`:
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ docker push localhost:5000/my-ubuntu
|
$ docker push localhost:5000/my-ubuntu
|
||||||
```
|
```
|
||||||
|
|
||||||
4. Remove the locally-cached `ubuntu:16.04` and `localhost:5000/my-ubuntu`
|
4. Remove the locally-cached `ubuntu:16.04` and `localhost:5000/my-ubuntu`
|
||||||
images, so that you can test pulling the image from your registry. This
|
images, so that you can test pulling the image from your registry. This
|
||||||
does not remove the `localhost:5000/my-ubuntu` image from your registry.
|
does not remove the `localhost:5000/my-ubuntu` image from your registry.
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ docker image remove ubuntu:16.04
|
$ docker image remove ubuntu:16.04
|
||||||
$ docker image remove localhost:5000/my-ubuntu
|
$ docker image remove localhost:5000/my-ubuntu
|
||||||
```
|
```
|
||||||
|
|
||||||
5. Pull the `localhost:5000/my-ubuntu` image from your local registry.
|
5. Pull the `localhost:5000/my-ubuntu` image from your local registry.
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ docker pull localhost:5000/my-ubuntu
|
$ docker pull localhost:5000/my-ubuntu
|
||||||
```
|
```
|
||||||
|
|
||||||
## Stop a local registry
|
## Stop a local registry
|
||||||
|
|
||||||
|
@ -94,7 +94,7 @@ To configure the container, you can pass additional or modified options to the
|
||||||
`docker run` command.
|
`docker run` command.
|
||||||
|
|
||||||
The following sections provide basic guidelines for configuring your registry.
|
The following sections provide basic guidelines for configuring your registry.
|
||||||
For more details, see the [registry configuration reference](configuration.md).
|
For more details, see the [registry configuration reference](../configuration).
|
||||||
|
|
||||||
### Start the registry automatically
|
### Start the registry automatically
|
||||||
|
|
||||||
|
@ -144,7 +144,7 @@ $ docker run -d \
|
||||||
|
|
||||||
### Customize the storage location
|
### Customize the storage location
|
||||||
|
|
||||||
By default, your registry data is persisted as a [docker volume](../storage/volumes.md)
|
By default, your registry data is persisted as a [docker volume](https://docs.docker.com/storage/volumes)
|
||||||
on the host filesystem. If you want to store your registry contents at a specific
|
on the host filesystem. If you want to store your registry contents at a specific
|
||||||
location on your host filesystem, such as if you have an SSD or SAN mounted into
|
location on your host filesystem, such as if you have an SSD or SAN mounted into
|
||||||
a particular directory, you might decide to use a bind mount instead. A bind mount
|
a particular directory, you might decide to use a bind mount instead. A bind mount
|
||||||
|
@ -166,8 +166,8 @@ $ docker run -d \
|
||||||
By default, the registry stores its data on the local filesystem, whether you
|
By default, the registry stores its data on the local filesystem, whether you
|
||||||
use a bind mount or a volume. You can store the registry data in an Amazon S3
|
use a bind mount or a volume. You can store the registry data in an Amazon S3
|
||||||
bucket, Google Cloud Platform, or on another storage back-end by using
|
bucket, Google Cloud Platform, or on another storage back-end by using
|
||||||
[storage drivers](./storage-drivers/index.md). For more information, see
|
[storage drivers](/storage-drivers). For more information, see
|
||||||
[storage configuration options](./configuration.md#storage).
|
[storage configuration options](../configuration#storage).
|
||||||
|
|
||||||
## Run an externally-accessible registry
|
## Run an externally-accessible registry
|
||||||
|
|
||||||
|
@ -190,48 +190,48 @@ These examples assume the following:
|
||||||
If you have been issued an _intermediate_ certificate instead, see
|
If you have been issued an _intermediate_ certificate instead, see
|
||||||
[use an intermediate certificate](#use-an-intermediate-certificate).
|
[use an intermediate certificate](#use-an-intermediate-certificate).
|
||||||
|
|
||||||
1. Create a `certs` directory.
|
1. Create a `certs` directory.
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ mkdir -p certs
|
$ mkdir -p certs
|
||||||
```
|
```
|
||||||
|
|
||||||
Copy the `.crt` and `.key` files from the CA into the `certs` directory.
|
Copy the `.crt` and `.key` files from the CA into the `certs` directory.
|
||||||
The following steps assume that the files are named `domain.crt` and
|
The following steps assume that the files are named `domain.crt` and
|
||||||
`domain.key`.
|
`domain.key`.
|
||||||
|
|
||||||
2. Stop the registry if it is currently running.
|
2. Stop the registry if it is currently running.
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ docker container stop registry
|
$ docker container stop registry
|
||||||
```
|
```
|
||||||
|
|
||||||
3. Restart the registry, directing it to use the TLS certificate. This command
|
3. Restart the registry, directing it to use the TLS certificate. This command
|
||||||
bind-mounts the `certs/` directory into the container at `/certs/`, and sets
|
bind-mounts the `certs/` directory into the container at `/certs/`, and sets
|
||||||
environment variables that tell the container where to find the `domain.crt`
|
environment variables that tell the container where to find the `domain.crt`
|
||||||
and `domain.key` file. The registry runs on port 443, the default HTTPS port.
|
and `domain.key` file. The registry runs on port 443, the default HTTPS port.
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ docker run -d \
|
$ docker run -d \
|
||||||
--restart=always \
|
--restart=always \
|
||||||
--name registry \
|
--name registry \
|
||||||
-v "$(pwd)"/certs:/certs \
|
-v "$(pwd)"/certs:/certs \
|
||||||
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
|
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
|
||||||
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
|
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
|
||||||
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
|
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
|
||||||
-p 443:443 \
|
-p 443:443 \
|
||||||
registry:2
|
registry:2
|
||||||
```
|
```
|
||||||
|
|
||||||
4. Docker clients can now pull from and push to your registry using its
|
4. Docker clients can now pull from and push to your registry using its
|
||||||
external address. The following commands demonstrate this:
|
external address. The following commands demonstrate this:
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ docker pull ubuntu:16.04
|
$ docker pull ubuntu:16.04
|
||||||
$ docker tag ubuntu:16.04 myregistry.domain.com/my-ubuntu
|
$ docker tag ubuntu:16.04 myregistry.domain.com/my-ubuntu
|
||||||
$ docker push myregistry.domain.com/my-ubuntu
|
$ docker push myregistry.domain.com/my-ubuntu
|
||||||
$ docker pull myregistry.domain.com/my-ubuntu
|
$ docker pull myregistry.domain.com/my-ubuntu
|
||||||
```
|
```
|
||||||
|
|
||||||
#### Use an intermediate certificate
|
#### Use an intermediate certificate
|
||||||
|
|
||||||
|
@ -252,23 +252,23 @@ The registry supports using Let's Encrypt to automatically obtain a
|
||||||
browser-trusted certificate. For more information on Let's Encrypt, see
|
browser-trusted certificate. For more information on Let's Encrypt, see
|
||||||
[https://letsencrypt.org/how-it-works/](https://letsencrypt.org/how-it-works/)
|
[https://letsencrypt.org/how-it-works/](https://letsencrypt.org/how-it-works/)
|
||||||
and the relevant section of the
|
and the relevant section of the
|
||||||
[registry configuration](configuration.md#letsencrypt).
|
[registry configuration](../configuration#letsencrypt).
|
||||||
|
|
||||||
### Use an insecure registry (testing only)
|
### Use an insecure registry (testing only)
|
||||||
|
|
||||||
It is possible to use a self-signed certificate, or to use our registry
|
It is possible to use a self-signed certificate, or to use our registry
|
||||||
insecurely. Unless you have set up verification for your self-signed
|
insecurely. Unless you have set up verification for your self-signed
|
||||||
certificate, this is for testing only. See [run an insecure registry](insecure.md).
|
certificate, this is for testing only. See [run an insecure registry](../insecure).
|
||||||
|
|
||||||
## Run the registry as a service
|
## Run the registry as a service
|
||||||
|
|
||||||
[Swarm services](../engine/swarm/services.md) provide several advantages over
|
[Swarm services](https://docs.docker.com/engine/swarm/services) provide several advantages over
|
||||||
standalone containers. They use a declarative model, which means that you define
|
standalone containers. They use a declarative model, which means that you define
|
||||||
the desired state and Docker works to keep your service in that state. Services
|
the desired state and Docker works to keep your service in that state. Services
|
||||||
provide automatic load balancing scaling, and the ability to control the
|
provide automatic load balancing scaling, and the ability to control the
|
||||||
distribution of your service, among other advantages. Services also allow you to
|
distribution of your service, among other advantages. Services also allow you to
|
||||||
store sensitive data such as TLS certificates in
|
store sensitive data such as TLS certificates in
|
||||||
[secrets](../engine/swarm/secrets.md).
|
[secrets](https://docs.docker.com/engine/swarm/secrets).
|
||||||
|
|
||||||
The storage back-end you use determines whether you use a fully scaled service
|
The storage back-end you use determines whether you use a fully scaled service
|
||||||
or a service with either only a single node or a node constraint.
|
or a service with either only a single node or a node constraint.
|
||||||
|
@ -342,9 +342,9 @@ The most important aspect is that a load balanced cluster of registries must
|
||||||
share the same resources. For the current version of the registry, this means
|
share the same resources. For the current version of the registry, this means
|
||||||
the following must be the same:
|
the following must be the same:
|
||||||
|
|
||||||
- Storage Driver
|
- Storage Driver
|
||||||
- HTTP Secret
|
- HTTP Secret
|
||||||
- Redis Cache (if configured)
|
- Redis Cache (if configured)
|
||||||
|
|
||||||
Differences in any of the above cause problems serving requests.
|
Differences in any of the above cause problems serving requests.
|
||||||
As an example, if you're using the filesystem driver, all registry instances
|
As an example, if you're using the filesystem driver, all registry instances
|
||||||
|
@ -393,87 +393,89 @@ The simplest way to achieve access restriction is through basic authentication
|
||||||
This example uses native basic authentication using `htpasswd` to store the
|
This example uses native basic authentication using `htpasswd` to store the
|
||||||
secrets.
|
secrets.
|
||||||
|
|
||||||
> **Warning**:
|
{{< hint type=warning >}}
|
||||||
> You **cannot** use authentication with authentication schemes that send
|
You **cannot** use authentication with authentication schemes that send
|
||||||
> credentials as clear text. You must
|
credentials as clear text. You must
|
||||||
> [configure TLS first](deploying.md#run-an-externally-accessible-registry) for
|
[configure TLS first](#run-an-externally-accessible-registry) for
|
||||||
> authentication to work.
|
authentication to work.
|
||||||
{:.warning}
|
{{< /hint >}}
|
||||||
|
|
||||||
> **Warning**
|
{{< hint type=warning >}}
|
||||||
> The official registry image **only** supports htpasswd credentials in
|
The distribution registry **only** supports htpasswd credentials in
|
||||||
> bcrypt format, so if you omit the `-B` option when generating the credential
|
bcrypt format, so if you omit the `-B` option when generating the credential
|
||||||
> using htpasswd, all authentication attempts will fail.
|
using htpasswd, all authentication attempts will fail.
|
||||||
{:.warning}
|
{{< /hint >}}
|
||||||
|
|
||||||
1. Create a password file with one entry for the user `testuser`, with password
|
1. Create a password file with one entry for the user `testuser`, with password
|
||||||
`testpassword`:
|
`testpassword`:
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ mkdir auth
|
$ mkdir auth
|
||||||
$ docker run \
|
$ docker run \
|
||||||
--entrypoint htpasswd \
|
--entrypoint htpasswd \
|
||||||
httpd:2 -Bbn testuser testpassword > auth/htpasswd
|
httpd:2 -Bbn testuser testpassword > auth/htpasswd
|
||||||
```
|
```
|
||||||
|
|
||||||
On Windows, make sure the output file is correctly encoded:
|
On Windows, make sure the output file is correctly encoded:
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
docker run --rm --entrypoint htpasswd httpd:2 -Bbn testuser testpassword | Set-Content -Encoding ASCII auth/htpasswd
|
docker run --rm --entrypoint htpasswd httpd:2 -Bbn testuser testpassword | Set-Content -Encoding ASCII auth/htpasswd
|
||||||
```
|
```
|
||||||
|
|
||||||
2. Stop the registry.
|
2. Stop the registry.
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ docker container stop registry
|
$ docker container stop registry
|
||||||
```
|
```
|
||||||
|
|
||||||
3. Start the registry with basic authentication.
|
3. Start the registry with basic authentication.
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ docker run -d \
|
$ docker run -d \
|
||||||
-p 5000:5000 \
|
-p 5000:5000 \
|
||||||
--restart=always \
|
--restart=always \
|
||||||
--name registry \
|
--name registry \
|
||||||
-v "$(pwd)"/auth:/auth \
|
-v "$(pwd)"/auth:/auth \
|
||||||
-e "REGISTRY_AUTH=htpasswd" \
|
-e "REGISTRY_AUTH=htpasswd" \
|
||||||
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
|
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
|
||||||
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
|
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
|
||||||
-v "$(pwd)"/certs:/certs \
|
-v "$(pwd)"/certs:/certs \
|
||||||
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
|
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
|
||||||
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
|
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
|
||||||
registry:2
|
registry:2
|
||||||
```
|
```
|
||||||
|
|
||||||
4. Try to pull an image from the registry, or push an image to the registry.
|
4. Try to pull an image from the registry, or push an image to the registry.
|
||||||
These commands fail.
|
These commands fail.
|
||||||
|
|
||||||
5. Log in to the registry.
|
5. Log in to the registry.
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ docker login myregistrydomain.com:5000
|
$ docker login myregistrydomain.com:5000
|
||||||
```
|
```
|
||||||
|
|
||||||
Provide the username and password from the first step.
|
Provide the username and password from the first step.
|
||||||
|
|
||||||
Test that you can now pull an image from the registry or push an image to
|
Test that you can now pull an image from the registry or push an image to
|
||||||
the registry.
|
the registry.
|
||||||
|
|
||||||
> **X509 errors**: X509 errors usually indicate that you are attempting to use
|
{{< hint type=note title="X509 errors" >}}
|
||||||
> a self-signed certificate without configuring the Docker daemon correctly.
|
X509 errors usually indicate that you are attempting to use
|
||||||
> See [run an insecure registry](insecure.md).
|
a self-signed certificate without configuring the Docker daemon correctly.
|
||||||
|
See [run an insecure registry](../insecure).
|
||||||
|
{{< /hint >}}
|
||||||
|
|
||||||
### More advanced authentication
|
### More advanced authentication
|
||||||
|
|
||||||
You may want to leverage more advanced basic auth implementations by using a
|
You may want to leverage more advanced basic auth implementations by using a
|
||||||
proxy in front of the registry. See the [recipes list](recipes/index.md).
|
proxy in front of the registry. See the [recipes list](/recipes/).
|
||||||
|
|
||||||
The registry also supports delegated authentication which redirects users to a
|
The registry also supports delegated authentication which redirects users to a
|
||||||
specific trusted token server. This approach is more complicated to set up, and
|
specific trusted token server. This approach is more complicated to set up, and
|
||||||
only makes sense if you need to fully configure ACLs and need more control over
|
only makes sense if you need to fully configure ACLs and need more control over
|
||||||
the registry's integration into your global authorization and authentication
|
the registry's integration into your global authorization and authentication
|
||||||
systems. Refer to the following [background information](spec/auth/token.md) and
|
systems. Refer to the following [background information](/spec/auth/token) and
|
||||||
[configuration information here](configuration.md#auth).
|
[configuration information here](../configuration#auth).
|
||||||
|
|
||||||
This approach requires you to implement your own authentication system or
|
This approach requires you to implement your own authentication system or
|
||||||
leverage a third-party implementation.
|
leverage a third-party implementation.
|
||||||
|
@ -537,41 +539,42 @@ following:
|
||||||
You are responsible for ensuring that you are in compliance with the terms of
|
You are responsible for ensuring that you are in compliance with the terms of
|
||||||
use for non-distributable layers.
|
use for non-distributable layers.
|
||||||
|
|
||||||
1. Edit the `daemon.json` file, which is located in `/etc/docker/` on Linux
|
1. Edit the `daemon.json` file, which is located in `/etc/docker/` on Linux
|
||||||
hosts and `C:\ProgramData\docker\config\daemon.json` on Windows Server.
|
hosts and `C:\ProgramData\docker\config\daemon.json` on Windows Server.
|
||||||
Assuming the file was previously empty, add the following contents:
|
Assuming the file was previously empty, add the following contents:
|
||||||
|
|
||||||
```json
|
```json
|
||||||
{
|
{
|
||||||
"allow-nondistributable-artifacts": ["myregistrydomain.com:5000"]
|
"allow-nondistributable-artifacts": ["myregistrydomain.com:5000"]
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
The value is an array of registry addresses, separated by commas.
|
The value is an array of registry addresses, separated by commas.
|
||||||
|
|
||||||
Save and exit the file.
|
Save and exit the file.
|
||||||
|
|
||||||
2. Restart Docker.
|
2. Restart Docker.
|
||||||
|
|
||||||
3. Restart the registry if it does not start automatically.
|
3. Restart the registry if it does not start automatically.
|
||||||
|
|
||||||
4. When you push images to the registries in the list, their
|
4. When you push images to the registries in the list, their
|
||||||
non-distributable layers are pushed to the registry.
|
non-distributable layers are pushed to the registry.
|
||||||
|
|
||||||
> **Warning**: Non-distributable artifacts typically have restrictions on
|
|
||||||
> how and where they can be distributed and shared. Only use this feature
|
|
||||||
> to push artifacts to private registries and ensure that you are in
|
|
||||||
> compliance with any terms that cover redistributing non-distributable
|
|
||||||
> artifacts.
|
|
||||||
|
|
||||||
|
{{< hint type=warning >}}
|
||||||
|
Non-distributable artifacts typically have restrictions on
|
||||||
|
how and where they can be distributed and shared. Only use this feature
|
||||||
|
to push artifacts to private registries and ensure that you are in
|
||||||
|
compliance with any terms that cover redistributing non-distributable
|
||||||
|
artifacts.
|
||||||
|
{{< /hint >}}
|
||||||
|
|
||||||
## Next steps
|
## Next steps
|
||||||
|
|
||||||
More specific and advanced information is available in the following sections:
|
More specific and advanced information is available in the following sections:
|
||||||
|
|
||||||
- [Configuration reference](configuration.md)
|
- [Configuration reference](../configuration)
|
||||||
- [Working with notifications](notifications.md)
|
- [Working with notifications](../notifications)
|
||||||
- [Advanced "recipes"](recipes/index.md)
|
- [Advanced "recipes"](/recipes)
|
||||||
- [Registry API](spec/api.md)
|
- [Registry API](/spec/api)
|
||||||
- [Storage driver model](storage-drivers/index.md)
|
- [Storage driver model](/storage-drivers)
|
||||||
- [Token authentication](spec/auth/token.md)
|
- [Token authentication](/spec/auth/token)
|
|
@ -9,7 +9,7 @@ This document describes what this command does and how and why it should be used
|
||||||
|
|
||||||
## About garbage collection
|
## About garbage collection
|
||||||
|
|
||||||
In the context of the Docker registry, garbage collection is the process of
|
In the context of the registry, garbage collection is the process of
|
||||||
removing blobs from the filesystem when they are no longer referenced by a
|
removing blobs from the filesystem when they are no longer referenced by a
|
||||||
manifest. Blobs can include both layers and manifests.
|
manifest. Blobs can include both layers and manifests.
|
||||||
|
|
||||||
|
@ -21,15 +21,15 @@ that certain layers no longer exist on the filesystem.
|
||||||
|
|
||||||
Filesystem layers are stored by their content address in the Registry. This
|
Filesystem layers are stored by their content address in the Registry. This
|
||||||
has many advantages, one of which is that data is stored once and referred to by manifests.
|
has many advantages, one of which is that data is stored once and referred to by manifests.
|
||||||
See [here](compatibility.md#content-addressable-storage-cas) for more details.
|
See [here](../compatibility#content-addressable-storage-cas) for more details.
|
||||||
|
|
||||||
Layers are therefore shared amongst manifests; each manifest maintains a reference
|
Layers are therefore shared amongst manifests; each manifest maintains a reference
|
||||||
to the layer. As long as a layer is referenced by one manifest, it cannot be garbage
|
to the layer. As long as a layer is referenced by one manifest, it cannot be garbage
|
||||||
collected.
|
collected.
|
||||||
|
|
||||||
Manifests and layers can be `deleted` with the registry API (refer to the API
|
Manifests and layers can be `deleted` with the registry API (refer to the API
|
||||||
documentation [here](spec/api.md#deleting-a-layer) and
|
documentation [here](/spec/api#deleting-a-layer) and
|
||||||
[here](spec/api.md#deleting-an-image) for details). This API removes references
|
[here](/spec/api#deleting-an-image) for details). This API removes references
|
||||||
to the target and makes them eligible for garbage collection. It also makes them
|
to the target and makes them eligible for garbage collection. It also makes them
|
||||||
unable to be read via the API.
|
unable to be read via the API.
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
published: false
|
draft: true
|
||||||
---
|
---
|
||||||
|
|
||||||
# Glossary
|
# Glossary
|
||||||
|
@ -17,7 +17,7 @@ This page contains definitions for distribution related terms.
|
||||||
|
|
||||||
<dt id="image"><h4>Image</h4></dt>
|
<dt id="image"><h4>Image</h4></dt>
|
||||||
<dd>
|
<dd>
|
||||||
<blockquote>An image is a named set of immutable data from which a Docker container can be created.</blockquote>
|
<blockquote>An image is a named set of immutable data from which a container can be created.</blockquote>
|
||||||
<p>
|
<p>
|
||||||
An image is represented by a json file called a <a href="#manifest">manifest</a>, and is conceptually a set of <a href="#layer">layers</a>.
|
An image is represented by a json file called a <a href="#manifest">manifest</a>, and is conceptually a set of <a href="#layer">layers</a>.
|
||||||
|
|
||||||
|
@ -45,7 +45,7 @@ This page contains definitions for distribution related terms.
|
||||||
</dd>
|
</dd>
|
||||||
|
|
||||||
<dt id="registry"><h4>Registry</h4></dt>
|
<dt id="registry"><h4>Registry</h4></dt>
|
||||||
<dd><blockquote>A registry is a service that let you store and deliver <a href="#images">images</a>.</blockquote>
|
<dd><blockquote>A registry is a service that let you store and deliver <a href="#images">images</a> and other content.</blockquote>
|
||||||
</dd>
|
</dd>
|
||||||
|
|
||||||
<dt id="registry"><h4>Repository</h4></dt>
|
<dt id="registry"><h4>Repository</h4></dt>
|
|
@ -10,5 +10,3 @@ If you want to report a bug:
|
||||||
|
|
||||||
- be sure to first read about [how to contribute](https://github.com/distribution/distribution/blob/master/CONTRIBUTING.md).
|
- be sure to first read about [how to contribute](https://github.com/distribution/distribution/blob/master/CONTRIBUTING.md).
|
||||||
- you can then do so on the [GitHub project bugtracker](https://github.com/distribution/distribution/issues).
|
- you can then do so on the [GitHub project bugtracker](https://github.com/distribution/distribution/issues).
|
||||||
|
|
||||||
You can also find out more about the Docker's project [Getting Help resources](../opensource/ways.md).
|
|
|
@ -11,96 +11,96 @@ involves security trade-offs and additional configuration steps.
|
||||||
|
|
||||||
## Deploy a plain HTTP registry
|
## Deploy a plain HTTP registry
|
||||||
|
|
||||||
> **Warning**:
|
{{< hint type=warning >}}
|
||||||
> It's not possible to use an insecure registry with basic authentication.
|
It's not possible to use an insecure registry with basic authentication.
|
||||||
{:.warning}
|
{{< /hint >}}
|
||||||
|
|
||||||
This procedure configures Docker to entirely disregard security for your
|
This procedure configures Docker to entirely disregard security for your
|
||||||
registry. This is **very** insecure and is not recommended. It exposes your
|
registry. This is **very** insecure and is not recommended. It exposes your
|
||||||
registry to trivial man-in-the-middle (MITM) attacks. Only use this solution for
|
registry to trivial man-in-the-middle (MITM) attacks. Only use this solution for
|
||||||
isolated testing or in a tightly controlled, air-gapped environment.
|
isolated testing or in a tightly controlled, air-gapped environment.
|
||||||
|
|
||||||
1. Edit the `daemon.json` file, whose default location is
|
1. Edit the `daemon.json` file, whose default location is
|
||||||
`/etc/docker/daemon.json` on Linux or
|
`/etc/docker/daemon.json` on Linux or
|
||||||
`C:\ProgramData\docker\config\daemon.json` on Windows Server. If you use
|
`C:\ProgramData\docker\config\daemon.json` on Windows Server. If you use
|
||||||
Docker Desktop for Mac or Docker Desktop for Windows, click the Docker icon, choose
|
Docker Desktop for Mac or Docker Desktop for Windows, click the Docker icon, choose
|
||||||
**Preferences** (Mac) or **Settings** (Windows), and choose **Docker Engine**.
|
**Preferences** (Mac) or **Settings** (Windows), and choose **Docker Engine**.
|
||||||
|
|
||||||
If the `daemon.json` file does not exist, create it. Assuming there are no
|
If the `daemon.json` file does not exist, create it. Assuming there are no
|
||||||
other settings in the file, it should have the following contents:
|
other settings in the file, it should have the following contents:
|
||||||
|
|
||||||
```json
|
```json
|
||||||
{
|
{
|
||||||
"insecure-registries" : ["myregistrydomain.com:5000"]
|
"insecure-registries" : ["myregistrydomain.com:5000"]
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
Substitute the address of your insecure registry for the one in the example.
|
Substitute the address of your insecure registry for the one in the example.
|
||||||
|
|
||||||
With insecure registries enabled, Docker goes through the following steps:
|
With insecure registries enabled, Docker goes through the following steps:
|
||||||
|
|
||||||
- First, try using HTTPS.
|
- First, try using HTTPS.
|
||||||
- If HTTPS is available but the certificate is invalid, ignore the error
|
|
||||||
about the certificate.
|
- If HTTPS is available but the certificate is invalid, ignore the error
|
||||||
- If HTTPS is not available, fall back to HTTP.
|
about the certificate.
|
||||||
|
|
||||||
|
- If HTTPS is not available, fall back to HTTP.
|
||||||
|
|
||||||
|
|
||||||
2. Restart Docker for the changes to take effect.
|
2. Restart Docker for the changes to take effect.
|
||||||
|
|
||||||
|
|
||||||
Repeat these steps on every Engine host that wants to access your registry.
|
Repeat these steps on every Engine host that wants to access your registry.
|
||||||
|
|
||||||
|
|
||||||
## Use self-signed certificates
|
## Use self-signed certificates
|
||||||
|
|
||||||
> **Warning**:
|
{{< hint type=warning >}}
|
||||||
> Using this along with basic authentication requires to **also** trust the certificate into the OS cert store for some versions of docker (see below)
|
Using this along with basic authentication requires to **also** trust the certificate into the OS cert store for some versions of docker (see below)
|
||||||
{:.warning}
|
{{< /hint >}}
|
||||||
|
|
||||||
This is more secure than the insecure registry solution.
|
This is more secure than the insecure registry solution.
|
||||||
|
|
||||||
1. Generate your own certificate:
|
1. Generate your own certificate:
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ mkdir -p certs
|
$ mkdir -p certs
|
||||||
|
|
||||||
$ openssl req \
|
$ openssl req \
|
||||||
-newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
|
-newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
|
||||||
-addext "subjectAltName = DNS:myregistry.domain.com" \
|
-addext "subjectAltName = DNS:myregistry.domain.com" \
|
||||||
-x509 -days 365 -out certs/domain.crt
|
-x509 -days 365 -out certs/domain.crt
|
||||||
```
|
```
|
||||||
|
|
||||||
Be sure to use the name `myregistry.domain.com` as a CN.
|
Be sure to use the name `myregistry.domain.com` as a CN.
|
||||||
|
|
||||||
2. Use the result to [start your registry with TLS enabled](./deploying.md#get-a-certificate).
|
2. Use the result to [start your registry with TLS enabled](../deploying#get-a-certificate).
|
||||||
|
|
||||||
3. Instruct every Docker daemon to trust that certificate. The way to do this
|
3. Instruct every Docker daemon to trust that certificate. The way to do this
|
||||||
depends on your OS.
|
depends on your OS.
|
||||||
|
|
||||||
- **Linux**: Copy the `domain.crt` file to
|
- **Linux**: Copy the `domain.crt` file to
|
||||||
`/etc/docker/certs.d/myregistrydomain.com:5000/ca.crt` on every Docker
|
`/etc/docker/certs.d/myregistrydomain.com:5000/ca.crt` on every Docker
|
||||||
host. You do not need to restart Docker.
|
host. You do not need to restart Docker.
|
||||||
|
|
||||||
- **Windows Server**:
|
- **Windows Server**:
|
||||||
|
|
||||||
1. Open Windows Explorer, right-click the `domain.crt`
|
1. Open Windows Explorer, right-click the `domain.crt`
|
||||||
file, and choose Install certificate. When prompted, select the following
|
file, and choose Install certificate. When prompted, select the following
|
||||||
options:
|
options:
|
||||||
|
|
||||||
| Store location | local machine |
|
| Store location | local machine |
|
||||||
| Place all certificates in the following store | selected |
|
| Place all certificates in the following store | selected |
|
||||||
|
|
||||||
2. Click **Browser** and select **Trusted Root Certificate Authorities**.
|
2. Click **Browser** and select **Trusted Root Certificate Authorities**.
|
||||||
|
|
||||||
3. Click **Finish**. Restart Docker.
|
3. Click **Finish**. Restart Docker.
|
||||||
|
|
||||||
- **Docker Desktop for Mac**: Follow the instructions in
|
- **Docker Desktop for Mac**: Follow the instructions in
|
||||||
[Adding custom CA certificates](../desktop/mac/index.md#add-tls-certificates){: target="_blank" rel="noopener" class="_"}.
|
[Adding custom CA certificates](https://docs.docker.com/desktop/mac/#add-tls-certificates).
|
||||||
Restart Docker.
|
Restart Docker.
|
||||||
|
|
||||||
- **Docker Desktop for Windows**: Follow the instructions in
|
- **Docker Desktop for Windows**: Follow the instructions in
|
||||||
[Adding custom CA certificates](../desktop/windows/index.md#adding-tls-certificates){: target="_blank" rel="noopener" class="_"}.
|
[Adding custom CA certificates](https://docs.docker.com/desktop/windows/#adding-tls-certificates).
|
||||||
Restart Docker.
|
Restart Docker.
|
||||||
|
|
||||||
|
|
||||||
## Troubleshoot insecure registry
|
## Troubleshoot insecure registry
|
|
@ -8,9 +8,9 @@ The Registry supports sending webhook notifications in response to events
|
||||||
happening within the registry. Notifications are sent in response to manifest
|
happening within the registry. Notifications are sent in response to manifest
|
||||||
pushes and pulls and layer pushes and pulls. These actions are serialized into
|
pushes and pulls and layer pushes and pulls. These actions are serialized into
|
||||||
events. The events are queued into a registry-internal broadcast system which
|
events. The events are queued into a registry-internal broadcast system which
|
||||||
queues and dispatches events to [_Endpoints_](notifications.md#endpoints).
|
queues and dispatches events to [_Endpoints_](#endpoints).
|
||||||
|
|
||||||
![Workflow of registry notifications](images/notifications.png)
|
![Workflow of registry notifications](/images/notifications.png)
|
||||||
|
|
||||||
## Endpoints
|
## Endpoints
|
||||||
|
|
||||||
|
@ -45,7 +45,7 @@ The above would configure the registry with an endpoint to send events to
|
||||||
5 failures happen consecutively, the registry backs off for 1 second before
|
5 failures happen consecutively, the registry backs off for 1 second before
|
||||||
trying again.
|
trying again.
|
||||||
|
|
||||||
For details on the fields, see the [configuration documentation](configuration.md#notifications).
|
For details on the fields, see the [configuration documentation](../configuration/#notifications).
|
||||||
|
|
||||||
A properly configured endpoint should lead to a log message from the registry
|
A properly configured endpoint should lead to a log message from the registry
|
||||||
upon startup:
|
upon startup:
|
|
@ -9,7 +9,7 @@ These recipes are not useful for most standard set-ups.
|
||||||
|
|
||||||
## Requirements
|
## Requirements
|
||||||
|
|
||||||
Before following these steps, work through the [deployment guide](../deploying.md).
|
Before following these steps, work through the [deployment guide](../about/deploying).
|
||||||
|
|
||||||
At this point, it's assumed that:
|
At this point, it's assumed that:
|
||||||
|
|
||||||
|
@ -21,8 +21,8 @@ At this point, it's assumed that:
|
||||||
|
|
||||||
## The List
|
## The List
|
||||||
|
|
||||||
* [using Apache as an authenticating proxy](apache.md)
|
* [using Apache as an authenticating proxy](apache)
|
||||||
* [using Nginx as an authenticating proxy](nginx.md)
|
* [using Nginx as an authenticating proxy](nginx)
|
||||||
* [running a Registry on macOS](osx-setup-guide.md)
|
* [running a Registry on macOS](osx-setup-guide)
|
||||||
* [mirror the Docker Hub](mirror.md)
|
* [mirror the Docker Hub](mirror)
|
||||||
* [start registry via systemd](systemd.md)
|
* [start registry via systemd](systemd)
|
|
@ -12,7 +12,7 @@ Usually, that includes enterprise setups using LDAP/AD on the backend and a SSO
|
||||||
|
|
||||||
### Alternatives
|
### Alternatives
|
||||||
|
|
||||||
If you just want authentication for your registry, and are happy maintaining users access separately, you should really consider sticking with the native [basic auth registry feature](../deploying.md#native-basic-auth).
|
If you just want authentication for your registry, and are happy maintaining users access separately, you should really consider sticking with the native [basic auth registry feature](/about/deploying#native-basic-auth).
|
||||||
|
|
||||||
### Solution
|
### Solution
|
||||||
|
|
||||||
|
@ -30,13 +30,13 @@ Furthermore, introducing an extra http layer in your communication pipeline adds
|
||||||
|
|
||||||
## Setting things up
|
## Setting things up
|
||||||
|
|
||||||
Read again [the requirements](index.md#requirements).
|
Read again [the requirements](../#requirements).
|
||||||
|
|
||||||
Ready?
|
Ready?
|
||||||
|
|
||||||
Run the following script:
|
Run the following script:
|
||||||
|
|
||||||
```
|
```sh
|
||||||
mkdir -p auth
|
mkdir -p auth
|
||||||
mkdir -p data
|
mkdir -p data
|
||||||
|
|
||||||
|
@ -191,19 +191,27 @@ EOF
|
||||||
|
|
||||||
Now, start your stack:
|
Now, start your stack:
|
||||||
|
|
||||||
docker-compose up -d
|
```console
|
||||||
|
$ docker-compose up -d
|
||||||
|
```
|
||||||
|
|
||||||
Log in with a "push" authorized user (using `testuserpush` and `testpasswordpush`), then tag and push your first image:
|
Log in with a "push" authorized user (using `testuserpush` and `testpasswordpush`), then tag and push your first image:
|
||||||
|
|
||||||
docker login myregistrydomain.com:5043
|
```console
|
||||||
docker tag ubuntu myregistrydomain.com:5043/test
|
$ docker login myregistrydomain.com:5043
|
||||||
docker push myregistrydomain.com:5043/test
|
$ docker tag ubuntu myregistrydomain.com:5043/test
|
||||||
|
$ docker push myregistrydomain.com:5043/test
|
||||||
|
```
|
||||||
|
|
||||||
Now, log in with a "pull-only" user (using `testuser` and `testpassword`), then pull back the image:
|
Now, log in with a "pull-only" user (using `testuser` and `testpassword`), then pull back the image:
|
||||||
|
|
||||||
docker login myregistrydomain.com:5043
|
```console
|
||||||
docker pull myregistrydomain.com:5043/test
|
$ docker login myregistrydomain.com:5043
|
||||||
|
$ docker pull myregistrydomain.com:5043/test
|
||||||
|
```
|
||||||
|
|
||||||
Verify that the "pull-only" can NOT push:
|
Verify that the "pull-only" can NOT push:
|
||||||
|
|
||||||
docker push myregistrydomain.com:5043/test
|
```console
|
||||||
|
$ docker push myregistrydomain.com:5043/test
|
||||||
|
```
|
|
@ -2,22 +2,16 @@
|
||||||
description: Setting-up a local mirror for Docker Hub images
|
description: Setting-up a local mirror for Docker Hub images
|
||||||
keywords: registry, on-prem, images, tags, repository, distribution, mirror, Hub, recipe, advanced
|
keywords: registry, on-prem, images, tags, repository, distribution, mirror, Hub, recipe, advanced
|
||||||
title: Registry as a pull through cache
|
title: Registry as a pull through cache
|
||||||
redirect_from:
|
|
||||||
- /engine/admin/registry_mirror/
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## Use-case
|
## Use-case
|
||||||
|
|
||||||
If you have multiple instances of Docker running in your environment, such as
|
If you have multiple consumers of containers running in your environment, such as
|
||||||
multiple physical or virtual machines all running Docker, each daemon goes out
|
multiple physical or virtual machines using containers, or a Kubernetes cluster,
|
||||||
to the internet and fetches an image it doesn't have locally, from the Docker
|
each cunsumer fetches an images it doesn't have locally, from the external registry.
|
||||||
repository. You can run a local registry mirror and point all your daemons
|
You can run a local registry mirror and point all your consumers
|
||||||
there, to avoid this extra internet traffic.
|
there, to avoid this extra internet traffic.
|
||||||
|
|
||||||
> **Note**
|
|
||||||
>
|
|
||||||
> Docker Official Images are an intellectual property of Docker.
|
|
||||||
|
|
||||||
### Alternatives
|
### Alternatives
|
||||||
|
|
||||||
Alternatively, if the set of images you are using is well delimited, you can
|
Alternatively, if the set of images you are using is well delimited, you can
|
||||||
|
@ -88,7 +82,8 @@ but this property does not hold true for a registry cache cluster.
|
||||||
|
|
||||||
> **Note**
|
> **Note**
|
||||||
>
|
>
|
||||||
> Service accounts included in the Team plan are limited to 5,000 pulls per day. See [Service Accounts](/docker-hub/service-accounts/) for more details.
|
> Service accounts included in the Team plan are limited to 5,000 pulls per day.
|
||||||
|
> See [Service Accounts](https://docs.docker.com/docker-hub/service-accounts/) for more details.
|
||||||
|
|
||||||
### Configure the cache
|
### Configure the cache
|
||||||
|
|
||||||
|
@ -113,12 +108,12 @@ proxy:
|
||||||
|
|
||||||
> **Warning**: For the scheduler to clean up old entries, `delete` must
|
> **Warning**: For the scheduler to clean up old entries, `delete` must
|
||||||
> be enabled in the registry configuration. See
|
> be enabled in the registry configuration. See
|
||||||
> [Registry Configuration](../configuration.md) for more details.
|
> [Registry Configuration](/about/configuration) for more details.
|
||||||
|
|
||||||
### Configure the Docker daemon
|
### Configure the Docker daemon
|
||||||
|
|
||||||
Either pass the `--registry-mirror` option when starting `dockerd` manually,
|
Either pass the `--registry-mirror` option when starting `dockerd` manually,
|
||||||
or edit [`/etc/docker/daemon.json`](../../engine/reference/commandline/dockerd.md#daemon-configuration-file)
|
or edit [`/etc/docker/daemon.json`](https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file)
|
||||||
and add the `registry-mirrors` key and value, to make the change persistent.
|
and add the `registry-mirrors` key and value, to make the change persistent.
|
||||||
|
|
||||||
```json
|
```json
|
207
docs/content/recipes/nginx.md
Normal file
|
@ -0,0 +1,207 @@
|
||||||
|
---
|
||||||
|
description: Restricting access to your registry using a nginx proxy
|
||||||
|
keywords: registry, on-prem, images, tags, repository, distribution, nginx, proxy, authentication, TLS, recipe, advanced
|
||||||
|
title: Authenticate proxy with nginx
|
||||||
|
---
|
||||||
|
|
||||||
|
## Use-case
|
||||||
|
|
||||||
|
People already relying on a nginx proxy to authenticate their users to other
|
||||||
|
services might want to leverage it and have Registry communications tunneled
|
||||||
|
through the same pipeline.
|
||||||
|
|
||||||
|
Usually, that includes enterprise setups using LDAP/AD on the backend and a SSO
|
||||||
|
mechanism fronting their internal http portal.
|
||||||
|
|
||||||
|
### Alternatives
|
||||||
|
|
||||||
|
If you just want authentication for your registry, and are happy maintaining
|
||||||
|
users access separately, you should really consider sticking with the native
|
||||||
|
[basic auth registry feature](/about/deploying#native-basic-auth).
|
||||||
|
|
||||||
|
### Solution
|
||||||
|
|
||||||
|
With the method presented here, you implement basic authentication for docker
|
||||||
|
engines in a reverse proxy that sits in front of your registry.
|
||||||
|
|
||||||
|
While we use a simple htpasswd file as an example, any other nginx
|
||||||
|
authentication backend should be fairly easy to implement once you are done with
|
||||||
|
the example.
|
||||||
|
|
||||||
|
We also implement push restriction (to a limited user group) for the sake of the
|
||||||
|
example. Again, you should modify this to fit your mileage.
|
||||||
|
|
||||||
|
### Gotchas
|
||||||
|
|
||||||
|
While this model gives you the ability to use whatever authentication backend
|
||||||
|
you want through the secondary authentication mechanism implemented inside your
|
||||||
|
proxy, it also requires that you move TLS termination from the Registry to the
|
||||||
|
proxy itself.
|
||||||
|
|
||||||
|
> **Note**: It is not recommended to bind your registry to `localhost:5000` without
|
||||||
|
> authentication. This creates a potential loophole in your registry security.
|
||||||
|
> As a result, anyone who can log on to the server where your registry is running
|
||||||
|
> can push images without authentication.
|
||||||
|
|
||||||
|
Furthermore, introducing an extra http layer in your communication pipeline
|
||||||
|
makes it more complex to deploy, maintain, and debug. Make sure the extra
|
||||||
|
complexity is required.
|
||||||
|
|
||||||
|
For instance, Amazon's Elastic Load Balancer (ELB) in HTTPS mode already sets
|
||||||
|
the following client header:
|
||||||
|
|
||||||
|
```none
|
||||||
|
X-Real-IP
|
||||||
|
X-Forwarded-For
|
||||||
|
X-Forwarded-Proto
|
||||||
|
```
|
||||||
|
|
||||||
|
So if you have an Nginx instance sitting behind it, remove these lines from the
|
||||||
|
example config below:
|
||||||
|
|
||||||
|
```none
|
||||||
|
proxy_set_header Host $http_host; # required for docker client's sake
|
||||||
|
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
```
|
||||||
|
|
||||||
|
Otherwise Nginx resets the ELB's values, and the requests are not routed
|
||||||
|
properly. For more information, see
|
||||||
|
[#970](https://github.com/distribution/distribution/issues/970).
|
||||||
|
|
||||||
|
## Setting things up
|
||||||
|
|
||||||
|
Review the [requirements](../#requirements), then follow these steps.
|
||||||
|
|
||||||
|
1. Create the required directories
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ mkdir -p auth data
|
||||||
|
```
|
||||||
|
|
||||||
|
2. Create the main nginx configuration. Paste this code block into a new file called `auth/nginx.conf`:
|
||||||
|
|
||||||
|
```conf
|
||||||
|
events {
|
||||||
|
worker_connections 1024;
|
||||||
|
}
|
||||||
|
|
||||||
|
http {
|
||||||
|
|
||||||
|
upstream docker-registry {
|
||||||
|
server registry:5000;
|
||||||
|
}
|
||||||
|
|
||||||
|
## Set a variable to help us decide if we need to add the
|
||||||
|
## 'Docker-Distribution-Api-Version' header.
|
||||||
|
## The registry always sets this header.
|
||||||
|
## In the case of nginx performing auth, the header is unset
|
||||||
|
## since nginx is auth-ing before proxying.
|
||||||
|
map $upstream_http_docker_distribution_api_version $docker_distribution_api_version {
|
||||||
|
'' 'registry/2.0';
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
server_name myregistrydomain.com;
|
||||||
|
|
||||||
|
# SSL
|
||||||
|
ssl_certificate /etc/nginx/conf.d/domain.crt;
|
||||||
|
ssl_certificate_key /etc/nginx/conf.d/domain.key;
|
||||||
|
|
||||||
|
# Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
|
||||||
|
ssl_protocols TLSv1.1 TLSv1.2;
|
||||||
|
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
ssl_session_cache shared:SSL:10m;
|
||||||
|
|
||||||
|
# disable any limits to avoid HTTP 413 for large image uploads
|
||||||
|
client_max_body_size 0;
|
||||||
|
|
||||||
|
# required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486)
|
||||||
|
chunked_transfer_encoding on;
|
||||||
|
|
||||||
|
location /v2/ {
|
||||||
|
# Do not allow connections from docker 1.5 and earlier
|
||||||
|
# docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
|
||||||
|
if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
|
||||||
|
return 404;
|
||||||
|
}
|
||||||
|
|
||||||
|
# To add basic authentication to v2 use auth_basic setting.
|
||||||
|
auth_basic "Registry realm";
|
||||||
|
auth_basic_user_file /etc/nginx/conf.d/nginx.htpasswd;
|
||||||
|
|
||||||
|
## If $docker_distribution_api_version is empty, the header is not added.
|
||||||
|
## See the map directive above where this variable is defined.
|
||||||
|
add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;
|
||||||
|
|
||||||
|
proxy_pass http://docker-registry;
|
||||||
|
proxy_set_header Host $http_host; # required for docker client's sake
|
||||||
|
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_read_timeout 900;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
3. Create a password file `auth/nginx.htpasswd` for "testuser" and "testpassword".
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ docker run --rm --entrypoint htpasswd registry:2 -Bbn testuser testpassword > auth/nginx.htpasswd
|
||||||
|
```
|
||||||
|
|
||||||
|
> **Note**: If you do not want to use `bcrypt`, you can omit the `-B` parameter.
|
||||||
|
|
||||||
|
4. Copy your certificate files to the `auth/` directory.
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ cp domain.crt auth
|
||||||
|
$ cp domain.key auth
|
||||||
|
```
|
||||||
|
|
||||||
|
5. Create the compose file. Paste the following YAML into a new file called `docker-compose.yml`.
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
version: "3"
|
||||||
|
|
||||||
|
services:
|
||||||
|
nginx:
|
||||||
|
# Note : Only nginx:alpine supports bcrypt.
|
||||||
|
# If you don't need to use bcrypt, you can use a different tag.
|
||||||
|
# Ref. https://github.com/nginxinc/docker-nginx/issues/29
|
||||||
|
image: "nginx:alpine"
|
||||||
|
ports:
|
||||||
|
- 5043:443
|
||||||
|
depends_on:
|
||||||
|
- registry
|
||||||
|
volumes:
|
||||||
|
- ./auth:/etc/nginx/conf.d
|
||||||
|
- ./auth/nginx.conf:/etc/nginx/nginx.conf:ro
|
||||||
|
|
||||||
|
registry:
|
||||||
|
image: registry:2
|
||||||
|
volumes:
|
||||||
|
- ./data:/var/lib/registry
|
||||||
|
```
|
||||||
|
|
||||||
|
## Starting and stopping
|
||||||
|
|
||||||
|
Now, start your stack:
|
||||||
|
|
||||||
|
```consonle
|
||||||
|
$ docker-compose up -d
|
||||||
|
```
|
||||||
|
|
||||||
|
Login with a "push" authorized user (using `testuser` and `testpassword`), then
|
||||||
|
tag and push your first image:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ docker login -u=testuser -p=testpassword -e=root@example.ch myregistrydomain.com:5043
|
||||||
|
$ docker tag ubuntu myregistrydomain.com:5043/test
|
||||||
|
$ docker push myregistrydomain.com:5043/test
|
||||||
|
$ docker pull myregistrydomain.com:5043/test
|
||||||
|
```
|
|
@ -26,49 +26,65 @@ If you know, safely skip to the next section.
|
||||||
|
|
||||||
If you don't, the TLDR is:
|
If you don't, the TLDR is:
|
||||||
|
|
||||||
bash < <(curl -s -S -L https://raw.githubusercontent.com/moovweb/gvm/master/binscripts/gvm-installer)
|
```console
|
||||||
source ~/.gvm/scripts/gvm
|
$ bash < <(curl -s -S -L https://raw.githubusercontent.com/moovweb/gvm/master/binscripts/gvm-installer)
|
||||||
gvm install go1.4.2
|
$ source ~/.gvm/scripts/gvm
|
||||||
gvm use go1.4.2
|
$ gvm install go1.4.2
|
||||||
|
$ gvm use go1.4.2
|
||||||
|
```
|
||||||
|
|
||||||
If you want to understand, you should read [How to Write Go Code](https://golang.org/doc/code.html).
|
If you want to understand, you should read [How to Write Go Code](https://golang.org/doc/code.html).
|
||||||
|
|
||||||
## Checkout the source tree
|
## Checkout the source tree
|
||||||
|
|
||||||
mkdir -p $GOPATH/src/github.com/distribution
|
```console
|
||||||
git clone https://github.com/distribution/distribution.git $GOPATH/src/github.com/distribution/distribution
|
$ mkdir -p $GOPATH/src/github.com/distribution
|
||||||
cd $GOPATH/src/github.com/distribution/distribution
|
$ git clone https://github.com/distribution/distribution.git $GOPATH/src/github.com/distribution/distribution
|
||||||
|
$ cd $GOPATH/src/github.com/distribution/distribution
|
||||||
|
```
|
||||||
|
|
||||||
## Build the binary
|
## Build the binary
|
||||||
|
|
||||||
GOPATH=$(PWD)/Godeps/_workspace:$GOPATH make binaries
|
```console
|
||||||
sudo mkdir -p /usr/local/libexec
|
$ GOPATH=$(PWD)/Godeps/_workspace:$GOPATH make binaries
|
||||||
sudo cp bin/registry /usr/local/libexec/registry
|
$ sudo mkdir -p /usr/local/libexec
|
||||||
|
$ sudo cp bin/registry /usr/local/libexec/registry
|
||||||
|
```
|
||||||
|
|
||||||
## Setup
|
## Setup
|
||||||
|
|
||||||
Copy the registry configuration file in place:
|
Copy the registry configuration file in place:
|
||||||
|
|
||||||
mkdir /Users/Shared/Registry
|
```console
|
||||||
cp docs/osx/config.yml /Users/Shared/Registry/config.yml
|
$ mkdir /Users/Shared/Registry
|
||||||
|
$ cp docs/osx/config.yml /Users/Shared/Registry/config.yml
|
||||||
|
```
|
||||||
|
|
||||||
## Run the registry under launchd
|
## Run the registry under launchd
|
||||||
|
|
||||||
Copy the registry plist into place:
|
Copy the registry plist into place:
|
||||||
|
|
||||||
plutil -lint docs/recipes/osx/com.docker.registry.plist
|
```console
|
||||||
cp docs/recipes/osx/com.docker.registry.plist ~/Library/LaunchAgents/
|
$ plutil -lint docs/recipes/osx/com.docker.registry.plist
|
||||||
chmod 644 ~/Library/LaunchAgents/com.docker.registry.plist
|
$ cp docs/recipes/osx/com.docker.registry.plist ~/Library/LaunchAgents/
|
||||||
|
$ chmod 644 ~/Library/LaunchAgents/com.docker.registry.plist
|
||||||
|
```
|
||||||
|
|
||||||
Start the registry:
|
Start the registry:
|
||||||
|
|
||||||
launchctl load ~/Library/LaunchAgents/com.docker.registry.plist
|
```console
|
||||||
|
$ launchctl load ~/Library/LaunchAgents/com.docker.registry.plist
|
||||||
|
```
|
||||||
|
|
||||||
### Restart the registry service
|
### Restart the registry service
|
||||||
|
|
||||||
launchctl stop com.docker.registry
|
```console
|
||||||
launchctl start com.docker.registry
|
$ launchctl stop com.docker.registry
|
||||||
|
$ launchctl start com.docker.registry
|
||||||
|
```
|
||||||
|
|
||||||
### Unload the registry service
|
### Unload the registry service
|
||||||
|
|
||||||
launchctl unload ~/Library/LaunchAgents/com.docker.registry.plist
|
```console
|
||||||
|
$ launchctl unload ~/Library/LaunchAgents/com.docker.registry.plist
|
||||||
|
```
|
|
@ -7,8 +7,9 @@ title: Start registry via systemd
|
||||||
## Use-case
|
## Use-case
|
||||||
|
|
||||||
Using systemd to manage containers can make service discovery and maintenance easier
|
Using systemd to manage containers can make service discovery and maintenance easier
|
||||||
by managining all services in the same way. Additionally, when using Podman, systemd
|
by managing all services in the same way. Additionally, when using Podman, systemd
|
||||||
can start the registry with socket-activation, providing additional security options:
|
can start the registry with socket-activation, providing additional security options:
|
||||||
|
|
||||||
* Run as non-root and expose on a low-numbered socket (< 1024)
|
* Run as non-root and expose on a low-numbered socket (< 1024)
|
||||||
* Run with `--network=none`
|
* Run with `--network=none`
|
||||||
|
|
||||||
|
@ -18,9 +19,10 @@ When deploying the registry via Docker, a simple service file can be used to man
|
||||||
the registry:
|
the registry:
|
||||||
|
|
||||||
registry.service
|
registry.service
|
||||||
```
|
|
||||||
|
```ini
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Docker registry
|
Description=Distribution registry
|
||||||
After=docker.service
|
After=docker.service
|
||||||
Requires=docker.service
|
Requires=docker.service
|
||||||
|
|
||||||
|
@ -40,7 +42,7 @@ WantedBy=multi-user.target
|
||||||
|
|
||||||
In this case, the registry will store images in the named-volume `registry`.
|
In this case, the registry will store images in the named-volume `registry`.
|
||||||
Note that the container is destroyed on restart instead of using `--rm` or
|
Note that the container is destroyed on restart instead of using `--rm` or
|
||||||
destroy on stop. This is done to make accessing `docker logs ...` easier in
|
destroy on stop. This is done to make accessing `docker logs ...` easier in
|
||||||
the case of issues.
|
the case of issues.
|
||||||
|
|
||||||
### Podman
|
### Podman
|
||||||
|
@ -50,7 +52,7 @@ socket-activation of containers.
|
||||||
|
|
||||||
#### Create service file
|
#### Create service file
|
||||||
|
|
||||||
```
|
```sh
|
||||||
podman create --name registry --network=none -v registry:/var/lib/registry registry:2
|
podman create --name registry --network=none -v registry:/var/lib/registry registry:2
|
||||||
podman generate systemd --name --new registry > registry.service
|
podman generate systemd --name --new registry > registry.service
|
||||||
```
|
```
|
||||||
|
@ -58,9 +60,10 @@ podman generate systemd --name --new registry > registry.service
|
||||||
#### Create socket file
|
#### Create socket file
|
||||||
|
|
||||||
registry.socket
|
registry.socket
|
||||||
```
|
|
||||||
|
```ini
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=container registry
|
Description=Distribution registry
|
||||||
|
|
||||||
[Socket]
|
[Socket]
|
||||||
ListenStream=5000
|
ListenStream=5000
|
||||||
|
@ -71,7 +74,7 @@ WantedBy=sockets.target
|
||||||
|
|
||||||
### Installation
|
### Installation
|
||||||
|
|
||||||
Installation can be either rootful or rootless. For Docker, rootless configurations
|
Installation can be either rootful or rootless. For Docker, rootless configurations
|
||||||
often include additional setup steps that are beyond the scope of this recipe, whereas
|
often include additional setup steps that are beyond the scope of this recipe, whereas
|
||||||
for Podman, rootless containers generally work out of the box.
|
for Podman, rootless containers generally work out of the box.
|
||||||
|
|
12
docs/content/spec/_index.md
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
title: "Reference Overview"
|
||||||
|
description: "Explains registry JSON objects"
|
||||||
|
keywords: registry, service, images, repository, json
|
||||||
|
---
|
||||||
|
|
||||||
|
# Docker Registry Reference
|
||||||
|
|
||||||
|
* [HTTP API V2](api)
|
||||||
|
* [Storage Driver](/storage-drivers/)
|
||||||
|
* [Token Authentication Specification](auth/token)
|
||||||
|
* [Token Authentication Implementation](auth/jwt)
|
|
@ -2,7 +2,7 @@
|
||||||
title: "HTTP API V2"
|
title: "HTTP API V2"
|
||||||
description: "Specification for the Registry API."
|
description: "Specification for the Registry API."
|
||||||
keywords: registry, on-prem, images, tags, repository, distribution, api, advanced
|
keywords: registry, on-prem, images, tags, repository, distribution, api, advanced
|
||||||
redirect_from:
|
aliases:
|
||||||
- /reference/api/registry_api/
|
- /reference/api/registry_api/
|
||||||
---
|
---
|
||||||
|
|
12
docs/content/spec/auth/_index.md
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
title: "Distribution Registry Token Authentication"
|
||||||
|
description: "Distribution Registry v2 authentication schema"
|
||||||
|
keywords: registry, on-prem, images, tags, repository, distribution, authentication, advanced
|
||||||
|
---
|
||||||
|
|
||||||
|
# Distribution Registry v2 authentication
|
||||||
|
|
||||||
|
See the [Token Authentication Specification](token),
|
||||||
|
[Token Authentication Implementation](jwt),
|
||||||
|
[Token Scope Documentation](scope),
|
||||||
|
[OAuth2 Token Authentication](oauth) for more information.
|
|
@ -1,10 +1,10 @@
|
||||||
---
|
---
|
||||||
title: "Token Authentication Implementation"
|
title: "Token Authentication Implementation"
|
||||||
description: "Describe the reference implementation of the Docker Registry v2 authentication schema"
|
description: "Describe the reference implementation of the Distribution Registry v2 authentication schema"
|
||||||
keywords: registry, on-prem, images, tags, repository, distribution, JWT authentication, advanced
|
keywords: registry, on-prem, images, tags, repository, distribution, JWT authentication, advanced
|
||||||
---
|
---
|
||||||
|
|
||||||
# Docker Registry v2 Bearer token specification
|
# Distribution Registry v2 Bearer token specification
|
||||||
|
|
||||||
This specification covers the `distribution/distribution` implementation of the
|
This specification covers the `distribution/distribution` implementation of the
|
||||||
v2 Registry's authentication schema. Specifically, it describes the JSON
|
v2 Registry's authentication schema. Specifically, it describes the JSON
|
|
@ -1,10 +1,10 @@
|
||||||
---
|
---
|
||||||
title: "Oauth2 Token Authentication"
|
title: "Oauth2 Token Authentication"
|
||||||
description: "Specifies the Docker Registry v2 authentication"
|
description: "Specifies the Distribution Registry v2 authentication"
|
||||||
keywords: registry, on-prem, images, tags, repository, distribution, oauth2, advanced
|
keywords: registry, on-prem, images, tags, repository, distribution, oauth2, advanced
|
||||||
---
|
---
|
||||||
|
|
||||||
# Docker Registry v2 authentication using OAuth2
|
# Distribution Registry v2 authentication using OAuth2
|
||||||
|
|
||||||
This document describes support for the OAuth2 protocol within the authorization
|
This document describes support for the OAuth2 protocol within the authorization
|
||||||
server. [RFC6749](https://tools.ietf.org/html/rfc6749) should be used as a
|
server. [RFC6749](https://tools.ietf.org/html/rfc6749) should be used as a
|
||||||
|
@ -12,7 +12,7 @@ reference for the protocol and HTTP endpoints described here.
|
||||||
|
|
||||||
**Note**: Not all token servers implement oauth2. If the request to the endpoint
|
**Note**: Not all token servers implement oauth2. If the request to the endpoint
|
||||||
returns `404` using the HTTP `POST` method, refer to
|
returns `404` using the HTTP `POST` method, refer to
|
||||||
[Token Documentation](token.md) for using the HTTP `GET` method supported by all
|
[Token Documentation](../token) for using the HTTP `GET` method supported by all
|
||||||
token servers.
|
token servers.
|
||||||
|
|
||||||
## Refresh token format
|
## Refresh token format
|
||||||
|
@ -161,7 +161,7 @@ Content-Type: application/x-www-form-urlencoded
|
||||||
|
|
||||||
#### Example getting refresh token
|
#### Example getting refresh token
|
||||||
|
|
||||||
```
|
```none
|
||||||
POST /token HTTP/1.1
|
POST /token HTTP/1.1
|
||||||
Host: auth.docker.io
|
Host: auth.docker.io
|
||||||
Content-Type: application/x-www-form-urlencoded
|
Content-Type: application/x-www-form-urlencoded
|
||||||
|
@ -176,7 +176,7 @@ Content-Type: application/json
|
||||||
|
|
||||||
#### Example refreshing an Access Token
|
#### Example refreshing an Access Token
|
||||||
|
|
||||||
```
|
```none
|
||||||
POST /token HTTP/1.1
|
POST /token HTTP/1.1
|
||||||
Host: auth.docker.io
|
Host: auth.docker.io
|
||||||
Content-Type: application/x-www-form-urlencoded
|
Content-Type: application/x-www-form-urlencoded
|
|
@ -4,7 +4,7 @@ description: "Describes the scope and access fields used for registry authorizat
|
||||||
keywords: registry, on-prem, images, tags, repository, distribution, advanced, access, scope
|
keywords: registry, on-prem, images, tags, repository, distribution, advanced, access, scope
|
||||||
---
|
---
|
||||||
|
|
||||||
# Docker Registry Token Scope and Access
|
# Distribution Registry Token Scope and Access
|
||||||
|
|
||||||
Tokens used by the registry are always restricted what resources they may
|
Tokens used by the registry are always restricted what resources they may
|
||||||
be used to access, where those resources may be accessed, and what actions
|
be used to access, where those resources may be accessed, and what actions
|
||||||
|
@ -41,10 +41,11 @@ is authorized for a specific resource.
|
||||||
|
|
||||||
#### Resource Class
|
#### Resource Class
|
||||||
|
|
||||||
> [!WARNING]
|
{{< hint type=warning >}}
|
||||||
> Resource Class is deprecated and ignored.
|
Resource Class is deprecated and ignored.
|
||||||
> `repository` and `repository(plugin)` are considered equal when authorizing a token.
|
`repository` and `repository(plugin)` are considered equal when authorizing a token.
|
||||||
> Authorization services should no longer return scopes with a resource class.
|
Authorization services should no longer return scopes with a resource class.
|
||||||
|
{{< /hint >}}
|
||||||
|
|
||||||
The resource type might have a resource class which further classifies the
|
The resource type might have a resource class which further classifies the
|
||||||
the resource name within the resource type. A class is not required and
|
the resource name within the resource type. A class is not required and
|
||||||
|
@ -108,11 +109,13 @@ Full reference grammar is defined
|
||||||
[here](https://pkg.go.dev/github.com/distribution/distribution/reference). Currently
|
[here](https://pkg.go.dev/github.com/distribution/distribution/reference). Currently
|
||||||
the scope name grammar is a subset of the reference grammar.
|
the scope name grammar is a subset of the reference grammar.
|
||||||
|
|
||||||
> **NOTE:** that the `resourcename` may contain one `:` due to a possible port
|
{{< hint type=note >}}
|
||||||
> number in the hostname component of the `resourcename`, so a naive
|
Note that the `resourcename` may contain one `:` due to a possible port
|
||||||
> implementation that interprets the first three `:`-delimited tokens of a
|
number in the hostname component of the `resourcename`, so a naive
|
||||||
> `scope` to be the `resourcetype`, `resourcename`, and a list of `action`
|
implementation that interprets the first three `:`-delimited tokens of a
|
||||||
> would be insufficient.
|
`scope` to be the `resourcetype`, `resourcename`, and a list of `action`
|
||||||
|
would be insufficient.
|
||||||
|
{{< /hint >}}
|
||||||
|
|
||||||
## Resource Provider Use
|
## Resource Provider Use
|
||||||
|
|
||||||
|
@ -141,7 +144,7 @@ Each JWT access token may only have a single subject and audience but multiple
|
||||||
resource scopes. The subject and audience are put into standard JWT fields
|
resource scopes. The subject and audience are put into standard JWT fields
|
||||||
`sub` and `aud`. The resource scope is put into the `access` field. The
|
`sub` and `aud`. The resource scope is put into the `access` field. The
|
||||||
structure of the access field can be seen in the
|
structure of the access field can be seen in the
|
||||||
[jwt documentation](jwt.md).
|
[jwt documentation](../jwt).
|
||||||
|
|
||||||
## Refresh Tokens
|
## Refresh Tokens
|
||||||
|
|
|
@ -1,14 +1,14 @@
|
||||||
---
|
---
|
||||||
title: "Token Authentication Specification"
|
title: "Token Authentication Specification"
|
||||||
description: "Specifies the Docker Registry v2 authentication"
|
description: "Specifies the Distribution Registry v2 authentication"
|
||||||
keywords: registry, on-prem, images, tags, repository, distribution, Bearer authentication, advanced
|
keywords: registry, on-prem, images, tags, repository, distribution, Bearer authentication, advanced
|
||||||
---
|
---
|
||||||
|
|
||||||
# Docker Registry v2 authentication via central service
|
# Distribution Registry v2 authentication via central service
|
||||||
|
|
||||||
This document outlines the v2 Docker registry authentication scheme:
|
This document outlines the v2 Distribution registry authentication scheme:
|
||||||
|
|
||||||
![v2 registry auth](../images/v2-registry-auth.png)
|
![v2 registry auth](/images/v2-registry-auth.png)
|
||||||
|
|
||||||
1. Attempt to begin a push/pull operation with the registry.
|
1. Attempt to begin a push/pull operation with the registry.
|
||||||
2. If the registry requires authorization it will return a `401 Unauthorized`
|
2. If the registry requires authorization it will return a `401 Unauthorized`
|
||||||
|
@ -27,9 +27,9 @@ This document outlines the v2 Docker registry authentication scheme:
|
||||||
- Registry clients which can understand and respond to token auth challenges
|
- Registry clients which can understand and respond to token auth challenges
|
||||||
returned by the resource server.
|
returned by the resource server.
|
||||||
- An authorization server capable of managing access controls to their
|
- An authorization server capable of managing access controls to their
|
||||||
resources hosted by any given service (such as repositories in a Docker
|
resources hosted by any given service (such as repositories in a Distribution
|
||||||
Registry).
|
Registry).
|
||||||
- A Docker Registry capable of trusting the authorization server to sign tokens
|
- A Distribution Registry capable of trusting the authorization server to sign tokens
|
||||||
which clients can use for authorization and the ability to verify these
|
which clients can use for authorization and the ability to verify these
|
||||||
tokens for single use or for use during a sufficiently short period of time.
|
tokens for single use or for use during a sufficiently short period of time.
|
||||||
|
|
||||||
|
@ -39,11 +39,8 @@ The described server is meant to serve as a standalone access control manager
|
||||||
for resources hosted by other services which wish to authenticate and manage
|
for resources hosted by other services which wish to authenticate and manage
|
||||||
authorizations using a separate access control manager.
|
authorizations using a separate access control manager.
|
||||||
|
|
||||||
A service like this is used by the official Docker Registry to authenticate
|
A service like this is used by public and private registries to authenticate
|
||||||
clients and verify their authorization to Docker image repositories.
|
clients and verify their authorization to image repositories.
|
||||||
|
|
||||||
As of Docker 1.6, the registry client within the Docker Engine has been updated
|
|
||||||
to handle such an authorization workflow.
|
|
||||||
|
|
||||||
## How to authenticate
|
## How to authenticate
|
||||||
|
|
||||||
|
@ -191,7 +188,7 @@ https://auth.docker.io/token?service=registry.docker.io&scope=repository:samalba
|
||||||
|
|
||||||
The token server should first attempt to authenticate the client using any
|
The token server should first attempt to authenticate the client using any
|
||||||
authentication credentials provided with the request. From Docker 1.11 the
|
authentication credentials provided with the request. From Docker 1.11 the
|
||||||
Docker engine supports both Basic Authentication and [OAuth2](oauth.md) for
|
Docker engine supports both Basic Authentication and [OAuth2](../oauth) for
|
||||||
getting tokens. Docker 1.10 and before, the registry client in the Docker Engine
|
getting tokens. Docker 1.10 and before, the registry client in the Docker Engine
|
||||||
only supports Basic Authentication. If an attempt to authenticate to the token
|
only supports Basic Authentication. If an attempt to authenticate to the token
|
||||||
server fails, the token server should return a `401 Unauthorized` response
|
server fails, the token server should return a `401 Unauthorized` response
|
|
@ -1,10 +1,9 @@
|
||||||
---
|
---
|
||||||
title: Update deprecated schema image manifest version 2, v1 images
|
title: Image manifest version 2, schema 1
|
||||||
description: Update deprecated schema v1 iamges
|
description: Update deprecated schema v1 images
|
||||||
keywords: registry, on-prem, images, tags, repository, distribution, api, advanced, manifest
|
keywords: registry, on-prem, images, tags, repository, distribution, api, advanced, manifest
|
||||||
---
|
---
|
||||||
|
|
||||||
## Image manifest version 2, schema 1
|
|
||||||
With the release of image manifest version 2, schema 2, image manifest version
|
With the release of image manifest version 2, schema 2, image manifest version
|
||||||
2, schema 1 has been deprecated. This could lead to compatibility and
|
2, schema 1 has been deprecated. This could lead to compatibility and
|
||||||
vulnerability issues in images that haven't been updated to image manifest
|
vulnerability issues in images that haven't been updated to image manifest
|
||||||
|
@ -17,7 +16,7 @@ associated with the deprecated image manifest that will block your image from
|
||||||
running successfully. A list of possible methods to help update your image is
|
running successfully. A list of possible methods to help update your image is
|
||||||
also included below.
|
also included below.
|
||||||
|
|
||||||
### Update to image manifest version 2, schema 2
|
## Update to image manifest version 2, schema 2
|
||||||
|
|
||||||
One way to upgrade an image from image manifest version 2, schema 1 to
|
One way to upgrade an image from image manifest version 2, schema 1 to
|
||||||
schema 2 is to `docker pull` the image and then `docker push` the image with a
|
schema 2 is to `docker pull` the image and then `docker push` the image with a
|
||||||
|
@ -29,8 +28,7 @@ manifest format, but does not update the contents within the image. Images
|
||||||
using manifest version 2, schema 1 may contain unpatched vulnerabilities. We
|
using manifest version 2, schema 1 may contain unpatched vulnerabilities. We
|
||||||
recommend looking for an alternative image or rebuilding it.
|
recommend looking for an alternative image or rebuilding it.
|
||||||
|
|
||||||
|
## Update FROM statement
|
||||||
### Update FROM statement
|
|
||||||
|
|
||||||
You can rebuild the image by updating the `FROM` statement in your
|
You can rebuild the image by updating the `FROM` statement in your
|
||||||
`Dockerfile`. If your image manifest is out-of-date, there is a chance the
|
`Dockerfile`. If your image manifest is out-of-date, there is a chance the
|
Before Width: | Height: | Size: 11 KiB After Width: | Height: | Size: 11 KiB |
|
@ -1,14 +1,14 @@
|
||||||
---
|
---
|
||||||
published: false
|
draft: true
|
||||||
---
|
---
|
||||||
|
|
||||||
# Distribution API Implementations
|
# Distribution API Implementations
|
||||||
|
|
||||||
This is a list of known implementations of the Distribution API spec.
|
This is a list of known implementations of the Distribution API spec.
|
||||||
|
|
||||||
## [Docker Distribution Registry](https://github.com/distribution/distribution)
|
## [CNCF Distribution Registry](https://github.com/distribution/distribution)
|
||||||
|
|
||||||
Docker distribution is the reference implementation of the distribution API
|
CNCF distribution is the reference implementation of the distribution API
|
||||||
specification. It aims to fully implement the entire specification.
|
specification. It aims to fully implement the entire specification.
|
||||||
|
|
||||||
### Releases
|
### Releases
|
|
@ -1,15 +1,15 @@
|
||||||
---
|
---
|
||||||
published: false
|
draft: true
|
||||||
title: "Docker Distribution JSON Canonicalization"
|
title: "CNCF Distribution JSON Canonicalization"
|
||||||
description: "Explains registry JSON objects"
|
description: "Explains registry JSON objects"
|
||||||
keywords: ["registry, service, images, repository, json"]
|
keywords: ["registry, service, images, repository, json"]
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Docker Distribution JSON Canonicalization
|
# CNCF Distribution JSON Canonicalization
|
||||||
|
|
||||||
To provide consistent content hashing of JSON objects throughout Docker
|
To provide consistent content hashing of JSON objects throughout CNCF
|
||||||
Distribution APIs, the specification defines a canonical JSON format. Adopting
|
Distribution APIs, the specification defines a canonical JSON format. Adopting
|
||||||
such a canonicalization also aids in caching JSON responses.
|
such a canonicalization also aids in caching JSON responses.
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
title: "Image Manifest V 2, Schema 2 "
|
title: "Image Manifest V 2, Schema 2"
|
||||||
description: "image manifest for the Registry."
|
description: "image manifest for the Registry."
|
||||||
keywords: registry, on-prem, images, tags, repository, distribution, api, advanced, manifest
|
keywords: registry, on-prem, images, tags, repository, distribution, api, advanced, manifest
|
||||||
---
|
---
|
||||||
|
@ -10,7 +10,7 @@ This document outlines the format of the V2 image manifest, schema version 2.
|
||||||
The original (and provisional) image manifest for V2 (schema 1), was introduced
|
The original (and provisional) image manifest for V2 (schema 1), was introduced
|
||||||
in the Docker daemon in the [v1.3.0
|
in the Docker daemon in the [v1.3.0
|
||||||
release](https://github.com/docker/docker/commit/9f482a66ab37ec396ac61ed0c00d59122ac07453)
|
release](https://github.com/docker/docker/commit/9f482a66ab37ec396ac61ed0c00d59122ac07453)
|
||||||
and is specified in the [schema 1 manifest definition](manifest-v2-1.md)
|
and is now deprecated.
|
||||||
|
|
||||||
This second schema version has two primary goals. The first is to allow
|
This second schema version has two primary goals. The first is to allow
|
||||||
multi-architecture images, through a "fat manifest" which references image
|
multi-architecture images, through a "fat manifest" which references image
|
||||||
|
@ -71,7 +71,7 @@ image manifest based on the Content-Type returned in the HTTP response.
|
||||||
- **`digest`** *string*
|
- **`digest`** *string*
|
||||||
|
|
||||||
The digest of the content, as defined by the
|
The digest of the content, as defined by the
|
||||||
[Registry V2 HTTP API Specificiation](api.md#digest-parameter).
|
[Registry V2 HTTP API Specificiation](../api#digest-parameter).
|
||||||
|
|
||||||
- **`platform`** *object*
|
- **`platform`** *object*
|
||||||
|
|
||||||
|
@ -113,7 +113,8 @@ image manifest based on the Content-Type returned in the HTTP response.
|
||||||
|
|
||||||
## Example Manifest List
|
## Example Manifest List
|
||||||
|
|
||||||
*Example showing a simple manifest list pointing to image manifests for two platforms:*
|
Example showing a simple manifest list pointing to image manifests for two platforms:
|
||||||
|
|
||||||
```json
|
```json
|
||||||
{
|
{
|
||||||
"schemaVersion": 2,
|
"schemaVersion": 2,
|
||||||
|
@ -186,7 +187,7 @@ image. It's the direct replacement for the schema-1 manifest.
|
||||||
- **`digest`** *string*
|
- **`digest`** *string*
|
||||||
|
|
||||||
The digest of the content, as defined by the
|
The digest of the content, as defined by the
|
||||||
[Registry V2 HTTP API Specificiation](api.md#digest-parameter).
|
[Registry V2 HTTP API Specificiation](../api#digest-parameter).
|
||||||
|
|
||||||
- **`layers`** *array*
|
- **`layers`** *array*
|
||||||
|
|
||||||
|
@ -212,7 +213,7 @@ image. It's the direct replacement for the schema-1 manifest.
|
||||||
- **`digest`** *string*
|
- **`digest`** *string*
|
||||||
|
|
||||||
The digest of the content, as defined by the
|
The digest of the content, as defined by the
|
||||||
[Registry V2 HTTP API Specificiation](api.md#digest-parameter).
|
[Registry V2 HTTP API Specificiation](../api#digest-parameter).
|
||||||
|
|
||||||
- **`urls`** *array*
|
- **`urls`** *array*
|
||||||
|
|
||||||
|
@ -222,7 +223,8 @@ image. It's the direct replacement for the schema-1 manifest.
|
||||||
|
|
||||||
## Example Image Manifest
|
## Example Image Manifest
|
||||||
|
|
||||||
*Example showing an image manifest:*
|
Example showing an image manifest:
|
||||||
|
|
||||||
```json
|
```json
|
||||||
{
|
{
|
||||||
"schemaVersion": 2,
|
"schemaVersion": 2,
|
|
@ -1,8 +1,6 @@
|
||||||
---
|
---
|
||||||
description: Explains how to use storage drivers
|
description: Explains how to use storage drivers
|
||||||
keywords: registry, on-prem, images, tags, repository, distribution, storage drivers, advanced
|
keywords: registry, on-prem, images, tags, repository, distribution, storage drivers, advanced
|
||||||
redirect_from:
|
|
||||||
- /registry/storagedrivers/
|
|
||||||
title: Registry storage driver
|
title: Registry storage driver
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -12,11 +10,11 @@ This document describes the registry storage driver model, implementation, and e
|
||||||
|
|
||||||
This storage driver package comes bundled with several drivers:
|
This storage driver package comes bundled with several drivers:
|
||||||
|
|
||||||
- [inmemory](inmemory.md): A temporary storage driver using a local inmemory map. This exists solely for reference and testing.
|
- [inmemory](inmemory): A temporary storage driver using a local inmemory map. This exists solely for reference and testing.
|
||||||
- [filesystem](filesystem.md): A local storage driver configured to use a directory tree in the local filesystem.
|
- [filesystem](filesystem): A local storage driver configured to use a directory tree in the local filesystem.
|
||||||
- [s3](s3.md): A driver storing objects in an Amazon Simple Storage Service (S3) bucket.
|
- [s3](s3): A driver storing objects in an Amazon Simple Storage Service (S3) bucket.
|
||||||
- [azure](azure.md): A driver storing objects in [Microsoft Azure Blob Storage](https://azure.microsoft.com/en-us/services/storage/).
|
- [azure](azure): A driver storing objects in [Microsoft Azure Blob Storage](https://azure.microsoft.com/en-us/services/storage/).
|
||||||
- [gcs](gcs.md): A driver storing objects in a [Google Cloud Storage](https://cloud.google.com/storage/) bucket.
|
- [gcs](gcs): A driver storing objects in a [Google Cloud Storage](https://cloud.google.com/storage/) bucket.
|
||||||
- oss: *NO LONGER SUPPORTED*
|
- oss: *NO LONGER SUPPORTED*
|
||||||
- swift: *NO LONGER SUPPORTED*
|
- swift: *NO LONGER SUPPORTED*
|
||||||
|
|
||||||
|
@ -41,16 +39,17 @@ with a driver name and parameters map. If no such storage driver can be found,
|
||||||
## Driver contribution
|
## Driver contribution
|
||||||
|
|
||||||
New storage drivers are not currently being accepted.
|
New storage drivers are not currently being accepted.
|
||||||
See https://github.com/distribution/distribution/issues/3988 for discussion.
|
See <https://github.com/distribution/distribution/issues/3988> for discussion.
|
||||||
|
|
||||||
There are forks of this repo that implement custom storage drivers.
|
There are forks of this repo that implement custom storage drivers.
|
||||||
These are not supported by the OCI distribution project.
|
These are not supported by the OCI distribution project.
|
||||||
The known forks are:
|
The known forks are:
|
||||||
- Storj DCS: https://github.com/storj/docker-registry
|
|
||||||
- HuaweiCloud OBS: https://github.com/setoru/distribution/tree/obs
|
- Storj DCS: <https://github.com/storj/docker-registry>
|
||||||
- us3: https://github.com/lambertxiao/distribution/tree/main
|
- HuaweiCloud OBS: <https://github.com/setoru/distribution/tree/obs>
|
||||||
- Baidu BOS: https://github.com/dolfly/distribution/tree/bos
|
- us3: <https://github.com/lambertxiao/distribution/tree/main>
|
||||||
- HDFS: https://github.com/haosdent/distribution/tree/master
|
- Baidu BOS: <https://github.com/dolfly/distribution/tree/bos>
|
||||||
|
- HDFS: <https://github.com/haosdent/distribution/tree/master>
|
||||||
|
|
||||||
### Writing new storage drivers
|
### Writing new storage drivers
|
||||||
|
|
|
@ -15,5 +15,6 @@ An implementation of the `storagedriver.StorageDriver` interface which uses Goog
|
||||||
| `rootdirectory` | no | The root directory tree in which all registry files are stored. Defaults to the empty string (bucket root). If a prefix is used, the path `bucketname/<prefix>` has to be pre-created before starting the registry. The prefix is applied to all Google Cloud Storage keys to allow you to segment data in your bucket if necessary.|
|
| `rootdirectory` | no | The root directory tree in which all registry files are stored. Defaults to the empty string (bucket root). If a prefix is used, the path `bucketname/<prefix>` has to be pre-created before starting the registry. The prefix is applied to all Google Cloud Storage keys to allow you to segment data in your bucket if necessary.|
|
||||||
| `chunksize` | no (default 5242880) | This is the chunk size used for uploading large blobs, must be a multiple of 256*1024. |
|
| `chunksize` | no (default 5242880) | This is the chunk size used for uploading large blobs, must be a multiple of 256*1024. |
|
||||||
|
|
||||||
**Note:** Instead of a key file you can use [Google Application Default Credentials](https://developers.google.com/identity/protocols/application-default-credentials).
|
{{< hint type=note >}}
|
||||||
|
Instead of a key file you can use [Google Application Default Credentials](https://developers.google.com/identity/protocols/application-default-credentials).
|
||||||
|
{{< /hint >}}
|
|
@ -7,9 +7,11 @@ title: In-memory storage driver (testing only)
|
||||||
For purely tests purposes, you can use the `inmemory` storage driver. This
|
For purely tests purposes, you can use the `inmemory` storage driver. This
|
||||||
driver is an implementation of the `storagedriver.StorageDriver` interface which
|
driver is an implementation of the `storagedriver.StorageDriver` interface which
|
||||||
uses local memory for object storage. If you would like to run a registry from
|
uses local memory for object storage. If you would like to run a registry from
|
||||||
volatile memory, use the [`filesystem` driver](filesystem.md) on a ramdisk.
|
volatile memory, use the [`filesystem` driver](../filesystem) on a ramdisk.
|
||||||
|
|
||||||
**IMPORTANT**: This storage driver *does not* persist data across runs. This is why it is only suitable for testing. *Never* use this driver in production.
|
{{< hint type=important >}}
|
||||||
|
This storage driver *does not* persist data across runs. This is why it is only suitable for testing. *Never* use this driver in production.
|
||||||
|
{{< /hint >}}
|
||||||
|
|
||||||
## Parameters
|
## Parameters
|
||||||
|
|
|
@ -11,8 +11,8 @@ Amazon S3 or S3 compatible services for object storage.
|
||||||
|
|
||||||
| Parameter | Required | Description |
|
| Parameter | Required | Description |
|
||||||
|:--------------|:---------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
|:--------------|:---------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||||
| `accesskey` | no | Your AWS Access Key. If you use [IAM roles](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html), omit to fetch temporary credentials from IAM. |
|
| `accesskey` | no | Your AWS Access Key. If you use [IAM roles](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html), omit to fetch temporary credentials from IAM. |
|
||||||
| `secretkey` | no | Your AWS Secret Key. If you use [IAM roles](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html), omit to fetch temporary credentials from IAM. |
|
| `secretkey` | no | Your AWS Secret Key. If you use [IAM roles](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html), omit to fetch temporary credentials from IAM. |
|
||||||
| `region` | yes | The AWS region in which your bucket exists. |
|
| `region` | yes | The AWS region in which your bucket exists. |
|
||||||
| `regionendpoint` | no | Endpoint for S3 compatible storage services (Minio, etc). |
|
| `regionendpoint` | no | Endpoint for S3 compatible storage services (Minio, etc). |
|
||||||
| `forcepathstyle` | no | To enable path-style addressing when the value is set to `true`. The default is `true`. |
|
| `forcepathstyle` | no | To enable path-style addressing when the value is set to `true`. The default is `true`. |
|
||||||
|
@ -30,10 +30,10 @@ Amazon S3 or S3 compatible services for object storage.
|
||||||
|
|
||||||
> **Note** You can provide empty strings for your access and secret keys to run the driver
|
> **Note** You can provide empty strings for your access and secret keys to run the driver
|
||||||
> on an ec2 instance and handles authentication with the instance's credentials. If you
|
> on an ec2 instance and handles authentication with the instance's credentials. If you
|
||||||
> use [IAM roles](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html),
|
> use [IAM roles](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html),
|
||||||
> omit these keys to fetch temporary credentials from IAM.
|
> omit these keys to fetch temporary credentials from IAM.
|
||||||
|
|
||||||
`region`: The name of the aws region in which you would like to store objects (for example `us-east-1`). For a list of regions, see [Regions, Availability Zones, and Local Zones](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html).
|
`region`: The name of the aws region in which you would like to store objects (for example `us-east-1`). For a list of regions, see [Regions, Availability Zones, and Local Zones](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html).
|
||||||
|
|
||||||
`regionendpoint`: (optional) Endpoint URL for S3 compatible APIs. This should not be provided when using Amazon S3.
|
`regionendpoint`: (optional) Endpoint URL for S3 compatible APIs. This should not be provided when using Amazon S3.
|
||||||
|
|
||||||
|
@ -55,7 +55,7 @@ Amazon S3 or S3 compatible services for object storage.
|
||||||
|
|
||||||
`storageclass`: (optional) The storage class applied to each registry file. Defaults to STANDARD. Valid options are STANDARD and REDUCED_REDUNDANCY.
|
`storageclass`: (optional) The storage class applied to each registry file. Defaults to STANDARD. Valid options are STANDARD and REDUCED_REDUNDANCY.
|
||||||
|
|
||||||
`objectacl`: (optional) The canned object ACL to be applied to each registry object. Defaults to `private`. If you are using a bucket owned by another AWS account, it is recommended that you set this to `bucket-owner-full-control` so that the bucket owner can access your objects. Other valid options are available in the [AWS S3 documentation](http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl).
|
`objectacl`: (optional) The canned object ACL to be applied to each registry object. Defaults to `private`. If you are using a bucket owned by another AWS account, it is recommended that you set this to `bucket-owner-full-control` so that the bucket owner can access your objects. Other valid options are available in the [AWS S3 documentation](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl).
|
||||||
|
|
||||||
`loglevel`: (optional) Valid values are: `off` (default), `debug`, `debugwithsigning`, `debugwithhttpbody`, `debugwithrequestretries`, `debugwithrequesterrors` and `debugwitheventstreambody`. See the [AWS SDK for Go API reference](https://docs.aws.amazon.com/sdk-for-go/api/aws/#LogLevelType) for details.
|
`loglevel`: (optional) Valid values are: `off` (default), `debug`, `debugwithsigning`, `debugwithhttpbody`, `debugwithrequestretries`, `debugwithrequesterrors` and `debugwitheventstreambody`. See the [AWS SDK for Go API reference](https://docs.aws.amazon.com/sdk-for-go/api/aws/#LogLevelType) for details.
|
||||||
|
|
||||||
|
@ -91,7 +91,7 @@ The following AWS policy is required by the registry for push and pull. Make sur
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
See [the S3 policy documentation](http://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) for more details.
|
See [the S3 policy documentation](https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) for more details.
|
||||||
|
|
||||||
# CloudFront as Middleware with S3 backend
|
# CloudFront as Middleware with S3 backend
|
||||||
|
|
||||||
|
@ -112,7 +112,7 @@ to see whether you need CloudFront or S3 Transfer Acceleration.
|
||||||
|
|
||||||
If you are unfamiliar with creating a CloudFront distribution, see [Getting
|
If you are unfamiliar with creating a CloudFront distribution, see [Getting
|
||||||
Started with
|
Started with
|
||||||
Cloudfront](http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/GettingStarted.html).
|
Cloudfront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/GettingStarted.html).
|
||||||
|
|
||||||
Defaults can be kept in most areas except:
|
Defaults can be kept in most areas except:
|
||||||
|
|
||||||
|
@ -162,4 +162,4 @@ middleware:
|
||||||
|
|
||||||
A CloudFront key-pair is required for all AWS accounts needing access to your
|
A CloudFront key-pair is required for all AWS accounts needing access to your
|
||||||
CloudFront distribution. You must have access to your AWS account's root credentials to create the required Cloudfront keypair. For information, see [Creating CloudFront Key
|
CloudFront distribution. You must have access to your AWS account's root credentials to create the required Cloudfront keypair. For information, see [Creating CloudFront Key
|
||||||
Pairs](http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html#private-content-creating-cloudfront-key-pairs).
|
Pairs](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html#private-content-creating-cloudfront-key-pairs).
|
6
docs/data/menu/extra.yaml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
header:
|
||||||
|
- name: GitHub
|
||||||
|
ref: https://github.com/distribution/distribution/
|
||||||
|
icon: gdoc_github
|
||||||
|
external: true
|
|
@ -1,20 +0,0 @@
|
||||||
---
|
|
||||||
description: describes deprecated functionality
|
|
||||||
keywords: registry, manifest, images, signatures, repository, distribution, digest
|
|
||||||
title: Docker Registry deprecation
|
|
||||||
---
|
|
||||||
|
|
||||||
This document details functionality or components which are deprecated within
|
|
||||||
the registry.
|
|
||||||
|
|
||||||
### v2.5.0
|
|
||||||
|
|
||||||
The signature store has been removed from the registry. Since `v2.4.0` it has
|
|
||||||
been possible to configure the registry to generate manifest signatures rather
|
|
||||||
than load them from storage. In this version of the registry this becomes
|
|
||||||
the default behavior. Signatures which are attached to manifests on put are
|
|
||||||
not stored in the registry. This does not alter the functional behavior of
|
|
||||||
the registry.
|
|
||||||
|
|
||||||
Old signatures blobs can be removed from the registry storage by running the
|
|
||||||
garbage-collect subcommand.
|
|
9
docs/go.mod
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
module github.com/distribution/distribution/docs
|
||||||
|
|
||||||
|
go 1.21.1
|
||||||
|
|
||||||
|
require (
|
||||||
|
github.com/google/docsy v0.7.1 // indirect
|
||||||
|
github.com/imfing/hextra v0.5.0 // indirect
|
||||||
|
github.com/thegeeklab/hugo-geekdoc v0.41.2 // indirect
|
||||||
|
)
|
9
docs/go.sum
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
github.com/FortAwesome/Font-Awesome v0.0.0-20230327165841-0698449d50f2/go.mod h1:IUgezN/MFpCDIlFezw3L8j83oeiIuYoj28Miwr/KUYo=
|
||||||
|
github.com/google/docsy v0.7.1 h1:DUriA7Nr3lJjNi9Ulev1SfiG1sUYmvyDeU4nTp7uDxY=
|
||||||
|
github.com/google/docsy v0.7.1/go.mod h1:JCmE+c+izhE0Rvzv3y+AzHhz1KdwlA9Oj5YBMklJcfc=
|
||||||
|
github.com/google/docsy/dependencies v0.7.1/go.mod h1:gihhs5gmgeO+wuoay4FwOzob+jYJVyQbNaQOh788lD4=
|
||||||
|
github.com/imfing/hextra v0.5.0 h1:uVUmtqx7UivuA6oCVSKkaM/YGcLuIA9P8j8mmCDg4hU=
|
||||||
|
github.com/imfing/hextra v0.5.0/go.mod h1:cEfel3lU/bSx7lTE/+uuR4GJaphyOyiwNR3PTqFTXpI=
|
||||||
|
github.com/thegeeklab/hugo-geekdoc v0.41.2 h1:U6TvFfO3TVoCvirpLFXMO/sE5qHavZ18N22tUtiTwBo=
|
||||||
|
github.com/thegeeklab/hugo-geekdoc v0.41.2/go.mod h1:XEAtAuJ3nRMshRupMW1xPZ7EVMleS87rmr+RklRamRY=
|
||||||
|
github.com/twbs/bootstrap v5.2.3+incompatible/go.mod h1:fZTSrkpSf0/HkL0IIJzvVspTt1r9zuf7XlZau8kpcY0=
|
19
docs/hugo.yaml
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
baseURL: /
|
||||||
|
languageCode: en-us
|
||||||
|
title: CNCF Distribution
|
||||||
|
theme: hugo-geekdoc
|
||||||
|
|
||||||
|
pluralizeListTitles: false
|
||||||
|
enableRobotsTXT: true
|
||||||
|
taxonomies: [tags]
|
||||||
|
minify:
|
||||||
|
disableHTML: true
|
||||||
|
|
||||||
|
# Geekdoc required configuration
|
||||||
|
pygmentsUseClasses: true
|
||||||
|
pygmentsCodeFences: true
|
||||||
|
disablePathToLower: true
|
||||||
|
|
||||||
|
params:
|
||||||
|
geekdocRepo: "https://github.com/distribution/distribution"
|
||||||
|
geekdocEditPath: edit/main/docs
|
|
@ -1,63 +0,0 @@
|
||||||
---
|
|
||||||
description: High-level overview of the Registry
|
|
||||||
keywords: registry, on-prem, images, tags, repository, distribution
|
|
||||||
redirect_from:
|
|
||||||
- /registry/overview/
|
|
||||||
title: Docker Registry
|
|
||||||
---
|
|
||||||
|
|
||||||
## What it is
|
|
||||||
|
|
||||||
The Registry is a stateless, highly scalable server side application that stores
|
|
||||||
and lets you distribute Docker images. The Registry is open-source, under the
|
|
||||||
permissive [Apache license](https://en.wikipedia.org/wiki/Apache_License).
|
|
||||||
|
|
||||||
## Why use it
|
|
||||||
|
|
||||||
You should use the Registry if you want to:
|
|
||||||
|
|
||||||
* tightly control where your images are being stored
|
|
||||||
* fully own your images distribution pipeline
|
|
||||||
* integrate image storage and distribution tightly into your in-house development workflow
|
|
||||||
|
|
||||||
## Alternatives
|
|
||||||
|
|
||||||
Users looking for a zero maintenance, ready-to-go solution are encouraged to
|
|
||||||
head-over to the [Docker Hub](https://hub.docker.com), which provides a
|
|
||||||
free-to-use, hosted Registry, plus additional features (organization accounts,
|
|
||||||
automated builds, and more).
|
|
||||||
|
|
||||||
## Requirements
|
|
||||||
|
|
||||||
The Registry is compatible with Docker engine **version 1.6.0 or higher**.
|
|
||||||
|
|
||||||
## Basic commands
|
|
||||||
|
|
||||||
Start your registry
|
|
||||||
|
|
||||||
docker run -d -p 5000:5000 --name registry registry:2
|
|
||||||
|
|
||||||
Pull (or build) some image from the hub
|
|
||||||
|
|
||||||
docker pull ubuntu
|
|
||||||
|
|
||||||
Tag the image so that it points to your registry
|
|
||||||
|
|
||||||
docker image tag ubuntu localhost:5000/myfirstimage
|
|
||||||
|
|
||||||
Push it
|
|
||||||
|
|
||||||
docker push localhost:5000/myfirstimage
|
|
||||||
|
|
||||||
Pull it back
|
|
||||||
|
|
||||||
docker pull localhost:5000/myfirstimage
|
|
||||||
|
|
||||||
Now stop your registry and remove all data
|
|
||||||
|
|
||||||
docker container stop registry && docker container rm -v registry
|
|
||||||
|
|
||||||
## Next
|
|
||||||
|
|
||||||
You should now read the [detailed introduction about the registry](introduction.md),
|
|
||||||
or jump directly to [deployment instructions](deploying.md).
|
|
|
@ -1,205 +0,0 @@
|
||||||
---
|
|
||||||
description: Restricting access to your registry using a nginx proxy
|
|
||||||
keywords: registry, on-prem, images, tags, repository, distribution, nginx, proxy, authentication, TLS, recipe, advanced
|
|
||||||
title: Authenticate proxy with nginx
|
|
||||||
redirect_from:
|
|
||||||
- /registry/nginx/
|
|
||||||
---
|
|
||||||
|
|
||||||
## Use-case
|
|
||||||
|
|
||||||
People already relying on a nginx proxy to authenticate their users to other
|
|
||||||
services might want to leverage it and have Registry communications tunneled
|
|
||||||
through the same pipeline.
|
|
||||||
|
|
||||||
Usually, that includes enterprise setups using LDAP/AD on the backend and a SSO
|
|
||||||
mechanism fronting their internal http portal.
|
|
||||||
|
|
||||||
### Alternatives
|
|
||||||
|
|
||||||
If you just want authentication for your registry, and are happy maintaining
|
|
||||||
users access separately, you should really consider sticking with the native
|
|
||||||
[basic auth registry feature](../deploying.md#native-basic-auth).
|
|
||||||
|
|
||||||
### Solution
|
|
||||||
|
|
||||||
With the method presented here, you implement basic authentication for docker
|
|
||||||
engines in a reverse proxy that sits in front of your registry.
|
|
||||||
|
|
||||||
While we use a simple htpasswd file as an example, any other nginx
|
|
||||||
authentication backend should be fairly easy to implement once you are done with
|
|
||||||
the example.
|
|
||||||
|
|
||||||
We also implement push restriction (to a limited user group) for the sake of the
|
|
||||||
example. Again, you should modify this to fit your mileage.
|
|
||||||
|
|
||||||
### Gotchas
|
|
||||||
|
|
||||||
While this model gives you the ability to use whatever authentication backend
|
|
||||||
you want through the secondary authentication mechanism implemented inside your
|
|
||||||
proxy, it also requires that you move TLS termination from the Registry to the
|
|
||||||
proxy itself.
|
|
||||||
|
|
||||||
> **Note**: It is not recommended to bind your registry to `localhost:5000` without
|
|
||||||
> authentication. This creates a potential loophole in your registry security.
|
|
||||||
> As a result, anyone who can log on to the server where your registry is running
|
|
||||||
> can push images without authentication.
|
|
||||||
|
|
||||||
Furthermore, introducing an extra http layer in your communication pipeline
|
|
||||||
makes it more complex to deploy, maintain, and debug. Make sure the extra
|
|
||||||
complexity is required.
|
|
||||||
|
|
||||||
For instance, Amazon's Elastic Load Balancer (ELB) in HTTPS mode already sets
|
|
||||||
the following client header:
|
|
||||||
|
|
||||||
```
|
|
||||||
X-Real-IP
|
|
||||||
X-Forwarded-For
|
|
||||||
X-Forwarded-Proto
|
|
||||||
```
|
|
||||||
|
|
||||||
So if you have an Nginx instance sitting behind it, remove these lines from the
|
|
||||||
example config below:
|
|
||||||
|
|
||||||
```none
|
|
||||||
proxy_set_header Host $http_host; # required for docker client's sake
|
|
||||||
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
```
|
|
||||||
|
|
||||||
Otherwise Nginx resets the ELB's values, and the requests are not routed
|
|
||||||
properly. For more information, see
|
|
||||||
[#970](https://github.com/distribution/distribution/issues/970).
|
|
||||||
|
|
||||||
## Setting things up
|
|
||||||
|
|
||||||
Review the [requirements](index.md#requirements), then follow these steps.
|
|
||||||
|
|
||||||
1. Create the required directories
|
|
||||||
|
|
||||||
```console
|
|
||||||
$ mkdir -p auth data
|
|
||||||
```
|
|
||||||
|
|
||||||
2. Create the main nginx configuration. Paste this code block into a new file called `auth/nginx.conf`:
|
|
||||||
|
|
||||||
```conf
|
|
||||||
events {
|
|
||||||
worker_connections 1024;
|
|
||||||
}
|
|
||||||
|
|
||||||
http {
|
|
||||||
|
|
||||||
upstream docker-registry {
|
|
||||||
server registry:5000;
|
|
||||||
}
|
|
||||||
|
|
||||||
## Set a variable to help us decide if we need to add the
|
|
||||||
## 'Docker-Distribution-Api-Version' header.
|
|
||||||
## The registry always sets this header.
|
|
||||||
## In the case of nginx performing auth, the header is unset
|
|
||||||
## since nginx is auth-ing before proxying.
|
|
||||||
map $upstream_http_docker_distribution_api_version $docker_distribution_api_version {
|
|
||||||
'' 'registry/2.0';
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 ssl;
|
|
||||||
server_name myregistrydomain.com;
|
|
||||||
|
|
||||||
# SSL
|
|
||||||
ssl_certificate /etc/nginx/conf.d/domain.crt;
|
|
||||||
ssl_certificate_key /etc/nginx/conf.d/domain.key;
|
|
||||||
|
|
||||||
# Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
|
|
||||||
ssl_protocols TLSv1.1 TLSv1.2;
|
|
||||||
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
|
|
||||||
ssl_prefer_server_ciphers on;
|
|
||||||
ssl_session_cache shared:SSL:10m;
|
|
||||||
|
|
||||||
# disable any limits to avoid HTTP 413 for large image uploads
|
|
||||||
client_max_body_size 0;
|
|
||||||
|
|
||||||
# required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486)
|
|
||||||
chunked_transfer_encoding on;
|
|
||||||
|
|
||||||
location /v2/ {
|
|
||||||
# Do not allow connections from docker 1.5 and earlier
|
|
||||||
# docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
|
|
||||||
if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
|
|
||||||
return 404;
|
|
||||||
}
|
|
||||||
|
|
||||||
# To add basic authentication to v2 use auth_basic setting.
|
|
||||||
auth_basic "Registry realm";
|
|
||||||
auth_basic_user_file /etc/nginx/conf.d/nginx.htpasswd;
|
|
||||||
|
|
||||||
## If $docker_distribution_api_version is empty, the header is not added.
|
|
||||||
## See the map directive above where this variable is defined.
|
|
||||||
add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;
|
|
||||||
|
|
||||||
proxy_pass http://docker-registry;
|
|
||||||
proxy_set_header Host $http_host; # required for docker client's sake
|
|
||||||
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
proxy_read_timeout 900;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
3. Create a password file `auth/nginx.htpasswd` for "testuser" and "testpassword".
|
|
||||||
|
|
||||||
```console
|
|
||||||
$ docker run --rm --entrypoint htpasswd registry:2 -Bbn testuser testpassword > auth/nginx.htpasswd
|
|
||||||
```
|
|
||||||
|
|
||||||
> **Note**: If you do not want to use `bcrypt`, you can omit the `-B` parameter.
|
|
||||||
|
|
||||||
4. Copy your certificate files to the `auth/` directory.
|
|
||||||
|
|
||||||
```console
|
|
||||||
$ cp domain.crt auth
|
|
||||||
$ cp domain.key auth
|
|
||||||
```
|
|
||||||
|
|
||||||
5. Create the compose file. Paste the following YAML into a new file called `docker-compose.yml`.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
version: "3"
|
|
||||||
|
|
||||||
services:
|
|
||||||
nginx:
|
|
||||||
# Note : Only nginx:alpine supports bcrypt.
|
|
||||||
# If you don't need to use bcrypt, you can use a different tag.
|
|
||||||
# Ref. https://github.com/nginxinc/docker-nginx/issues/29
|
|
||||||
image: "nginx:alpine"
|
|
||||||
ports:
|
|
||||||
- 5043:443
|
|
||||||
depends_on:
|
|
||||||
- registry
|
|
||||||
volumes:
|
|
||||||
- ./auth:/etc/nginx/conf.d
|
|
||||||
- ./auth/nginx.conf:/etc/nginx/nginx.conf:ro
|
|
||||||
|
|
||||||
registry:
|
|
||||||
image: registry:2
|
|
||||||
volumes:
|
|
||||||
- ./data:/var/lib/registry
|
|
||||||
```
|
|
||||||
|
|
||||||
## Starting and stopping
|
|
||||||
|
|
||||||
Now, start your stack:
|
|
||||||
|
|
||||||
docker-compose up -d
|
|
||||||
|
|
||||||
Login with a "push" authorized user (using `testuser` and `testpassword`), then
|
|
||||||
tag and push your first image:
|
|
||||||
|
|
||||||
docker login -u=testuser -p=testpassword -e=root@example.ch myregistrydomain.com:5043
|
|
||||||
docker tag ubuntu myregistrydomain.com:5043/test
|
|
||||||
docker push myregistrydomain.com:5043/test
|
|
||||||
docker pull myregistrydomain.com:5043/test
|
|
|
@ -1,12 +0,0 @@
|
||||||
---
|
|
||||||
title: "Docker Registry Token Authentication"
|
|
||||||
description: "Docker Registry v2 authentication schema"
|
|
||||||
keywords: registry, on-prem, images, tags, repository, distribution, authentication, advanced
|
|
||||||
---
|
|
||||||
|
|
||||||
# Docker Registry v2 authentication
|
|
||||||
|
|
||||||
See the [Token Authentication Specification](token.md),
|
|
||||||
[Token Authentication Implementation](jwt.md),
|
|
||||||
[Token Scope Documentation](scope.md),
|
|
||||||
[OAuth2 Token Authentication](oauth.md) for more information.
|
|
|
@ -1,12 +0,0 @@
|
||||||
---
|
|
||||||
title: "Reference Overview"
|
|
||||||
description: "Explains registry JSON objects"
|
|
||||||
keywords: registry, service, images, repository, json
|
|
||||||
---
|
|
||||||
|
|
||||||
# Docker Registry Reference
|
|
||||||
|
|
||||||
* [HTTP API V2](api.md)
|
|
||||||
* [Storage Driver](https://docs.docker.com/registry/storage-drivers/)
|
|
||||||
* [Token Authentication Specification](auth/token.md)
|
|
||||||
* [Token Authentication Implementation](auth/jwt.md)
|
|
|
@ -1,7 +0,0 @@
|
||||||
---
|
|
||||||
title: "Reference"
|
|
||||||
description: "Explains registry JSON objects"
|
|
||||||
keywords: registry, service, images, repository, json
|
|
||||||
type: "menu"
|
|
||||||
identifier: "smn_registry_ref"
|
|
||||||
---
|
|
1
docs/static/brand.svg
vendored
Normal file
After Width: | Height: | Size: 7.8 KiB |
50
docs/static/custom.css
vendored
Normal file
|
@ -0,0 +1,50 @@
|
||||||
|
/* Global customization */
|
||||||
|
|
||||||
|
:root {
|
||||||
|
--code-max-height: 60rem;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Light mode theming */
|
||||||
|
:root,
|
||||||
|
:root[color-theme="light"] {
|
||||||
|
--header-background: #203554;
|
||||||
|
--header-font-color: #ffffff;
|
||||||
|
|
||||||
|
--footer-background: #203554;
|
||||||
|
--footer-font-color: #ffffff;
|
||||||
|
--footer-link-color: rgb(110, 168, 212);
|
||||||
|
--footer-link-color-visited: rgb(186, 142, 240);
|
||||||
|
}
|
||||||
|
@media (prefers-color-scheme: light) {
|
||||||
|
:root {
|
||||||
|
--header-background: #203554;
|
||||||
|
--header-font-color: #ffffff;
|
||||||
|
|
||||||
|
--footer-background: #203554;
|
||||||
|
--footer-font-color: #ffffff;
|
||||||
|
--footer-link-color: rgb(110, 168, 212);
|
||||||
|
--footer-link-color-visited: rgb(186, 142, 240);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Dark mode theming */
|
||||||
|
:root[color-theme="dark"] {
|
||||||
|
--header-background: #203554;
|
||||||
|
--header-font-color: #ffffff;
|
||||||
|
|
||||||
|
--footer-background: #203554;
|
||||||
|
--footer-font-color: #ffffff;
|
||||||
|
--footer-link-color: rgb(110, 168, 212);
|
||||||
|
--footer-link-color-visited: rgb(186, 142, 240);
|
||||||
|
}
|
||||||
|
@media (prefers-color-scheme: dark) {
|
||||||
|
:root {
|
||||||
|
--header-background: #203554;
|
||||||
|
--header-font-color: #ffffff;
|
||||||
|
|
||||||
|
--footer-background: #203554;
|
||||||
|
--footer-font-color: #ffffff;
|
||||||
|
--footer-link-color: rgb(110, 168, 212);
|
||||||
|
--footer-link-color-visited: rgb(186, 142, 240);
|
||||||
|
}
|
||||||
|
}
|
BIN
docs/static/favicon/favicon-16x16.png
vendored
Normal file
After Width: | Height: | Size: 991 B |
BIN
docs/static/favicon/favicon-32x32.png
vendored
Normal file
After Width: | Height: | Size: 1.9 KiB |
BIN
docs/static/favicon/favicon.svg
vendored
Normal file
After Width: | Height: | Size: 15 KiB |
Before Width: | Height: | Size: 20 KiB After Width: | Height: | Size: 20 KiB |
Before Width: | Height: | Size: 31 KiB After Width: | Height: | Size: 31 KiB |
Before Width: | Height: | Size: 12 KiB After Width: | Height: | Size: 12 KiB |
3
docs/themes/hugo-geekdoc/.lycheeignore
vendored
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
https://github.com/thegeeklab/.+/edit/main/.*
|
||||||
|
https://unsplash.com.*
|
||||||
|
https://www.color-hex.com.*
|
21
docs/themes/hugo-geekdoc/LICENSE
vendored
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
MIT License
|
||||||
|
|
||||||
|
Copyright (c) 2022 Robert Kaussow <mail@thegeeklab.de>
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
of this software and associated documentation files (the "Software"), to deal
|
||||||
|
in the Software without restriction, including without limitation the rights
|
||||||
|
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||||
|
copies of the Software, and to permit persons to whom the Software is furnished
|
||||||
|
to do so, subject to the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice (including the next
|
||||||
|
paragraph) shall be included in all copies or substantial portions of the
|
||||||
|
Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
||||||
|
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS
|
||||||
|
OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
|
||||||
|
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
|
||||||
|
OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
46
docs/themes/hugo-geekdoc/README.md
vendored
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
# Geekdoc
|
||||||
|
|
||||||
|
[![Build Status](https://ci.thegeeklab.de/api/badges/thegeeklab/hugo-geekdoc/status.svg)](https://ci.thegeeklab.de/repos/thegeeklab/hugo-geekdoc)
|
||||||
|
[![Hugo Version](https://img.shields.io/badge/hugo-0.112-blue.svg)](https://gohugo.io)
|
||||||
|
[![GitHub release](https://img.shields.io/github/v/release/thegeeklab/hugo-geekdoc)](https://github.com/thegeeklab/hugo-geekdoc/releases/latest)
|
||||||
|
[![GitHub contributors](https://img.shields.io/github/contributors/thegeeklab/hugo-geekdoc)](https://github.com/thegeeklab/hugo-geekdoc/graphs/contributors)
|
||||||
|
[![License: MIT](https://img.shields.io/github/license/thegeeklab/hugo-geekdoc)](https://github.com/thegeeklab/hugo-geekdoc/blob/main/LICENSE)
|
||||||
|
|
||||||
|
Geekdoc is a simple Hugo theme for documentations. It is intentionally designed as a fast and lean theme and may not fit the requirements of complex projects. If a more feature-complete theme is required there are a lot of good alternatives out there. You can find a demo and the full documentation at [https://geekdocs.de](https://geekdocs.de).
|
||||||
|
|
||||||
|
![Desktop and mobile preview](https://raw.githubusercontent.com/thegeeklab/hugo-geekdoc/main/images/readme.png)
|
||||||
|
|
||||||
|
## Build and release process
|
||||||
|
|
||||||
|
This theme is subject to a CI driven build and release process common for software development. During the release build, all necessary assets are automatically built by [webpack](https://webpack.js.org/) and bundled in a release tarball. You can download the latest release from the GitHub [release page](https://github.com/thegeeklab/hugo-geekdoc/releases).
|
||||||
|
|
||||||
|
Due to the fact that `webpack` and `npm scripts` are used as pre-processors, the theme cannot be used from the main branch by default. If you want to use the theme from a cloned branch instead of a release tarball you'll need to install `webpack` locally and run the build script once to create all required assets.
|
||||||
|
|
||||||
|
```shell
|
||||||
|
# install required packages from package.json
|
||||||
|
npm install
|
||||||
|
|
||||||
|
# run the build script to build required assets
|
||||||
|
npm run build
|
||||||
|
|
||||||
|
# build release tarball
|
||||||
|
npm run pack
|
||||||
|
```
|
||||||
|
|
||||||
|
See the [Getting Started Guide](https://geekdocs.de/usage/getting-started/) for details about the different setup options.
|
||||||
|
|
||||||
|
## Contributors
|
||||||
|
|
||||||
|
Special thanks to all [contributors](https://github.com/thegeeklab/hugo-geekdoc/graphs/contributors). If you would like to contribute, please see the [instructions](https://github.com/thegeeklab/hugo-geekdoc/blob/main/CONTRIBUTING.md).
|
||||||
|
|
||||||
|
Geekdoc is inspired and partially based on the [hugo-book](https://github.com/alex-shpak/hugo-book) theme, thanks [Alex Shpak](https://github.com/alex-shpak/) for your work.
|
||||||
|
|
||||||
|
## License
|
||||||
|
|
||||||
|
This project is licensed under the MIT License - see the [LICENSE](https://github.com/thegeeklab/hugo-geekdoc/blob/main/LICENSE) file for details.
|
||||||
|
|
||||||
|
The used SVG icons and generated icon fonts are licensed under the license of the respective icon pack:
|
||||||
|
|
||||||
|
- Font Awesome: [CC BY 4.0 License](https://github.com/FortAwesome/Font-Awesome#license)
|
||||||
|
- IcoMoon Free Pack: [GPL/CC BY 4.0](https://icomoon.io/#icons-icomoon)
|
||||||
|
- Material Icons: [Apache License 2.0](https://github.com/google/material-design-icons/blob/main/LICENSE)
|
1
docs/themes/hugo-geekdoc/VERSION
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
v0.41.2
|
7
docs/themes/hugo-geekdoc/archetypes/docs.md
vendored
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
title: "{{ .Name | humanize | title }}"
|
||||||
|
weight: 1
|
||||||
|
# geekdocFlatSection: false
|
||||||
|
# geekdocToc: 6
|
||||||
|
# geekdocHidden: false
|
||||||
|
---
|
4
docs/themes/hugo-geekdoc/archetypes/posts.md
vendored
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
title: "{{ replace .Name "-" " " | title }}"
|
||||||
|
date: {{ .Date }}
|
||||||
|
---
|
8
docs/themes/hugo-geekdoc/assets/search/config.json
vendored
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
{{- $searchDataFile := printf "search/%s.data.json" .Language.Lang -}}
|
||||||
|
{{- $searchData := resources.Get "search/data.json" | resources.ExecuteAsTemplate $searchDataFile . | resources.Minify -}}
|
||||||
|
{
|
||||||
|
"dataFile": {{ $searchData.RelPermalink | jsonify }},
|
||||||
|
"indexConfig": {{ .Site.Params.geekdocSearchConfig | jsonify }},
|
||||||
|
"showParent": {{ if .Site.Params.geekdocSearchShowParent }}true{{ else }}false{{ end }},
|
||||||
|
"showDescription": {{ if .Site.Params.geekdocSearchshowDescription }}true{{ else }}false{{ end }}
|
||||||
|
}
|
13
docs/themes/hugo-geekdoc/assets/search/data.json
vendored
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
[
|
||||||
|
{{ range $index, $page := (where .Site.Pages "Params.geekdocProtected" "ne" true) }}
|
||||||
|
{{ if ne $index 0 }},{{ end }}
|
||||||
|
{
|
||||||
|
"id": {{ $index }},
|
||||||
|
"href": "{{ $page.RelPermalink }}",
|
||||||
|
"title": {{ (partial "utils/title" $page) | jsonify }},
|
||||||
|
"parent": {{ with $page.Parent }}{{ (partial "utils/title" .) | jsonify }}{{ else }}""{{ end }},
|
||||||
|
"content": {{ $page.Plain | jsonify }},
|
||||||
|
"description": {{ $page.Summary | plainify | jsonify }}
|
||||||
|
}
|
||||||
|
{{ end }}
|
||||||
|
]
|
1
docs/themes/hugo-geekdoc/assets/sprites/geekdoc.svg
vendored
Normal file
After Width: | Height: | Size: 22 KiB |
158
docs/themes/hugo-geekdoc/data/assets.json
vendored
Normal file
|
@ -0,0 +1,158 @@
|
||||||
|
{
|
||||||
|
"main.js": {
|
||||||
|
"src": "js/main-924a1933.bundle.min.js",
|
||||||
|
"integrity": "sha512-0QF6awwW0WbBo491yytmULiHrc9gx94bloJ9MSXIvdJh3YHWw7CWyeX2YXu0rzOQefJp4jW/I6ZjUDYpNVFhdA=="
|
||||||
|
},
|
||||||
|
"colortheme.js": {
|
||||||
|
"src": "js/colortheme-d3e4d351.bundle.min.js",
|
||||||
|
"integrity": "sha512-HpQogL/VeKqG/v1qYOfJOgFUzBnQvW4yO4tAJO+54IiwbLbB9feROdeaYf7dpO6o5tSHsSZhaYLhtLMRlEgpJQ=="
|
||||||
|
},
|
||||||
|
"mermaid.js": {
|
||||||
|
"src": "js/mermaid-19cc0b12.bundle.min.js",
|
||||||
|
"integrity": "sha512-EP8Ggw4/AoLCR9N2U4AOherShR6hKWYpKaC0Q/LwKR5wjH8x5Z0v0VL0S5x67X3AWUvR2aMO0IOc0Bo1xu4qmQ=="
|
||||||
|
},
|
||||||
|
"katex.js": {
|
||||||
|
"src": "js/katex-373b7f53.bundle.min.js",
|
||||||
|
"integrity": "sha512-k7PGb4UsYurOXnDJtwuPOhS6OgcI7PVrCZZT3h79JVH8KEcNzzsmzoAWMOaTeIFP79JnpYtZhaBBwEMNk4MlFw=="
|
||||||
|
},
|
||||||
|
"search.js": {
|
||||||
|
"src": "js/search-9719be99.bundle.min.js",
|
||||||
|
"integrity": "sha512-/7NZxFUEbalC/8RKDgfAsHFDI42/Ydp33uJmCLckZgnO+kuz9LrTfmPFfVJxPJ31StMxa3MTQ5Jq049CmNK4pw=="
|
||||||
|
},
|
||||||
|
"js/637-687440a7.chunk.min.js": {
|
||||||
|
"src": "js/637-687440a7.chunk.min.js",
|
||||||
|
"integrity": "sha512-fWyOGUUaxBiYIZoJ2R1FPhLRt/cC9prL1bsVuETWBjT1QpS6ebmmzMaYnKBPOpw56VqdlErWJuWe2GGxYJq3gA=="
|
||||||
|
},
|
||||||
|
"js/116-831698f6.chunk.min.js": {
|
||||||
|
"src": "js/116-831698f6.chunk.min.js",
|
||||||
|
"integrity": "sha512-ecC9DggU9rDmnERLt6l5lXnDir+fYAXDhA8r+o+LCML/C64QPvq3Uea+oNwN00hXbXa1f5c/tjICeJZyXu9Dqg=="
|
||||||
|
},
|
||||||
|
"js/425-a8288851.chunk.min.js": {
|
||||||
|
"src": "js/425-a8288851.chunk.min.js",
|
||||||
|
"integrity": "sha512-JcFSthlEXIsUdEtbQlAQp71m1GMurzdmPZN+J2/PTyMGgv/QBN8OX8TZQVouAPMY3rMirjB9gxhyNyxCZ0/IUQ=="
|
||||||
|
},
|
||||||
|
"js/869-1a62f06a.chunk.min.js": {
|
||||||
|
"src": "js/869-1a62f06a.chunk.min.js",
|
||||||
|
"integrity": "sha512-9GtubjugiKpB6oP+I13znOYnCGzMWkywSjO7PC/cTZ8BfK4amSwC6i+vCKVCnTrhpoUtFtzybF0d+dDsOqpO/g=="
|
||||||
|
},
|
||||||
|
"js/626-ec18a767.chunk.min.js": {
|
||||||
|
"src": "js/626-ec18a767.chunk.min.js",
|
||||||
|
"integrity": "sha512-plFEM+MV7s8fGxmB4fXdkDYK2URbdL7D0r0eKSsdBW+Z3PvfQOaW7OuoA5oUpGBZyd2wN1zpxTwqHC3WPbluLA=="
|
||||||
|
},
|
||||||
|
"js/305-02bced6e.chunk.min.js": {
|
||||||
|
"src": "js/305-02bced6e.chunk.min.js",
|
||||||
|
"integrity": "sha512-omqkH+cRXCbA6ax452pYFTBvqT895kBCycglJaYQxoB646IPcz2IHiIIWhWsEU7eVy4cy7eA+dQ4tgWG+JbGOQ=="
|
||||||
|
},
|
||||||
|
"js/86-841830e3.chunk.min.js": {
|
||||||
|
"src": "js/86-841830e3.chunk.min.js",
|
||||||
|
"integrity": "sha512-j4o/ljne580vctbO1z6GWwVFvaC3m6VpLTnyWIvE9Dd3PURujWHnWReNLclxcnlt5PK9Ohv4W8q3aEOKfUdJkw=="
|
||||||
|
},
|
||||||
|
"js/554-980b1ae9.chunk.min.js": {
|
||||||
|
"src": "js/554-980b1ae9.chunk.min.js",
|
||||||
|
"integrity": "sha512-9oVYpFOErj3ttWPhB/FvJwhijnezxV2mOKoTAT5+S1QQVAsSACgxnxG1VtjvyuSyCn0HD7l1dS054fP0yxQ9Dg=="
|
||||||
|
},
|
||||||
|
"js/693-2124948a.chunk.min.js": {
|
||||||
|
"src": "js/693-2124948a.chunk.min.js",
|
||||||
|
"integrity": "sha512-Ko3GXiQtfF28e9Omm4ypj+p+ykT5Uc1s8PxodgWV+N9h68t+QnTLJ3PghxWW3YqCrTyMkqpg+U3hkyFxotqnBA=="
|
||||||
|
},
|
||||||
|
"js/875-0cc44212.chunk.min.js": {
|
||||||
|
"src": "js/875-0cc44212.chunk.min.js",
|
||||||
|
"integrity": "sha512-600TvjSLQ2arsupduQSwNsOZIdp2xUnLsqUL0n9gVxdkvdFCYANyjORkO/a0knUzzNGv3oZqE9dqtEJSY7hLJw=="
|
||||||
|
},
|
||||||
|
"js/69-06c8b62f.chunk.min.js": {
|
||||||
|
"src": "js/69-06c8b62f.chunk.min.js",
|
||||||
|
"integrity": "sha512-UDuWdgHzd+HSXjzw8xnjYxxZOw2zJXWrL1Zo7oadh7n6TpxFAGDunn6EDYf2KFmcjVcC4QlqJrdWtoJVcUwr/w=="
|
||||||
|
},
|
||||||
|
"js/841-54550e4a.chunk.min.js": {
|
||||||
|
"src": "js/841-54550e4a.chunk.min.js",
|
||||||
|
"integrity": "sha512-aI+ntywFR8QzYpRGYsSGxqanSDnuXDuLAJA1Gbt5gFajjUxIBJV8qjgTLA7FIwp2icE4bqGGqxiNVA1iHTOSIA=="
|
||||||
|
},
|
||||||
|
"js/770-c8f14079.chunk.min.js": {
|
||||||
|
"src": "js/770-c8f14079.chunk.min.js",
|
||||||
|
"integrity": "sha512-DIFMhxj0xWxZzYBrVJbKhdM9pgk6sldGU7ZwItTZOHRRUnZ6t9szP06NTyj+u8yGZsdYNs2pZ8BE11z73IE70w=="
|
||||||
|
},
|
||||||
|
"js/411-d351386b.chunk.min.js": {
|
||||||
|
"src": "js/411-d351386b.chunk.min.js",
|
||||||
|
"integrity": "sha512-9o8/PabGB1IvJ1gotEkTK1PVxl0Dlx2fgWnOlZW1e9PEKDJJA678o3YMjmxurllubPC0i4XOkvvAvY1UUc5V4A=="
|
||||||
|
},
|
||||||
|
"js/31-228682ad.chunk.min.js": {
|
||||||
|
"src": "js/31-228682ad.chunk.min.js",
|
||||||
|
"integrity": "sha512-ipfn94AWwvQA5I4ybx5fe+VJSKT27ltpG0srqabFrj0IYIZ3RCFctWNqllDGhCIuVMgbiNHCjinxdA8NpaiPPw=="
|
||||||
|
},
|
||||||
|
"js/206-99fce408.chunk.min.js": {
|
||||||
|
"src": "js/206-99fce408.chunk.min.js",
|
||||||
|
"integrity": "sha512-sVuoOJUKhvA96dAxr0ZO7x5xmz25WE9Khnp+SB4F5vWL+J+dAvE2SXZ8irLWhS5u32tRjOjCeFZhyXpI47PlGQ=="
|
||||||
|
},
|
||||||
|
"js/284-e80fd0b5.chunk.min.js": {
|
||||||
|
"src": "js/284-e80fd0b5.chunk.min.js",
|
||||||
|
"integrity": "sha512-dwNdk1Jto6A4Ht/60GMUMarGkFKRTWiqxh+gM3YqjL7b2N/y0xut6op5EESN0gyfQL7xk4pgFowyMyS0rJPcRw=="
|
||||||
|
},
|
||||||
|
"js/764-e8ff889e.chunk.min.js": {
|
||||||
|
"src": "js/764-e8ff889e.chunk.min.js",
|
||||||
|
"integrity": "sha512-S94wRBs5tuMiknLYIobCoDPvnEquE9hmtjlw2m/yYAJJRaiTlCpl/neWfGoW3Eroz9uWdfrJta5piUSf3ggGVA=="
|
||||||
|
},
|
||||||
|
"js/366-23e20231.chunk.min.js": {
|
||||||
|
"src": "js/366-23e20231.chunk.min.js",
|
||||||
|
"integrity": "sha512-ZdFzJKlkluOGBZbidVvAFoh/4EK1z5q0kCYzWpXxof3aNUkIEawQhqHwnyEluGqNTZK3WCipT9UifauPLli6Dg=="
|
||||||
|
},
|
||||||
|
"js/68-408c048c.chunk.min.js": {
|
||||||
|
"src": "js/68-408c048c.chunk.min.js",
|
||||||
|
"integrity": "sha512-2x0FedDuG88J3visHLYeCd7iys7rXnCes0gAZ3ROc5hiKPgbYZBDW4sCUe9MhUC5YpWa3C0gLWqXW+hG2zLZew=="
|
||||||
|
},
|
||||||
|
"js/254-84661edf.chunk.min.js": {
|
||||||
|
"src": "js/254-84661edf.chunk.min.js",
|
||||||
|
"integrity": "sha512-JPsK+gAw8vXehHfD4LWUaCx3rW7NaPDXxSwnpQURaFKWUVIxDzKr3mFv3r4mfSyY67qIAVOx2b4NvAzhuZs34Q=="
|
||||||
|
},
|
||||||
|
"js/791-515d9e3a.chunk.min.js": {
|
||||||
|
"src": "js/791-515d9e3a.chunk.min.js",
|
||||||
|
"integrity": "sha512-5AetU1QSQjqq3J5BHmkLLshpfFzrCsprDszxddeMdk9peRN0Q+vu0pCMGzONBm7y/2IrZoSg4soEO0zVcPLc9w=="
|
||||||
|
},
|
||||||
|
"js/771-942a62df.chunk.min.js": {
|
||||||
|
"src": "js/771-942a62df.chunk.min.js",
|
||||||
|
"integrity": "sha512-8WfA8U1Udlfa6uWAYbdNKJzjlJ91qZ0ZhC+ldKdhghUgilxqA6UmZxHFKGRDQydjOFDk828O28XVmZU2IEvckA=="
|
||||||
|
},
|
||||||
|
"js/27-3c59de1a.chunk.min.js": {
|
||||||
|
"src": "js/27-3c59de1a.chunk.min.js",
|
||||||
|
"integrity": "sha512-dBBUvtlEcEY4UQSXNBpanCV1oMlEDMH4vHvACVUzG0c2Mbb9RHM8sTNSLnu+RvHvUCInCO3LbbUm3Cp2Re0eVg=="
|
||||||
|
},
|
||||||
|
"js/580-fabed2ac.chunk.min.js": {
|
||||||
|
"src": "js/580-fabed2ac.chunk.min.js",
|
||||||
|
"integrity": "sha512-L70er+tQ1Sy3yLwOKjGWDlqOtBGykeQO2F3EQzaiMgSb1qBKlrYYK7XnbI5w0qYtvYDvPmE1aflHAlrDMB6Njg=="
|
||||||
|
},
|
||||||
|
"js/644-a3e6d7ca.chunk.min.js": {
|
||||||
|
"src": "js/644-a3e6d7ca.chunk.min.js",
|
||||||
|
"integrity": "sha512-Qnwma/kO7a1x3UQXPSvKog3gI4S0H1zBy1MaQRDqpBLSEONhSdzr5gVwIqORF0sBPXAA5pPcGzHhkn83rqBviw=="
|
||||||
|
},
|
||||||
|
"js/320-1804d5a1.chunk.min.js": {
|
||||||
|
"src": "js/320-1804d5a1.chunk.min.js",
|
||||||
|
"integrity": "sha512-Srm5Oc13M8J2BystZLBh0VQqzsZnmuO5pi1/oSlmF8vp7poUUnMrnBf1QfrmsYIbFhYP7waiAm3X0s/IdTsJ6Q=="
|
||||||
|
},
|
||||||
|
"js/281-18063325.chunk.min.js": {
|
||||||
|
"src": "js/281-18063325.chunk.min.js",
|
||||||
|
"integrity": "sha512-YYPVu/iwpjYksSAqpWi1fqS29eLndA/TgC7dcSWuOe74+MKrBiGKSMbNzwUpTEV44KOKm6qZCnqjPnxReJuq5w=="
|
||||||
|
},
|
||||||
|
"js/990-52a18bdc.chunk.min.js": {
|
||||||
|
"src": "js/990-52a18bdc.chunk.min.js",
|
||||||
|
"integrity": "sha512-EuVHE1vNrU9XWjPOiLMBKKDTePuW4jYhguSruI3j2/J6mB3LQB8vSe6kKRQuHGRKYmX3gY2sDdAgFtCsCjm4vQ=="
|
||||||
|
},
|
||||||
|
"main.scss": {
|
||||||
|
"src": "main-252d384c.min.css",
|
||||||
|
"integrity": "sha512-WiV7BVk76Yp0EACJrwdWDk7+WNa+Jyiupi9aCKFrzZyiKkXk7BH+PL2IJcuDQpCMtMBFJEgen2fpKu9ExjjrUQ=="
|
||||||
|
},
|
||||||
|
"katex.css": {
|
||||||
|
"src": "katex-1799419e.min.css",
|
||||||
|
"integrity": "sha512-8rRve7ln2pKSPM7cASxirv/36DFCvY36b7sI40mS49nwsEPHsagrGiPzz1l24cpIQ9OvwfNAZmhoqjQLIrCTUg=="
|
||||||
|
},
|
||||||
|
"mobile.scss": {
|
||||||
|
"src": "mobile-79ddc617.min.css",
|
||||||
|
"integrity": "sha512-dzw2wMOouDwhSgstQKLbXD/vIqS48Ttc2IV6DeG7yam9yvKUuChJVaworzL8s2UoGMX4x2jEm50PjFJE4R4QWw=="
|
||||||
|
},
|
||||||
|
"print.scss": {
|
||||||
|
"src": "print-735ccc12.min.css",
|
||||||
|
"integrity": "sha512-c28KLNtBnKDW1+/bNWFhwuGBLw9octTXA2wnuaS2qlvpNFL0DytCapui9VM4YYkZg6e9TVp5LyuRQc2lTougDw=="
|
||||||
|
},
|
||||||
|
"custom.css": {
|
||||||
|
"src": "custom.css",
|
||||||
|
"integrity": "sha512-1kALo+zc1L2u1rvyxPIew+ZDPWhnIA1Ei2rib3eHHbskQW+EMxfI9Ayyva4aV+YRrHvH0zFxvPSFIuZ3mfsbRA=="
|
||||||
|
}
|
||||||
|
}
|
53
docs/themes/hugo-geekdoc/i18n/cs.yaml
vendored
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
---
|
||||||
|
edit_page: Upravit stránku
|
||||||
|
|
||||||
|
nav_navigation: Navigace
|
||||||
|
nav_tags: Tagy
|
||||||
|
nav_more: Více
|
||||||
|
nav_top: Zpět nahoru
|
||||||
|
|
||||||
|
form_placeholder_search: Vyhledat
|
||||||
|
|
||||||
|
error_page_title: Ztracen? Nic se neděje
|
||||||
|
error_message_title: Ztracen?
|
||||||
|
error_message_code: Error 404
|
||||||
|
error_message_text: >
|
||||||
|
Vypadá to že stránka, kterou hledáte, neexistuje. Nemějte obavy, můžete
|
||||||
|
se vrátit zpět na <a class="gdoc-error__link" href="{{ . }}">domovskou stránku</a>.
|
||||||
|
|
||||||
|
button_toggle_dark: Přepnout tmavý/světlý/automatický režim
|
||||||
|
button_nav_open: Otevřít navigaci
|
||||||
|
button_nav_close: Zavřít navigaci
|
||||||
|
button_menu_open: Otevřít lištu nabídky
|
||||||
|
button_menu_close: Zavřít lištu nabídky
|
||||||
|
button_homepage: Zpět na domovskou stránku
|
||||||
|
|
||||||
|
title_anchor_prefix: "Odkaz na:"
|
||||||
|
|
||||||
|
posts_read_more: Přečíst celý příspěvek
|
||||||
|
posts_read_time:
|
||||||
|
one: "Doba čtení: 1 minuta"
|
||||||
|
other: "Doba čtení: {{ . }} minut(y)"
|
||||||
|
posts_update_prefix: Naposledy upraveno
|
||||||
|
posts_count:
|
||||||
|
one: "Jeden příspěvek"
|
||||||
|
other: "Příspěvků: {{ . }}"
|
||||||
|
posts_tagged_with: Všechny příspěvky označeny '{{ . }}'
|
||||||
|
|
||||||
|
footer_build_with: >
|
||||||
|
Vytvořeno za pomocí <a href="https://gohugo.io/" class="gdoc-footer__link">Hugo</a> a
|
||||||
|
<svg class="gdoc-icon gdoc_heart"><use xlink:href="#gdoc_heart"></use></svg>
|
||||||
|
footer_legal_notice: Právní upozornění
|
||||||
|
footer_privacy_policy: Zásady ochrany soukromí
|
||||||
|
footer_content_license_prefix: >
|
||||||
|
Obsah licencovaný pod
|
||||||
|
|
||||||
|
language_switch_no_tranlation_prefix: "Stránka není přeložena:"
|
||||||
|
|
||||||
|
propertylist_required: povinné
|
||||||
|
propertylist_optional: volitené
|
||||||
|
propertylist_default: výchozí
|
||||||
|
|
||||||
|
pagination_page_prev: předchozí
|
||||||
|
pagination_page_next: další
|
||||||
|
pagination_page_state: "{{ .PageNumber }}/{{ .TotalPages }}"
|
53
docs/themes/hugo-geekdoc/i18n/de.yaml
vendored
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
---
|
||||||
|
edit_page: Seite bearbeiten
|
||||||
|
|
||||||
|
nav_navigation: Navigation
|
||||||
|
nav_tags: Tags
|
||||||
|
nav_more: Weitere
|
||||||
|
nav_top: Nach oben
|
||||||
|
|
||||||
|
form_placeholder_search: Suchen
|
||||||
|
|
||||||
|
error_page_title: Verlaufen? Keine Sorge
|
||||||
|
error_message_title: Verlaufen?
|
||||||
|
error_message_code: Fehler 404
|
||||||
|
error_message_text: >
|
||||||
|
Wir können die Seite nach der Du gesucht hast leider nicht finden. Keine Sorge,
|
||||||
|
wir bringen Dich zurück zur <a class="gdoc-error__link" href="{{ . }}">Startseite</a>.
|
||||||
|
|
||||||
|
button_toggle_dark: Wechsel zwischen Dunkel/Hell/Auto Modus
|
||||||
|
button_nav_open: Navigation öffnen
|
||||||
|
button_nav_close: Navigation schließen
|
||||||
|
button_menu_open: Menüband öffnen
|
||||||
|
button_menu_close: Menüband schließen
|
||||||
|
button_homepage: Zurück zur Startseite
|
||||||
|
|
||||||
|
title_anchor_prefix: "Link zu:"
|
||||||
|
|
||||||
|
posts_read_more: Ganzen Artikel lesen
|
||||||
|
posts_read_time:
|
||||||
|
one: "Eine Minute Lesedauer"
|
||||||
|
other: "{{ . }} Minuten Lesedauer"
|
||||||
|
posts_update_prefix: Aktualisiert am
|
||||||
|
posts_count:
|
||||||
|
one: "Ein Artikel"
|
||||||
|
other: "{{ . }} Artikel"
|
||||||
|
posts_tagged_with: Alle Artikel mit dem Tag '{{ . }}'
|
||||||
|
|
||||||
|
footer_build_with: >
|
||||||
|
Entwickelt mit <a href="https://gohugo.io/" class="gdoc-footer__link">Hugo</a> und
|
||||||
|
<svg class="gdoc-icon gdoc_heart"><use xlink:href="#gdoc_heart"></use></svg>
|
||||||
|
footer_legal_notice: Impressum
|
||||||
|
footer_privacy_policy: Datenschutzerklärung
|
||||||
|
footer_content_license_prefix: >
|
||||||
|
Inhalt lizensiert unter
|
||||||
|
|
||||||
|
language_switch_no_tranlation_prefix: "Seite nicht übersetzt:"
|
||||||
|
|
||||||
|
propertylist_required: erforderlich
|
||||||
|
propertylist_optional: optional
|
||||||
|
propertylist_default: Standardwert
|
||||||
|
|
||||||
|
pagination_page_prev: vorher
|
||||||
|
pagination_page_next: weiter
|
||||||
|
pagination_page_state: "{{ .PageNumber }}/{{ .TotalPages }}"
|
53
docs/themes/hugo-geekdoc/i18n/en.yaml
vendored
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
---
|
||||||
|
edit_page: Edit page
|
||||||
|
|
||||||
|
nav_navigation: Navigation
|
||||||
|
nav_tags: Tags
|
||||||
|
nav_more: More
|
||||||
|
nav_top: Back to top
|
||||||
|
|
||||||
|
form_placeholder_search: Search
|
||||||
|
|
||||||
|
error_page_title: Lost? Don't worry
|
||||||
|
error_message_title: Lost?
|
||||||
|
error_message_code: Error 404
|
||||||
|
error_message_text: >
|
||||||
|
Seems like what you are looking for can't be found. Don't worry, we can
|
||||||
|
bring you back to the <a class="gdoc-error__link" href="{{ . }}">homepage</a>.
|
||||||
|
|
||||||
|
button_toggle_dark: Toggle Dark/Light/Auto mode
|
||||||
|
button_nav_open: Open Navigation
|
||||||
|
button_nav_close: Close Navigation
|
||||||
|
button_menu_open: Open Menu Bar
|
||||||
|
button_menu_close: Close Menu Bar
|
||||||
|
button_homepage: Back to homepage
|
||||||
|
|
||||||
|
title_anchor_prefix: "Anchor to:"
|
||||||
|
|
||||||
|
posts_read_more: Read full post
|
||||||
|
posts_read_time:
|
||||||
|
one: "One minute to read"
|
||||||
|
other: "{{ . }} minutes to read"
|
||||||
|
posts_update_prefix: Updated on
|
||||||
|
posts_count:
|
||||||
|
one: "One post"
|
||||||
|
other: "{{ . }} posts"
|
||||||
|
posts_tagged_with: All posts tagged with '{{ . }}'
|
||||||
|
|
||||||
|
footer_build_with: >
|
||||||
|
Built with <a href="https://gohugo.io/" class="gdoc-footer__link">Hugo</a> and
|
||||||
|
<svg class="gdoc-icon gdoc_heart"><use xlink:href="#gdoc_heart"></use></svg>
|
||||||
|
footer_legal_notice: Legal Notice
|
||||||
|
footer_privacy_policy: Privacy Policy
|
||||||
|
footer_content_license_prefix: >
|
||||||
|
Content licensed under
|
||||||
|
|
||||||
|
language_switch_no_tranlation_prefix: "Page not translated:"
|
||||||
|
|
||||||
|
propertylist_required: required
|
||||||
|
propertylist_optional: optional
|
||||||
|
propertylist_default: default
|
||||||
|
|
||||||
|
pagination_page_prev: prev
|
||||||
|
pagination_page_next: next
|
||||||
|
pagination_page_state: "{{ .PageNumber }}/{{ .TotalPages }}"
|
53
docs/themes/hugo-geekdoc/i18n/es.yaml
vendored
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
---
|
||||||
|
edit_page: Editar página
|
||||||
|
|
||||||
|
nav_navigation: Navegación
|
||||||
|
nav_tags: Etiquetas
|
||||||
|
nav_more: Más
|
||||||
|
nav_top: Inicio de la página
|
||||||
|
|
||||||
|
form_placeholder_search: Buscar
|
||||||
|
|
||||||
|
error_page_title: Perdido? No te preocupes
|
||||||
|
error_message_title: Perdido?
|
||||||
|
error_message_code: Error 404
|
||||||
|
error_message_text: >
|
||||||
|
Al parecer, lo que estás buscando no pudo ser encontrado. No te preocupes, podemos
|
||||||
|
llevarte de vuelta al <a class="gdoc-error__link" href="{{ . }}">inicio</a>.
|
||||||
|
|
||||||
|
button_toggle_dark: Cambiar el modo Oscuro/Claro/Auto
|
||||||
|
button_nav_open: Abrir la Navegación
|
||||||
|
button_nav_close: Cerrar la Navegación
|
||||||
|
button_menu_open: Abrir el Menú Bar
|
||||||
|
button_menu_close: Cerrar el Menú Bar
|
||||||
|
button_homepage: Volver al Inicio
|
||||||
|
|
||||||
|
title_anchor_prefix: "Anclado a:"
|
||||||
|
|
||||||
|
posts_read_more: Lee la publicación completa
|
||||||
|
posts_read_time:
|
||||||
|
one: "Un minuto para leer"
|
||||||
|
other: "{{ . }} minutos para leer"
|
||||||
|
posts_update_prefix: Actualizado en
|
||||||
|
posts_count:
|
||||||
|
one: "Una publicación"
|
||||||
|
other: "{{ . }} publicaciones"
|
||||||
|
posts_tagged_with: Todas las publicaciones etiquetadas con '{{ . }}'
|
||||||
|
|
||||||
|
footer_build_with: >
|
||||||
|
Creado con <a href="https://gohugo.io/" class="gdoc-footer__link">Hugo</a> y
|
||||||
|
<svg class="gdoc-icon gdoc_heart"><use xlink:href="#gdoc_heart"></use></svg>
|
||||||
|
footer_legal_notice: Aviso Legal
|
||||||
|
footer_privacy_policy: Política de Privacidad
|
||||||
|
footer_content_license_prefix: >
|
||||||
|
Contenido licenciado con
|
||||||
|
|
||||||
|
language_switch_no_tranlation_prefix: "Página no traducida:"
|
||||||
|
|
||||||
|
propertylist_required: requerido
|
||||||
|
propertylist_optional: opcional
|
||||||
|
propertylist_default: estándar
|
||||||
|
|
||||||
|
pagination_page_prev: previo
|
||||||
|
pagination_page_next: siguiente
|
||||||
|
pagination_page_state: "{{ .PageNumber }}/{{ .TotalPages }}"
|
53
docs/themes/hugo-geekdoc/i18n/it.yaml
vendored
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
---
|
||||||
|
edit_page: Modifica la pagina
|
||||||
|
|
||||||
|
nav_navigation: Navigazione
|
||||||
|
nav_tags: Etichette
|
||||||
|
nav_more: Altro
|
||||||
|
nav_top: Torna su
|
||||||
|
|
||||||
|
form_placeholder_search: Cerca
|
||||||
|
|
||||||
|
error_page_title: Perso? Non ti preoccupare
|
||||||
|
error_message_title: Perso?
|
||||||
|
error_message_code: Errore 404
|
||||||
|
error_message_text: >
|
||||||
|
Sembra che non sia possibile trovare quello che stavi cercando. Non ti preoccupare,
|
||||||
|
possiamo riportarti alla <a class="gdoc-error__link" href="{{ . }}">pagina iniziale</a>.
|
||||||
|
|
||||||
|
button_toggle_dark: Seleziona il tema Chiaro/Scuro/Automatico
|
||||||
|
button_nav_open: Apri la Navigazione
|
||||||
|
button_nav_close: Chiudi la Navigazione
|
||||||
|
button_menu_open: Apri la Barra del Menu
|
||||||
|
button_menu_close: Chiudi la Barra del Menu
|
||||||
|
button_homepage: Torna alla pagina iniziale
|
||||||
|
|
||||||
|
title_anchor_prefix: "Ancora a:"
|
||||||
|
|
||||||
|
posts_read_more: Leggi tutto il post
|
||||||
|
posts_read_time:
|
||||||
|
one: "Tempo di lettura: un minuto"
|
||||||
|
other: "Tempo di lettura: {{ . }} minuti"
|
||||||
|
posts_update_prefix: Aggiornato il
|
||||||
|
posts_count:
|
||||||
|
one: "Un post"
|
||||||
|
other: "{{ . }} post"
|
||||||
|
posts_tagged_with: Tutti i post etichettati con '{{ . }}'
|
||||||
|
|
||||||
|
footer_build_with: >
|
||||||
|
Realizzato con <a href="https://gohugo.io/" class="gdoc-footer__link">Hugo</a> e
|
||||||
|
<svg class="gdoc-icon gdoc_heart"><use xlink:href="#gdoc_heart"></use></svg>
|
||||||
|
footer_legal_notice: Avviso Legale
|
||||||
|
footer_privacy_policy: Politica sulla Privacy
|
||||||
|
footer_content_license_prefix: >
|
||||||
|
Contenuto sotto licenza
|
||||||
|
|
||||||
|
language_switch_no_tranlation_prefix: "Pagina non tradotta:"
|
||||||
|
|
||||||
|
propertylist_required: richiesto
|
||||||
|
propertylist_optional: opzionale
|
||||||
|
propertylist_default: valore predefinito
|
||||||
|
|
||||||
|
pagination_page_prev: precedente
|
||||||
|
pagination_page_next: prossimo
|
||||||
|
pagination_page_state: "{{ .PageNumber }}/{{ .TotalPages }}"
|
53
docs/themes/hugo-geekdoc/i18n/ja.yaml
vendored
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
---
|
||||||
|
edit_page: ページの編集
|
||||||
|
|
||||||
|
nav_navigation: ナビゲーション
|
||||||
|
nav_tags: タグ
|
||||||
|
nav_more: さらに
|
||||||
|
nav_top: トップへ戻る
|
||||||
|
|
||||||
|
form_placeholder_search: 検索
|
||||||
|
|
||||||
|
error_page_title: お困りですか?ご心配なく
|
||||||
|
error_message_title: お困りですか?
|
||||||
|
error_message_code: 404 エラー
|
||||||
|
error_message_text: >
|
||||||
|
お探しのものが見つからないようです。<a class="gdoc-error__link" href="{{ . }}">トップページ</a>
|
||||||
|
へ戻ることができるので、ご安心ください。
|
||||||
|
|
||||||
|
button_toggle_dark: モードの切替 ダーク/ライト/自動
|
||||||
|
button_nav_open: ナビゲーションを開く
|
||||||
|
button_nav_close: ナビゲーションを閉じる
|
||||||
|
button_menu_open: メニューバーを開く
|
||||||
|
button_menu_close: メニューバーを閉じる
|
||||||
|
button_homepage: トップページへ戻る
|
||||||
|
|
||||||
|
title_anchor_prefix: "アンカー先:"
|
||||||
|
|
||||||
|
posts_read_more: 全投稿を閲覧
|
||||||
|
posts_read_time:
|
||||||
|
one: "読むのに 1 分かかります"
|
||||||
|
other: "読むのに要する時間 {{ . }} (分)"
|
||||||
|
posts_update_prefix: 更新時刻
|
||||||
|
posts_count:
|
||||||
|
one: "一件の投稿"
|
||||||
|
other: "{{ . }} 件の投稿"
|
||||||
|
posts_tagged_with: "'{{ . }}'のタグが付いた記事全部"
|
||||||
|
|
||||||
|
footer_build_with: >
|
||||||
|
<a href="https://gohugo.io/" class="gdoc-footer__link">Hugo</a> でビルドしています。
|
||||||
|
<svg class="gdoc-icon gdoc_heart"><use xlink:href="#gdoc_heart"></use></svg>
|
||||||
|
footer_legal_notice: 法的な告知事項
|
||||||
|
footer_privacy_policy: プライバシーポリシー
|
||||||
|
footer_content_license_prefix: >
|
||||||
|
提供するコンテンツのライセンス
|
||||||
|
|
||||||
|
language_switch_no_tranlation_prefix: "未翻訳のページ:"
|
||||||
|
|
||||||
|
propertylist_required: 必須
|
||||||
|
propertylist_optional: 任意
|
||||||
|
propertylist_default: 既定値
|
||||||
|
|
||||||
|
pagination_page_prev: 前
|
||||||
|
pagination_page_next: 次
|
||||||
|
pagination_page_state: "{{ .PageNumber }}/{{ .TotalPages }}"
|
53
docs/themes/hugo-geekdoc/i18n/nl.yaml
vendored
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
---
|
||||||
|
edit_page: Wijzig pagina
|
||||||
|
|
||||||
|
nav_navigation: Navigatie
|
||||||
|
nav_tags: Markering
|
||||||
|
nav_more: Meer
|
||||||
|
nav_top: Terug naar boven
|
||||||
|
|
||||||
|
form_placeholder_search: Zoek
|
||||||
|
|
||||||
|
error_page_title: Verdwaald? Geen probleem
|
||||||
|
error_message_title: Verdwaald?
|
||||||
|
error_message_code: Error 404
|
||||||
|
error_message_text: >
|
||||||
|
Het lijkt er op dat wat je zoekt niet gevonden kan worden. Geen probleem,
|
||||||
|
we kunnen je terug naar de <a class="gdoc-error__link" href="{{ . }}">startpagina</a> brengen.
|
||||||
|
|
||||||
|
button_toggle_dark: Wijzig Donker/Licht/Auto weergave
|
||||||
|
button_nav_open: Open navigatie
|
||||||
|
button_nav_close: Sluit navigatie
|
||||||
|
button_menu_open: Open menubalk
|
||||||
|
button_menu_close: Sluit menubalk
|
||||||
|
button_homepage: Terug naar startpagina
|
||||||
|
|
||||||
|
title_anchor_prefix: "Link naar:"
|
||||||
|
|
||||||
|
posts_read_more: Lees volledige bericht
|
||||||
|
posts_read_time:
|
||||||
|
one: "Een minuut leestijd"
|
||||||
|
other: "{{ . }} minuten leestijd"
|
||||||
|
posts_update_prefix: Bijgewerkt op
|
||||||
|
posts_count:
|
||||||
|
one: "Een bericht"
|
||||||
|
other: "{{ . }} berichten"
|
||||||
|
posts_tagged_with: Alle berichten gemarkeerd met '{{ . }}'
|
||||||
|
|
||||||
|
footer_build_with: >
|
||||||
|
Gebouwd met <a href="https://gohugo.io/" class="gdoc-footer__link">Hugo</a> en
|
||||||
|
<svg class="gdoc-icon gdoc_heart"><use xlink:href="#gdoc_heart"></use></svg>
|
||||||
|
footer_legal_notice: Juridische mededeling
|
||||||
|
footer_privacy_policy: Privacybeleid
|
||||||
|
footer_content_license_prefix: >
|
||||||
|
Inhoud gelicenseerd onder
|
||||||
|
|
||||||
|
language_switch_no_tranlation_prefix: "Pagina niet vertaald:"
|
||||||
|
|
||||||
|
propertylist_required: verplicht
|
||||||
|
propertylist_optional: optioneel
|
||||||
|
propertylist_default: standaard
|
||||||
|
|
||||||
|
pagination_page_prev: vorige
|
||||||
|
pagination_page_next: volgende
|
||||||
|
pagination_page_state: "{{ .PageNumber }}/{{ .TotalPages }}"
|
53
docs/themes/hugo-geekdoc/i18n/zh-cn.yaml
vendored
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
---
|
||||||
|
edit_page: 编辑页面
|
||||||
|
|
||||||
|
nav_navigation: 导航
|
||||||
|
nav_tags: 标签
|
||||||
|
nav_more: 更多
|
||||||
|
nav_top: 回到顶部
|
||||||
|
|
||||||
|
form_placeholder_search: 搜索
|
||||||
|
|
||||||
|
error_page_title: 迷路了? 不用担心
|
||||||
|
error_message_title: 迷路了?
|
||||||
|
error_message_code: 错误 404
|
||||||
|
error_message_text: >
|
||||||
|
好像找不到你要找的东西。 别担心,我们可以
|
||||||
|
带您回到<a class="gdoc-error__link" href="{{ . }}">主页</a>。
|
||||||
|
|
||||||
|
button_toggle_dark: 切换暗/亮/自动模式
|
||||||
|
button_nav_open: 打开导航
|
||||||
|
button_nav_close: 关闭导航
|
||||||
|
button_menu_open: 打开菜单栏
|
||||||
|
button_menu_close: 关闭菜单栏
|
||||||
|
button_homepage: 返回首页
|
||||||
|
|
||||||
|
title_anchor_prefix: "锚定到:"
|
||||||
|
|
||||||
|
posts_read_more: 阅读全文
|
||||||
|
posts_read_time:
|
||||||
|
one: "一分钟阅读时间"
|
||||||
|
other: "{{ . }} 分钟阅读时间"
|
||||||
|
posts_update_prefix: 更新时间
|
||||||
|
posts_count:
|
||||||
|
one: 一篇文章
|
||||||
|
other: "{{ . }} 个帖子"
|
||||||
|
posts_tagged_with: 所有带有“{{ . }}”标签的帖子。
|
||||||
|
|
||||||
|
footer_build_with: >
|
||||||
|
基于 <a href="https://gohugo.io/" class="gdoc-footer__link">Hugo</a>
|
||||||
|
<svg class="gdoc-icon gdoc_heart"><use xlink:href="#gdoc_heart"></use></svg> 制作
|
||||||
|
footer_legal_notice: "法律声明"
|
||||||
|
footer_privacy_policy: "隐私政策"
|
||||||
|
footer_content_license_prefix: >
|
||||||
|
内容许可证
|
||||||
|
|
||||||
|
language_switch_no_tranlation_prefix: "页面未翻译:"
|
||||||
|
|
||||||
|
propertylist_required: 需要
|
||||||
|
propertylist_optional: 可选
|
||||||
|
propertylist_default: 默认值
|
||||||
|
|
||||||
|
pagination_page_prev: 以前
|
||||||
|
pagination_page_next: 下一个
|
||||||
|
pagination_page_state: "{{ .PageNumber }}/{{ .TotalPages }}"
|
BIN
docs/themes/hugo-geekdoc/images/readme.png
vendored
Normal file
After Width: | Height: | Size: 201 KiB |
BIN
docs/themes/hugo-geekdoc/images/screenshot.png
vendored
Normal file
After Width: | Height: | Size: 297 KiB |
BIN
docs/themes/hugo-geekdoc/images/tn.png
vendored
Normal file
After Width: | Height: | Size: 127 KiB |
40
docs/themes/hugo-geekdoc/layouts/404.html
vendored
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="{{ .Site.Language.Lang }}">
|
||||||
|
<head>
|
||||||
|
{{ partial "head/meta" . }}
|
||||||
|
<title>{{ i18n "error_page_title" }}</title>
|
||||||
|
|
||||||
|
{{ partial "head/favicons" . }}
|
||||||
|
{{ partial "head/others" . }}
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
{{ partial "svg-icon-symbols" . }}
|
||||||
|
|
||||||
|
|
||||||
|
<div class="wrapper">
|
||||||
|
<input type="checkbox" class="hidden" id="menu-header-control" />
|
||||||
|
|
||||||
|
{{ partial "site-header" (dict "Root" . "MenuEnabled" false) }}
|
||||||
|
|
||||||
|
|
||||||
|
<main class="gdoc-error flex-even">
|
||||||
|
<div class="flex align-center justify-center">
|
||||||
|
<div class="gdoc-error__icon">
|
||||||
|
<svg class="gdoc-icon gdoc_cloud_off"><use xlink:href="#gdoc_cloud_off"></use></svg>
|
||||||
|
</div>
|
||||||
|
<div class="gdoc-error__message">
|
||||||
|
<div class="gdoc-error__line gdoc-error__title">{{ i18n "error_message_title" }}</div>
|
||||||
|
<div class="gdoc-error__line gdoc-error__code">{{ i18n "error_message_code" }}</div>
|
||||||
|
<div class="gdoc-error__line gdoc-error__help">
|
||||||
|
{{ i18n "error_message_text" .Site.BaseURL | safeHTML }}
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</main>
|
||||||
|
|
||||||
|
{{ partial "site-footer" . }}
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</body>
|
||||||
|
</html>
|
11
docs/themes/hugo-geekdoc/layouts/_default/_markup/render-codeblock-mermaid.html
vendored
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
<!-- prettier-ignore-start -->
|
||||||
|
{{ if not (.Page.Scratch.Get "mermaid") }}
|
||||||
|
<!-- Include mermaid only first time -->
|
||||||
|
<script defer src="{{ index (index .Page.Site.Data.assets "mermaid.js") "src" | relURL }}"></script>
|
||||||
|
{{ .Page.Scratch.Set "mermaid" true }}
|
||||||
|
{{ end }}
|
||||||
|
<!-- prettier-ignore-end -->
|
||||||
|
|
||||||
|
<pre class="gdoc-mermaid mermaid text-center">
|
||||||
|
{{- .Inner -}}
|
||||||
|
</pre>
|
27
docs/themes/hugo-geekdoc/layouts/_default/_markup/render-heading.html
vendored
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
{{- $showAnchor := (and (default true .Page.Params.geekdocAnchor) (default true .Page.Site.Params.geekdocAnchor)) -}}
|
||||||
|
|
||||||
|
|
||||||
|
<!-- prettier-ignore-start -->
|
||||||
|
{{- if $showAnchor -}}
|
||||||
|
<div class="flex align-center gdoc-page__anchorwrap">
|
||||||
|
<h{{ .Level }} id="{{ .Anchor | safeURL }}" {{- with .Attributes.class }}
|
||||||
|
class="{{ . }}"
|
||||||
|
{{- end }}
|
||||||
|
>
|
||||||
|
{{ .Text | safeHTML }}
|
||||||
|
</h{{ .Level }}>
|
||||||
|
<a data-clipboard-text="{{ .Page.Permalink }}#{{ .Anchor | safeURL }}" class="gdoc-page__anchor clip flex align-center" title="{{ i18n "title_anchor_prefix" }} {{ .Text | safeHTML }}" aria-label="{{ i18n "title_anchor_prefix" }} {{ .Text | safeHTML }}" href="#{{ .Anchor | safeURL }}">
|
||||||
|
<svg class="gdoc-icon gdoc_link"><use xlink:href="#gdoc_link"></use></svg>
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
{{- else -}}
|
||||||
|
<div class="gdoc-page__anchorwrap">
|
||||||
|
<h{{ .Level }} id="{{ .Anchor | safeURL }}" {{- with .Attributes.class }}
|
||||||
|
class="{{ . }}"
|
||||||
|
{{- end }}
|
||||||
|
>
|
||||||
|
{{ .Text | safeHTML }}
|
||||||
|
</h{{ .Level }}>
|
||||||
|
</div>
|
||||||
|
{{- end -}}
|
||||||
|
<!-- prettier-ignore-end -->
|
6
docs/themes/hugo-geekdoc/layouts/_default/_markup/render-image.html
vendored
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
<img
|
||||||
|
src="{{ .Destination | safeURL }}"
|
||||||
|
alt="{{ .Text }}"
|
||||||
|
{{ with .Title }}title="{{ . }}"{{ end }}
|
||||||
|
/>
|
||||||
|
{{- /* Drop trailing newlines */ -}}
|
14
docs/themes/hugo-geekdoc/layouts/_default/_markup/render-link.html
vendored
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
{{- $raw := or (hasPrefix .Text "<img") (hasPrefix .Text "<figure") -}}
|
||||||
|
{{- $code := hasPrefix .Text "<code" -}}
|
||||||
|
<a
|
||||||
|
class="gdoc-markdown__link{{ if $raw -}}
|
||||||
|
--raw
|
||||||
|
{{- else if $code -}}
|
||||||
|
--code
|
||||||
|
{{- end }}"
|
||||||
|
href="{{ .Destination | safeURL }}"
|
||||||
|
{{- with .Title }}{{ printf "title=\"%s\"" . | safeHTMLAttr }}{{- end }}
|
||||||
|
>
|
||||||
|
{{- .Text | safeHTML -}}
|
||||||
|
</a>
|
||||||
|
{{- /* Drop trailing newlines */ -}}
|
60
docs/themes/hugo-geekdoc/layouts/_default/baseof.html
vendored
Normal file
|
@ -0,0 +1,60 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html
|
||||||
|
lang="{{ .Site.Language.Lang }}"
|
||||||
|
class="color-toggle-hidden"
|
||||||
|
{{ if default false .Site.Params.geekdocDarkModeCode }}code-theme="dark"{{ end }}
|
||||||
|
>
|
||||||
|
<head>
|
||||||
|
{{ partial "head/meta" . }}
|
||||||
|
<title>
|
||||||
|
{{- if eq .Kind "home" -}}
|
||||||
|
{{ .Site.Title }}
|
||||||
|
{{- else -}}
|
||||||
|
{{ printf "%s | %s" (partial "utils/title" .) .Site.Title }}
|
||||||
|
{{- end -}}
|
||||||
|
</title>
|
||||||
|
|
||||||
|
{{ partial "head/favicons" . }}
|
||||||
|
{{ partial "head/rel-me" . }}
|
||||||
|
{{ partial "head/microformats" . }}
|
||||||
|
{{ partial "head/others" . }}
|
||||||
|
{{ partial "head/custom" . }}
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body itemscope itemtype="https://schema.org/WebPage">
|
||||||
|
{{ partial "svg-icon-symbols" . }}
|
||||||
|
|
||||||
|
|
||||||
|
<div
|
||||||
|
class="wrapper {{ if default false .Site.Params.geekdocDarkModeDim }}dark-mode-dim{{ end }}"
|
||||||
|
>
|
||||||
|
<input type="checkbox" class="hidden" id="menu-control" />
|
||||||
|
<input type="checkbox" class="hidden" id="menu-header-control" />
|
||||||
|
{{ $navEnabled := default true .Page.Params.geekdocNav }}
|
||||||
|
{{ partial "site-header" (dict "Root" . "MenuEnabled" $navEnabled) }}
|
||||||
|
|
||||||
|
|
||||||
|
<main class="container flex flex-even">
|
||||||
|
{{ if $navEnabled }}
|
||||||
|
<aside class="gdoc-nav">
|
||||||
|
{{ partial "menu" . }}
|
||||||
|
</aside>
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
|
|
||||||
|
<div class="gdoc-page">
|
||||||
|
{{ template "main" . }}
|
||||||
|
|
||||||
|
|
||||||
|
<div class="gdoc-page__footer flex flex-wrap justify-between">
|
||||||
|
{{ partial "menu-nextprev" . }}
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</main>
|
||||||
|
|
||||||
|
{{ partial "site-footer" . }}
|
||||||
|
</div>
|
||||||
|
|
||||||
|
{{ partial "foot" . }}
|
||||||
|
</body>
|
||||||
|
</html>
|
11
docs/themes/hugo-geekdoc/layouts/_default/list.html
vendored
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
{{ define "main" }}
|
||||||
|
{{ partial "page-header" . }}
|
||||||
|
|
||||||
|
|
||||||
|
<article
|
||||||
|
class="gdoc-markdown gdoc-markdown__align--{{ default "left" (.Page.Params.geekdocAlign | lower) }}"
|
||||||
|
>
|
||||||
|
<h1>{{ partial "utils/title" . }}</h1>
|
||||||
|
{{ partial "utils/content" . }}
|
||||||
|
</article>
|
||||||
|
{{ end }}
|
11
docs/themes/hugo-geekdoc/layouts/_default/single.html
vendored
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
{{ define "main" }}
|
||||||
|
{{ partial "page-header" . }}
|
||||||
|
|
||||||
|
|
||||||
|
<article
|
||||||
|
class="gdoc-markdown gdoc-markdown__align--{{ default "left" (.Page.Params.geekdocAlign | lower) }}"
|
||||||
|
>
|
||||||
|
<h1>{{ partial "utils/title" . }}</h1>
|
||||||
|
{{ partial "utils/content" . }}
|
||||||
|
</article>
|
||||||
|
{{ end }}
|
49
docs/themes/hugo-geekdoc/layouts/_default/taxonomy.html
vendored
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
{{ define "main" }}
|
||||||
|
{{ range .Paginator.Pages }}
|
||||||
|
<article class="gdoc-post">
|
||||||
|
<header class="gdoc-post__header">
|
||||||
|
<h1 class="gdoc-post__title">
|
||||||
|
<a href="{{ .RelPermalink }}">{{ partial "utils/title" . }}</a>
|
||||||
|
</h1>
|
||||||
|
</header>
|
||||||
|
|
||||||
|
<section class="gdoc-markdown">
|
||||||
|
{{ .Summary }}
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<div class="gdoc-post__readmore">
|
||||||
|
{{ if .Truncated }}
|
||||||
|
<a
|
||||||
|
class="flex-inline align-center fake-link"
|
||||||
|
title="{{ i18n "posts_read_more" }}"
|
||||||
|
href="{{ .RelPermalink }}"
|
||||||
|
>
|
||||||
|
{{ i18n "posts_read_more" }}
|
||||||
|
<i class="gdoc-icon">gdoc_arrow_right_alt</i>
|
||||||
|
</a>
|
||||||
|
{{ end }}
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<footer class="gdoc-post__footer">
|
||||||
|
<div class="flex flex-wrap align-center gdoc-post__meta">
|
||||||
|
{{ partial "posts/metadata.html" . }}
|
||||||
|
</div>
|
||||||
|
</footer>
|
||||||
|
</article>
|
||||||
|
{{ end }}
|
||||||
|
{{ partial "pagination.html" . }}
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
|
{{ define "post-tag" }}
|
||||||
|
<span class="gdoc-post__tag">
|
||||||
|
<span class="gdoc-button">
|
||||||
|
<a
|
||||||
|
class="gdoc-button__link"
|
||||||
|
href="{{ .page.RelPermalink }}"
|
||||||
|
title="{{ i18n "posts_tagged_with" .name }}"
|
||||||
|
>
|
||||||
|
{{ .name }}
|
||||||
|
</a>
|
||||||
|
</span>
|
||||||
|
</span>
|
||||||
|
{{ end }}
|
32
docs/themes/hugo-geekdoc/layouts/_default/terms.html
vendored
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
{{ define "main" }}
|
||||||
|
{{ range .Paginator.Pages.ByTitle }}
|
||||||
|
<article class="gdoc-post">
|
||||||
|
<header class="gdoc-post__header">
|
||||||
|
<h1 class="gdoc-post__title">
|
||||||
|
<a href="{{ .RelPermalink }}">{{ partial "utils/title" . }}</a>
|
||||||
|
</h1>
|
||||||
|
</header>
|
||||||
|
|
||||||
|
<footer class="gdoc-post__meta flex align-center">
|
||||||
|
<span class="flex align-center no-wrap">
|
||||||
|
{{ $pageCount := len .Pages }}
|
||||||
|
<svg class="gdoc-icon gdoc_tag"><use xlink:href="#gdoc_tag"></use></svg>
|
||||||
|
<span class="gdoc-post__tag">
|
||||||
|
{{ i18n "posts_count" $pageCount }}
|
||||||
|
</span>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span class="flex align-center no-wrap">
|
||||||
|
<svg class="gdoc-icon gdoc_star"><use xlink:href="#gdoc_star"></use></svg>
|
||||||
|
<span>
|
||||||
|
{{ $latet := index .Pages.ByDate 0 }}
|
||||||
|
{{ with $latet }}
|
||||||
|
<a href="{{ .RelPermalink }}">{{ partial "utils/title" . }}</a>
|
||||||
|
{{ end }}
|
||||||
|
</span>
|
||||||
|
</span>
|
||||||
|
</footer>
|
||||||
|
</article>
|
||||||
|
{{ end }}
|
||||||
|
{{ partial "pagination.html" . }}
|
||||||
|
{{ end }}
|
6
docs/themes/hugo-geekdoc/layouts/partials/foot.html
vendored
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{{ if default true .Site.Params.geekdocSearch }}
|
||||||
|
<script defer src="{{ index (index .Site.Data.assets "search.js") "src" | relURL }}"></script>
|
||||||
|
{{- $searchConfigFile := printf "search/%s.config.json" .Language.Lang -}}
|
||||||
|
{{- $searchConfig := resources.Get "search/config.json" | resources.ExecuteAsTemplate $searchConfigFile . | resources.Minify -}}
|
||||||
|
{{- $searchConfig.Publish -}}
|
||||||
|
{{ end }}
|
1
docs/themes/hugo-geekdoc/layouts/partials/head/custom.html
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
<!-- You can add custom elements to the page header here. -->
|
13
docs/themes/hugo-geekdoc/layouts/partials/head/favicons.html
vendored
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
<link rel="icon" type="image/svg+xml" href="{{ "favicon/favicon.svg" | relURL }}" />
|
||||||
|
<link
|
||||||
|
rel="icon"
|
||||||
|
type="image/png"
|
||||||
|
sizes="32x32"
|
||||||
|
href="{{ "favicon/favicon-32x32.png" | relURL }}"
|
||||||
|
/>
|
||||||
|
<link
|
||||||
|
rel="icon"
|
||||||
|
type="image/png"
|
||||||
|
sizes="16x16"
|
||||||
|
href="{{ "favicon/favicon-16x16.png" | relURL }}"
|
||||||
|
/>
|