docs: add hugo website (#4101)
59
.github/workflows/docs.yml
vendored
Normal file
|
@ -0,0 +1,59 @@
|
|||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.ref }}
|
||||
cancel-in-progress: true
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- docs/**
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
# Build job
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
# Build the site and upload artifacts using actions/upload-pages-artifact
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v2
|
||||
- name: Build docs
|
||||
uses: docker/bake-action@v3
|
||||
with:
|
||||
files: |
|
||||
docker-bake.hcl
|
||||
targets: docs-export
|
||||
set: |
|
||||
*.cache-from=type=gha,scope=docs
|
||||
*.cache-to=type=gha,scope=docs,mode=max
|
||||
- name: Upload Pages artifact
|
||||
uses: actions/upload-pages-artifact@v2
|
||||
with:
|
||||
path: ./build/docs
|
||||
|
||||
# Deploy job
|
||||
deploy:
|
||||
# Add a dependency to the build job
|
||||
needs: build
|
||||
|
||||
# Grant GITHUB_TOKEN the permissions required to make a Pages deployment
|
||||
permissions:
|
||||
pages: write # to deploy to Pages
|
||||
id-token: write # to verify the deployment originates from an appropriate source
|
||||
|
||||
# Deploy to the github-pages environment
|
||||
environment:
|
||||
name: github-pages
|
||||
url: ${{ steps.deployment.outputs.page_url }}
|
||||
|
||||
# Specify runner + deployment step
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Deploy to GitHub Pages
|
||||
id: deployment
|
||||
uses: actions/deploy-pages@v2 # or the latest "vX.X.X" version tag for this action
|
5
.gitignore
vendored
|
@ -38,3 +38,8 @@ bin/*
|
|||
.idea/*
|
||||
|
||||
tests/miniodata
|
||||
|
||||
# Docs
|
||||
**/.hugo_build.lock
|
||||
docs/resources
|
||||
docs/public
|
||||
|
|
|
@ -7,7 +7,7 @@ This is useful if you intend to actively work on the registry.
|
|||
|
||||
### Alternatives
|
||||
|
||||
Most people should use the [official Registry docker image](https://hub.docker.com/r/library/registry/).
|
||||
Most people should use prebuilt images, for example, the [Registry docker image](https://hub.docker.com/r/library/registry/) provided by Docker.
|
||||
|
||||
People looking for advanced operational use cases might consider rolling their own image with a custom Dockerfile inheriting `FROM registry:2`.
|
||||
|
||||
|
|
|
@ -94,7 +94,7 @@ performance must not be discussed on the pull request.
|
|||
|
||||
## How are decisions made?
|
||||
|
||||
Docker distribution is an open-source project with an open design philosophy.
|
||||
CNCF distribution is an open-source project with an open design philosophy.
|
||||
This means that the repository is the source of truth for EVERY aspect of the
|
||||
project, including its philosophy, design, road map, and APIs. *If it's part of
|
||||
the project, it's in the repo. If it's in the repo, it's part of the project.*
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
The toolset to pack, ship, store, and deliver content.
|
||||
|
||||
This repository's main product is the Open Source Registry implementation
|
||||
for storing and distributing container images using the
|
||||
for storing and distributing container images and other content using the
|
||||
[OCI Distribution Specification](https://github.com/opencontainers/distribution-spec).
|
||||
The goal of this project is to provide a simple, secure, and scalable base
|
||||
for building a large scale registry solution or running a simple private registry.
|
||||
|
|
2
doc.go
|
@ -1,6 +1,6 @@
|
|||
// Package distribution will define the interfaces for the components of
|
||||
// docker distribution. The goal is to allow users to reliably package, ship
|
||||
// and store content related to docker images.
|
||||
// and store content related to container images.
|
||||
//
|
||||
// This is currently a work in progress. More details are available in the
|
||||
// README.md.
|
||||
|
|
|
@ -94,3 +94,26 @@ target "image-all" {
|
|||
"linux/s390x"
|
||||
]
|
||||
}
|
||||
|
||||
target "_common_docs" {
|
||||
dockerfile = "./dockerfiles/docs.Dockerfile"
|
||||
}
|
||||
|
||||
target "docs-export" {
|
||||
inherits = ["_common_docs"]
|
||||
target = "out"
|
||||
output = ["type=local,dest=build/docs"]
|
||||
}
|
||||
|
||||
target "docs-image" {
|
||||
inherits = ["_common_docs"]
|
||||
target = "server"
|
||||
output = ["type=docker"]
|
||||
tags = ["registry-docs:local"]
|
||||
}
|
||||
|
||||
target "docs-test" {
|
||||
inherits = ["_common_docs"]
|
||||
target = "test"
|
||||
output = ["type=cacheonly"]
|
||||
}
|
||||
|
|
35
dockerfiles/docs.Dockerfile
Normal file
|
@ -0,0 +1,35 @@
|
|||
# syntax=docker/dockerfile:1
|
||||
|
||||
ARG GO_VERSION=1.20.8
|
||||
ARG ALPINE_VERSION=3.18
|
||||
|
||||
FROM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS base
|
||||
RUN apk add --no-cache git
|
||||
|
||||
FROM base AS hugo
|
||||
ARG HUGO_VERSION=0.119.0
|
||||
RUN --mount=type=cache,target=/go/mod/pkg \
|
||||
go install github.com/gohugoio/hugo@v${HUGO_VERSION}
|
||||
|
||||
FROM base AS build-base
|
||||
COPY --from=hugo $GOPATH/bin/hugo /bin/hugo
|
||||
WORKDIR /src
|
||||
|
||||
FROM build-base AS build
|
||||
RUN --mount=type=bind,rw,source=docs,target=. \
|
||||
hugo --gc --minify --destination /out
|
||||
|
||||
FROM build-base AS server
|
||||
COPY docs .
|
||||
ENTRYPOINT [ "hugo", "server", "--bind", "0.0.0.0" ]
|
||||
EXPOSE 1313
|
||||
|
||||
FROM scratch AS out
|
||||
COPY --from=build /out /
|
||||
|
||||
FROM wjdp/htmltest:v0.17.0 AS test
|
||||
WORKDIR /test
|
||||
COPY --from=build /out ./public
|
||||
ADD docs/.htmltest.yml .htmltest.yml
|
||||
RUN --mount=type=cache,target=tmp/.htmltest \
|
||||
htmltest
|
9
docs/.htmltest.yml
Normal file
|
@ -0,0 +1,9 @@
|
|||
DirectoryPath: "public"
|
||||
EnforceHTTPS: true
|
||||
CheckDoctype: true
|
||||
CheckExternal: true
|
||||
IgnoreAltMissing: true
|
||||
IgnoreAltEmpty: true
|
||||
IgnoreEmptyHref: true
|
||||
IgnoreInternalEmptyHash: true
|
||||
IgnoreDirectoryMissingTrailingSlash: true
|
77
docs/content/_index.md
Normal file
|
@ -0,0 +1,77 @@
|
|||
---
|
||||
description: High-level overview of the Registry
|
||||
keywords: registry, on-prem, images, tags, repository, distribution
|
||||
title: Distribution Registry
|
||||
---
|
||||
|
||||
## What it is
|
||||
|
||||
The Registry is a stateless, highly scalable server side application that stores
|
||||
and lets you distribute container images and other content. The Registry is open-source, under the
|
||||
permissive [Apache license](https://en.wikipedia.org/wiki/Apache_License).
|
||||
|
||||
## Why use it
|
||||
|
||||
You should use the Registry if you want to:
|
||||
|
||||
* tightly control where your images are being stored
|
||||
* fully own your images distribution pipeline
|
||||
* integrate image storage and distribution tightly into your in-house development workflow
|
||||
|
||||
## Alternatives
|
||||
|
||||
Users looking for a zero maintenance, ready-to-go solution are encouraged to
|
||||
use one of the existing registry services. Many of these provide support and security
|
||||
scanning, and are free for public repositories. For example:
|
||||
- [Docker Hub](https://hub.docker.com)
|
||||
- [Quay.io](https://quay.io/)
|
||||
- [GitHub Packages](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry)
|
||||
|
||||
Cloud infrastructure providers such as [AWS](https://aws.amazon.com/ecr/), [Azure](https://azure.microsoft.com/products/container-registry/), [Google Cloud](https://cloud.google.com/artifact-registry) and [IBM Cloud](https://www.ibm.com/products/container-registry) also have container registry services available at a cost.
|
||||
|
||||
## Compatibility
|
||||
|
||||
The distribution registry implements the [OCI Distribution Spec](https://github.com/opencontainers/distribution-spec) version 1.0.1.
|
||||
|
||||
## Basic commands
|
||||
|
||||
Start your registry
|
||||
|
||||
```sh
|
||||
docker run -d -p 5000:5000 --name registry registry:2
|
||||
```
|
||||
|
||||
Pull (or build) some image from the hub
|
||||
|
||||
```sh
|
||||
docker pull ubuntu
|
||||
```
|
||||
|
||||
Tag the image so that it points to your registry
|
||||
|
||||
```sh
|
||||
docker image tag ubuntu localhost:5000/myfirstimage
|
||||
```
|
||||
|
||||
Push it
|
||||
|
||||
```sh
|
||||
docker push localhost:5000/myfirstimage
|
||||
```
|
||||
|
||||
Pull it back
|
||||
|
||||
```sh
|
||||
docker pull localhost:5000/myfirstimage
|
||||
```
|
||||
|
||||
Now stop your registry and remove all data
|
||||
|
||||
```sh
|
||||
docker container stop registry && docker container rm -v registry
|
||||
```
|
||||
|
||||
## Next
|
||||
|
||||
You should now read the [detailed introduction about the registry](about),
|
||||
or jump directly to [deployment instructions](about/deploying).
|
|
@ -4,12 +4,12 @@ keywords: registry, on-prem, images, tags, repository, distribution, use cases,
|
|||
title: About Registry
|
||||
---
|
||||
|
||||
A registry is a storage and content delivery system, holding named Docker
|
||||
images, available in different tagged versions.
|
||||
A registry is a storage and content delivery system, holding named container
|
||||
images and other content, available in different tagged versions.
|
||||
|
||||
> Example: the image `distribution/registry`, with tags `2.0` and `2.1`.
|
||||
|
||||
Users interact with a registry by using docker push and pull commands.
|
||||
Users interact with a registry by pushing and pulling images.
|
||||
|
||||
> Example: `docker pull registry-1.docker.io/distribution/registry:2.1`.
|
||||
|
||||
|
@ -27,7 +27,7 @@ The Registry GitHub repository includes additional information about advanced
|
|||
authentication and authorization methods. Only very large or public deployments
|
||||
are expected to extend the Registry in this way.
|
||||
|
||||
Finally, the Registry ships with a robust [notification system](notifications.md),
|
||||
Finally, the Registry ships with a robust [notification system](notifications),
|
||||
calling webhooks in response to activity, and both extensive logging and reporting,
|
||||
mostly useful for large installations that want to collect metrics.
|
||||
|
||||
|
@ -35,11 +35,11 @@ mostly useful for large installations that want to collect metrics.
|
|||
|
||||
Image names as used in typical docker commands reflect their origin:
|
||||
|
||||
* `docker pull ubuntu` instructs docker to pull an image named `ubuntu` from the official Docker Hub. This is simply a shortcut for the longer `docker pull docker.io/library/ubuntu` command
|
||||
* `docker pull ubuntu` instructs docker to pull an image named `ubuntu` from Docker Hub. This is simply a shortcut for the longer `docker pull docker.io/library/ubuntu` command
|
||||
* `docker pull myregistrydomain:port/foo/bar` instructs docker to contact the registry located at `myregistrydomain:port` to find the image `foo/bar`
|
||||
|
||||
You can find out more about the various Docker commands dealing with images in
|
||||
the [official Docker engine documentation](../engine/reference/commandline/cli.md).
|
||||
the [Docker engine documentation](https://docs.docker.com/engine/reference/commandline/cli/).
|
||||
|
||||
## Use cases
|
||||
|
||||
|
@ -70,4 +70,4 @@ golang are certainly useful as well for advanced operations or hacking.
|
|||
|
||||
## Next
|
||||
|
||||
Dive into [deploying your registry](deploying.md)
|
||||
Dive into [deploying your registry](deploying)
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
published: false
|
||||
draft: true
|
||||
---
|
||||
|
||||
# Architecture
|
|
@ -5,13 +5,14 @@ title: Registry compatibility
|
|||
---
|
||||
|
||||
## Synopsis
|
||||
|
||||
If a manifest is pulled by _digest_ from a registry 2.3 with Docker Engine 1.9
|
||||
and older, and the manifest was pushed with Docker Engine 1.10, a security check
|
||||
causes the Engine to receive a manifest it cannot use and the pull fails.
|
||||
|
||||
## Registry manifest support
|
||||
|
||||
Historically, the registry has supported a [single manifest type](./spec/manifest-v2-1.md)
|
||||
Historically, the registry has supported a single manifest type
|
||||
known as _Schema 1_.
|
||||
|
||||
With the move toward multiple architecture images, the distribution project
|
||||
|
@ -23,7 +24,6 @@ preserve compatibility with older versions of Docker Engine.
|
|||
This conversion has some implications for pulling manifests by digest and this
|
||||
document enumerates these implications.
|
||||
|
||||
|
||||
## Content Addressable Storage (CAS)
|
||||
|
||||
Manifests are stored and retrieved in the registry by keying off a digest
|
||||
|
@ -42,7 +42,6 @@ attempts to send a _Schema 2_ manifest, falling back to sending a
|
|||
Schema 1 type manifest when it detects that the registry does not
|
||||
support the new version.
|
||||
|
||||
|
||||
## Registry v2.3
|
||||
|
||||
### Manifest push with Docker 1.10
|
||||
|
@ -75,4 +74,3 @@ registry persists to disk.
|
|||
|
||||
When the manifest is pulled by digest or tag with any Docker version, a
|
||||
_Schema 1_ manifest is returned.
|
||||
|
|
@ -10,7 +10,7 @@ before moving your systems to production.
|
|||
|
||||
## Override specific configuration options
|
||||
|
||||
In a typical setup where you run your Registry from the official image, you can
|
||||
In a typical setup where you run your registry as a container, you can
|
||||
specify a configuration variable from the environment by passing `-e` arguments
|
||||
to your `docker run` stanza or from within a Dockerfile using the `ENV`
|
||||
instruction.
|
||||
|
@ -20,7 +20,7 @@ To override a configuration option, create an environment variable named
|
|||
and the `_` (underscore) represents indention levels. For example, you can
|
||||
configure the `rootdirectory` of the `filesystem` storage backend:
|
||||
|
||||
```none
|
||||
```yaml
|
||||
storage:
|
||||
filesystem:
|
||||
rootdirectory: /var/lib/registry
|
||||
|
@ -28,7 +28,7 @@ storage:
|
|||
|
||||
To override this value, set an environment variable like this:
|
||||
|
||||
```none
|
||||
```sh
|
||||
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/somewhere
|
||||
```
|
||||
|
||||
|
@ -64,7 +64,7 @@ These are all configuration options for the registry. Some options in the list
|
|||
are mutually exclusive. Read the detailed reference information about each
|
||||
option before finalizing your configuration.
|
||||
|
||||
```none
|
||||
```yaml
|
||||
version: 0.1
|
||||
log:
|
||||
accesslog:
|
||||
|
@ -293,7 +293,7 @@ the children marked **required**.
|
|||
|
||||
## `version`
|
||||
|
||||
```none
|
||||
```yaml
|
||||
version: 0.1
|
||||
```
|
||||
|
||||
|
@ -307,7 +307,7 @@ The `log` subsection configures the behavior of the logging system. The logging
|
|||
system outputs everything to stderr. You can adjust the granularity and format
|
||||
with this configuration section.
|
||||
|
||||
```none
|
||||
```yaml
|
||||
log:
|
||||
accesslog:
|
||||
disabled: true
|
||||
|
@ -326,7 +326,7 @@ log:
|
|||
|
||||
### `accesslog`
|
||||
|
||||
```none
|
||||
```yaml
|
||||
accesslog:
|
||||
disabled: true
|
||||
```
|
||||
|
@ -338,7 +338,7 @@ Access logging can be disabled by setting the boolean flag `disabled` to `true`.
|
|||
|
||||
## `hooks`
|
||||
|
||||
```none
|
||||
```yaml
|
||||
hooks:
|
||||
- type: mail
|
||||
levels:
|
||||
|
@ -362,7 +362,7 @@ Refer to `loglevel` to configure the level of messages printed.
|
|||
|
||||
> **DEPRECATED:** Please use [log](#log) instead.
|
||||
|
||||
```none
|
||||
```yaml
|
||||
loglevel: debug
|
||||
```
|
||||
|
||||
|
@ -371,7 +371,7 @@ Permitted values are `error`, `warn`, `info` and `debug`. The default is
|
|||
|
||||
## `storage`
|
||||
|
||||
```none
|
||||
```yaml
|
||||
storage:
|
||||
filesystem:
|
||||
rootdirectory: /var/lib/registry
|
||||
|
@ -436,15 +436,15 @@ returns an error. You can choose any of these backend storage drivers:
|
|||
|
||||
| Storage driver | Description |
|
||||
|---------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `filesystem` | Uses the local disk to store registry files. It is ideal for development and may be appropriate for some small-scale production applications. See the [driver's reference documentation](https://github.com/docker/docker.github.io/tree/master/registry/storage-drivers/filesystem.md). |
|
||||
| `azure` | Uses Microsoft Azure Blob Storage. See the [driver's reference documentation](https://github.com/docker/docker.github.io/tree/master/registry/storage-drivers/azure.md). |
|
||||
| `gcs` | Uses Google Cloud Storage. See the [driver's reference documentation](https://github.com/docker/docker.github.io/tree/master/registry/storage-drivers/gcs.md). |
|
||||
| `s3` | Uses Amazon Simple Storage Service (S3) and compatible Storage Services. See the [driver's reference documentation](https://github.com/docker/docker.github.io/tree/master/registry/storage-drivers/s3.md). |
|
||||
| `filesystem` | Uses the local disk to store registry files. It is ideal for development and may be appropriate for some small-scale production applications. See the [driver's reference documentation](/storage-drivers/filesystem). |
|
||||
| `azure` | Uses Microsoft Azure Blob Storage. See the [driver's reference documentation](/storage-drivers/azure). |
|
||||
| `gcs` | Uses Google Cloud Storage. See the [driver's reference documentation](/storage-drivers/gcs). |
|
||||
| `s3` | Uses Amazon Simple Storage Service (S3) and compatible Storage Services. See the [driver's reference documentation](/storage-drivers/s3). |
|
||||
|
||||
For testing only, you can use the [`inmemory` storage
|
||||
driver](https://github.com/docker/docker.github.io/tree/master/registry/storage-drivers/inmemory.md).
|
||||
driver](/storage-drivers/inmemory).
|
||||
If you would like to run a registry from volatile memory, use the
|
||||
[`filesystem` driver](https://github.com/docker/docker.github.io/tree/master/registry/storage-drivers/filesystem.md)
|
||||
[`filesystem` driver](/storage-drivers/filesystem)
|
||||
on a ramdisk.
|
||||
|
||||
If you are deploying a registry on Windows, a Windows volume mounted from the
|
||||
|
@ -453,7 +453,7 @@ data-store. If you do use a Windows volume, the length of the `PATH` to
|
|||
the mount point must be within the `MAX_PATH` limits (typically 255 characters),
|
||||
or this error will occur:
|
||||
|
||||
```none
|
||||
```text
|
||||
mkdir /XXX protocol error and your registry will not function properly.
|
||||
```
|
||||
|
||||
|
@ -496,7 +496,7 @@ Use the `delete` structure to enable the deletion of image blobs and manifests
|
|||
by digest. It defaults to false, but it can be enabled by writing the following
|
||||
on the configuration file:
|
||||
|
||||
```none
|
||||
```yaml
|
||||
delete:
|
||||
enabled: true
|
||||
```
|
||||
|
@ -531,14 +531,14 @@ instance is aggressively caching.
|
|||
To disable redirects, add a single flag `disable`, set to `true`
|
||||
under the `redirect` section:
|
||||
|
||||
```none
|
||||
```yaml
|
||||
redirect:
|
||||
disable: true
|
||||
```
|
||||
|
||||
## `auth`
|
||||
|
||||
```none
|
||||
```yaml
|
||||
auth:
|
||||
silly:
|
||||
realm: silly-realm
|
||||
|
@ -593,7 +593,7 @@ security.
|
|||
|
||||
|
||||
For more information about Token based authentication configuration, see the
|
||||
[specification](spec/auth/token.md).
|
||||
[specification](/spec/auth/token).
|
||||
|
||||
### `htpasswd`
|
||||
|
||||
|
@ -601,7 +601,7 @@ The _htpasswd_ authentication backed allows you to configure basic
|
|||
authentication using an
|
||||
[Apache htpasswd file](https://httpd.apache.org/docs/2.4/programs/htpasswd.html).
|
||||
The only supported password format is
|
||||
[`bcrypt`](http://en.wikipedia.org/wiki/Bcrypt). Entries with other hash types
|
||||
[`bcrypt`](https://en.wikipedia.org/wiki/Bcrypt). Entries with other hash types
|
||||
are ignored. The `htpasswd` file is loaded once, at startup. If the file is
|
||||
invalid, the registry will display an error and will not start.
|
||||
|
||||
|
@ -629,7 +629,7 @@ object it is wrapping. For instance, a registry middleware must implement the
|
|||
This is an example configuration of the `cloudfront` middleware, a storage
|
||||
middleware:
|
||||
|
||||
```none
|
||||
```yaml
|
||||
middleware:
|
||||
registry:
|
||||
- name: ARegistryMiddleware
|
||||
|
@ -694,7 +694,7 @@ location of a proxy for the layer stored by the S3 storage driver.
|
|||
|
||||
## `http`
|
||||
|
||||
```none
|
||||
```yaml
|
||||
http:
|
||||
addr: localhost:5000
|
||||
net: tcp
|
||||
|
@ -834,7 +834,7 @@ to access proxy statistics. These statistics are exposed at `/debug/vars` in JSO
|
|||
|
||||
#### `prometheus`
|
||||
|
||||
```none
|
||||
```yaml
|
||||
prometheus:
|
||||
enabled: true
|
||||
path: /metrics
|
||||
|
@ -879,7 +879,7 @@ settings for the registry.
|
|||
|
||||
## `notifications`
|
||||
|
||||
```none
|
||||
```yaml
|
||||
notifications:
|
||||
events:
|
||||
includereferences: true
|
||||
|
@ -937,7 +937,7 @@ The `events` structure configures the information provided in event notification
|
|||
|
||||
## `redis`
|
||||
|
||||
```none
|
||||
```yaml
|
||||
redis:
|
||||
addr: localhost:6379
|
||||
password: asecret
|
||||
|
@ -974,7 +974,7 @@ registry does not set an expiration value on keys.
|
|||
|
||||
### `pool`
|
||||
|
||||
```none
|
||||
```yaml
|
||||
pool:
|
||||
maxidle: 16
|
||||
maxactive: 64
|
||||
|
@ -991,7 +991,7 @@ Use these settings to configure the behavior of the Redis connection pool.
|
|||
|
||||
### `tls`
|
||||
|
||||
```none
|
||||
```yaml
|
||||
tls:
|
||||
enabled: false
|
||||
```
|
||||
|
@ -1005,7 +1005,7 @@ Use these settings to configure Redis TLS.
|
|||
|
||||
## `health`
|
||||
|
||||
```none
|
||||
```yaml
|
||||
health:
|
||||
storagedriver:
|
||||
enabled: true
|
||||
|
@ -1090,7 +1090,7 @@ attempt fails, the health check will fail.
|
|||
|
||||
## `proxy`
|
||||
|
||||
```
|
||||
```yaml
|
||||
proxy:
|
||||
remoteurl: https://registry-1.docker.io
|
||||
username: [username]
|
||||
|
@ -1099,8 +1099,8 @@ proxy:
|
|||
```
|
||||
|
||||
The `proxy` structure allows a registry to be configured as a pull-through cache
|
||||
to Docker Hub. See
|
||||
[mirror](https://github.com/docker/docker.github.io/tree/master/registry/recipes/mirror.md)
|
||||
to Docker Hub. See
|
||||
[mirror](/recipes/mirror)
|
||||
for more information. Pushing to a registry configured as a pull-through cache
|
||||
is unsupported.
|
||||
|
||||
|
@ -1120,7 +1120,7 @@ username (such as `batman`) and the password for that username.
|
|||
|
||||
## `validation`
|
||||
|
||||
```none
|
||||
```yaml
|
||||
validation:
|
||||
manifests:
|
||||
urls:
|
||||
|
@ -1151,15 +1151,15 @@ If `allow` is unset, pushing a manifest containing URLs fails.
|
|||
If `allow` is set, pushing a manifest succeeds only if all URLs match
|
||||
one of the `allow` regular expressions **and** one of the following holds:
|
||||
|
||||
1. `deny` is unset.
|
||||
2. `deny` is set but no URLs within the manifest match any of the `deny` regular
|
||||
expressions.
|
||||
1. `deny` is unset.
|
||||
2. `deny` is set but no URLs within the manifest match any of the `deny` regular
|
||||
expressions.
|
||||
|
||||
## Example: Development configuration
|
||||
|
||||
You can use this simple example for local development:
|
||||
|
||||
```none
|
||||
```yaml
|
||||
version: 0.1
|
||||
log:
|
||||
level: debug
|
||||
|
@ -1183,10 +1183,9 @@ See
|
|||
for another simple configuration. Both examples are generally useful for local
|
||||
development.
|
||||
|
||||
|
||||
## Example: Middleware configuration
|
||||
|
||||
This example configures [Amazon Cloudfront](http://aws.amazon.com/cloudfront/)
|
||||
This example configures [Amazon Cloudfront](https://aws.amazon.com/cloudfront/)
|
||||
as the storage middleware in a registry. Middleware allows the registry to serve
|
||||
layers via a content delivery network (CDN). This reduces requests to the
|
||||
storage layer.
|
||||
|
@ -1195,7 +1194,7 @@ Cloudfront requires the S3 storage driver.
|
|||
|
||||
This is the configuration expressed in YAML:
|
||||
|
||||
```none
|
||||
```yaml
|
||||
middleware:
|
||||
storage:
|
||||
- name: cloudfront
|
||||
|
@ -1210,6 +1209,8 @@ middleware:
|
|||
See the configuration reference for [Cloudfront](#cloudfront) for more
|
||||
information about configuration options.
|
||||
|
||||
> **Note**: Cloudfront keys exist separately from other AWS keys. See
|
||||
> [the documentation on AWS credentials](http://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html)
|
||||
> for more information.
|
||||
{{< hint type=note >}}
|
||||
Cloudfront keys exist separately from other AWS keys. See
|
||||
[the documentation on AWS credentials](https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html)
|
||||
for more information.
|
||||
{{< /hint >}}
|
|
@ -9,7 +9,7 @@ A registry is an instance of the `registry` image, and runs within Docker.
|
|||
|
||||
This topic provides basic information about deploying and configuring a
|
||||
registry. For an exhaustive list of configuration options, see the
|
||||
[configuration reference](configuration.md).
|
||||
[configuration reference](../configuration).
|
||||
|
||||
If you have an air-gapped datacenter, see
|
||||
[Considerations for air-gapped registries](#considerations-for-air-gapped-registries).
|
||||
|
@ -27,7 +27,7 @@ The registry is now ready to use.
|
|||
> **Warning**: These first few examples show registry configurations that are
|
||||
> only appropriate for testing. A production-ready registry must be protected by
|
||||
> TLS and should ideally use an access-control mechanism. Keep reading and then
|
||||
> continue to the [configuration guide](configuration.md) to deploy a
|
||||
> continue to the [configuration guide](../configuration) to deploy a
|
||||
> production-ready registry.
|
||||
|
||||
## Copy an image from Docker Hub to your registry
|
||||
|
@ -38,40 +38,40 @@ as `my-ubuntu`, then pushes it to the local registry. Finally, the
|
|||
`ubuntu:16.04` and `my-ubuntu` images are deleted locally and the
|
||||
`my-ubuntu` image is pulled from the local registry.
|
||||
|
||||
1. Pull the `ubuntu:16.04` image from Docker Hub.
|
||||
1. Pull the `ubuntu:16.04` image from Docker Hub.
|
||||
|
||||
```console
|
||||
$ docker pull ubuntu:16.04
|
||||
```
|
||||
```console
|
||||
$ docker pull ubuntu:16.04
|
||||
```
|
||||
|
||||
2. Tag the image as `localhost:5000/my-ubuntu`. This creates an additional tag
|
||||
for the existing image. When the first part of the tag is a hostname and
|
||||
port, Docker interprets this as the location of a registry, when pushing.
|
||||
2. Tag the image as `localhost:5000/my-ubuntu`. This creates an additional tag
|
||||
for the existing image. When the first part of the tag is a hostname and
|
||||
port, Docker interprets this as the location of a registry, when pushing.
|
||||
|
||||
```console
|
||||
$ docker tag ubuntu:16.04 localhost:5000/my-ubuntu
|
||||
```
|
||||
```console
|
||||
$ docker tag ubuntu:16.04 localhost:5000/my-ubuntu
|
||||
```
|
||||
|
||||
3. Push the image to the local registry running at `localhost:5000`:
|
||||
3. Push the image to the local registry running at `localhost:5000`:
|
||||
|
||||
```console
|
||||
$ docker push localhost:5000/my-ubuntu
|
||||
```
|
||||
```console
|
||||
$ docker push localhost:5000/my-ubuntu
|
||||
```
|
||||
|
||||
4. Remove the locally-cached `ubuntu:16.04` and `localhost:5000/my-ubuntu`
|
||||
images, so that you can test pulling the image from your registry. This
|
||||
does not remove the `localhost:5000/my-ubuntu` image from your registry.
|
||||
4. Remove the locally-cached `ubuntu:16.04` and `localhost:5000/my-ubuntu`
|
||||
images, so that you can test pulling the image from your registry. This
|
||||
does not remove the `localhost:5000/my-ubuntu` image from your registry.
|
||||
|
||||
```console
|
||||
$ docker image remove ubuntu:16.04
|
||||
$ docker image remove localhost:5000/my-ubuntu
|
||||
```
|
||||
```console
|
||||
$ docker image remove ubuntu:16.04
|
||||
$ docker image remove localhost:5000/my-ubuntu
|
||||
```
|
||||
|
||||
5. Pull the `localhost:5000/my-ubuntu` image from your local registry.
|
||||
5. Pull the `localhost:5000/my-ubuntu` image from your local registry.
|
||||
|
||||
```console
|
||||
$ docker pull localhost:5000/my-ubuntu
|
||||
```
|
||||
```console
|
||||
$ docker pull localhost:5000/my-ubuntu
|
||||
```
|
||||
|
||||
## Stop a local registry
|
||||
|
||||
|
@ -94,7 +94,7 @@ To configure the container, you can pass additional or modified options to the
|
|||
`docker run` command.
|
||||
|
||||
The following sections provide basic guidelines for configuring your registry.
|
||||
For more details, see the [registry configuration reference](configuration.md).
|
||||
For more details, see the [registry configuration reference](../configuration).
|
||||
|
||||
### Start the registry automatically
|
||||
|
||||
|
@ -144,7 +144,7 @@ $ docker run -d \
|
|||
|
||||
### Customize the storage location
|
||||
|
||||
By default, your registry data is persisted as a [docker volume](../storage/volumes.md)
|
||||
By default, your registry data is persisted as a [docker volume](https://docs.docker.com/storage/volumes)
|
||||
on the host filesystem. If you want to store your registry contents at a specific
|
||||
location on your host filesystem, such as if you have an SSD or SAN mounted into
|
||||
a particular directory, you might decide to use a bind mount instead. A bind mount
|
||||
|
@ -166,8 +166,8 @@ $ docker run -d \
|
|||
By default, the registry stores its data on the local filesystem, whether you
|
||||
use a bind mount or a volume. You can store the registry data in an Amazon S3
|
||||
bucket, Google Cloud Platform, or on another storage back-end by using
|
||||
[storage drivers](./storage-drivers/index.md). For more information, see
|
||||
[storage configuration options](./configuration.md#storage).
|
||||
[storage drivers](/storage-drivers). For more information, see
|
||||
[storage configuration options](../configuration#storage).
|
||||
|
||||
## Run an externally-accessible registry
|
||||
|
||||
|
@ -190,48 +190,48 @@ These examples assume the following:
|
|||
If you have been issued an _intermediate_ certificate instead, see
|
||||
[use an intermediate certificate](#use-an-intermediate-certificate).
|
||||
|
||||
1. Create a `certs` directory.
|
||||
1. Create a `certs` directory.
|
||||
|
||||
```console
|
||||
$ mkdir -p certs
|
||||
```
|
||||
```console
|
||||
$ mkdir -p certs
|
||||
```
|
||||
|
||||
Copy the `.crt` and `.key` files from the CA into the `certs` directory.
|
||||
The following steps assume that the files are named `domain.crt` and
|
||||
`domain.key`.
|
||||
Copy the `.crt` and `.key` files from the CA into the `certs` directory.
|
||||
The following steps assume that the files are named `domain.crt` and
|
||||
`domain.key`.
|
||||
|
||||
2. Stop the registry if it is currently running.
|
||||
2. Stop the registry if it is currently running.
|
||||
|
||||
```console
|
||||
$ docker container stop registry
|
||||
```
|
||||
```console
|
||||
$ docker container stop registry
|
||||
```
|
||||
|
||||
3. Restart the registry, directing it to use the TLS certificate. This command
|
||||
bind-mounts the `certs/` directory into the container at `/certs/`, and sets
|
||||
environment variables that tell the container where to find the `domain.crt`
|
||||
and `domain.key` file. The registry runs on port 443, the default HTTPS port.
|
||||
3. Restart the registry, directing it to use the TLS certificate. This command
|
||||
bind-mounts the `certs/` directory into the container at `/certs/`, and sets
|
||||
environment variables that tell the container where to find the `domain.crt`
|
||||
and `domain.key` file. The registry runs on port 443, the default HTTPS port.
|
||||
|
||||
```console
|
||||
$ docker run -d \
|
||||
--restart=always \
|
||||
--name registry \
|
||||
-v "$(pwd)"/certs:/certs \
|
||||
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
|
||||
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
|
||||
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
|
||||
-p 443:443 \
|
||||
registry:2
|
||||
```
|
||||
```console
|
||||
$ docker run -d \
|
||||
--restart=always \
|
||||
--name registry \
|
||||
-v "$(pwd)"/certs:/certs \
|
||||
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
|
||||
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
|
||||
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
|
||||
-p 443:443 \
|
||||
registry:2
|
||||
```
|
||||
|
||||
4. Docker clients can now pull from and push to your registry using its
|
||||
external address. The following commands demonstrate this:
|
||||
4. Docker clients can now pull from and push to your registry using its
|
||||
external address. The following commands demonstrate this:
|
||||
|
||||
```console
|
||||
$ docker pull ubuntu:16.04
|
||||
$ docker tag ubuntu:16.04 myregistry.domain.com/my-ubuntu
|
||||
$ docker push myregistry.domain.com/my-ubuntu
|
||||
$ docker pull myregistry.domain.com/my-ubuntu
|
||||
```
|
||||
```console
|
||||
$ docker pull ubuntu:16.04
|
||||
$ docker tag ubuntu:16.04 myregistry.domain.com/my-ubuntu
|
||||
$ docker push myregistry.domain.com/my-ubuntu
|
||||
$ docker pull myregistry.domain.com/my-ubuntu
|
||||
```
|
||||
|
||||
#### Use an intermediate certificate
|
||||
|
||||
|
@ -252,23 +252,23 @@ The registry supports using Let's Encrypt to automatically obtain a
|
|||
browser-trusted certificate. For more information on Let's Encrypt, see
|
||||
[https://letsencrypt.org/how-it-works/](https://letsencrypt.org/how-it-works/)
|
||||
and the relevant section of the
|
||||
[registry configuration](configuration.md#letsencrypt).
|
||||
[registry configuration](../configuration#letsencrypt).
|
||||
|
||||
### Use an insecure registry (testing only)
|
||||
|
||||
It is possible to use a self-signed certificate, or to use our registry
|
||||
insecurely. Unless you have set up verification for your self-signed
|
||||
certificate, this is for testing only. See [run an insecure registry](insecure.md).
|
||||
certificate, this is for testing only. See [run an insecure registry](../insecure).
|
||||
|
||||
## Run the registry as a service
|
||||
|
||||
[Swarm services](../engine/swarm/services.md) provide several advantages over
|
||||
[Swarm services](https://docs.docker.com/engine/swarm/services) provide several advantages over
|
||||
standalone containers. They use a declarative model, which means that you define
|
||||
the desired state and Docker works to keep your service in that state. Services
|
||||
provide automatic load balancing scaling, and the ability to control the
|
||||
distribution of your service, among other advantages. Services also allow you to
|
||||
store sensitive data such as TLS certificates in
|
||||
[secrets](../engine/swarm/secrets.md).
|
||||
[secrets](https://docs.docker.com/engine/swarm/secrets).
|
||||
|
||||
The storage back-end you use determines whether you use a fully scaled service
|
||||
or a service with either only a single node or a node constraint.
|
||||
|
@ -342,9 +342,9 @@ The most important aspect is that a load balanced cluster of registries must
|
|||
share the same resources. For the current version of the registry, this means
|
||||
the following must be the same:
|
||||
|
||||
- Storage Driver
|
||||
- HTTP Secret
|
||||
- Redis Cache (if configured)
|
||||
- Storage Driver
|
||||
- HTTP Secret
|
||||
- Redis Cache (if configured)
|
||||
|
||||
Differences in any of the above cause problems serving requests.
|
||||
As an example, if you're using the filesystem driver, all registry instances
|
||||
|
@ -393,87 +393,89 @@ The simplest way to achieve access restriction is through basic authentication
|
|||
This example uses native basic authentication using `htpasswd` to store the
|
||||
secrets.
|
||||
|
||||
> **Warning**:
|
||||
> You **cannot** use authentication with authentication schemes that send
|
||||
> credentials as clear text. You must
|
||||
> [configure TLS first](deploying.md#run-an-externally-accessible-registry) for
|
||||
> authentication to work.
|
||||
{:.warning}
|
||||
{{< hint type=warning >}}
|
||||
You **cannot** use authentication with authentication schemes that send
|
||||
credentials as clear text. You must
|
||||
[configure TLS first](#run-an-externally-accessible-registry) for
|
||||
authentication to work.
|
||||
{{< /hint >}}
|
||||
|
||||
> **Warning**
|
||||
> The official registry image **only** supports htpasswd credentials in
|
||||
> bcrypt format, so if you omit the `-B` option when generating the credential
|
||||
> using htpasswd, all authentication attempts will fail.
|
||||
{:.warning}
|
||||
{{< hint type=warning >}}
|
||||
The distribution registry **only** supports htpasswd credentials in
|
||||
bcrypt format, so if you omit the `-B` option when generating the credential
|
||||
using htpasswd, all authentication attempts will fail.
|
||||
{{< /hint >}}
|
||||
|
||||
1. Create a password file with one entry for the user `testuser`, with password
|
||||
`testpassword`:
|
||||
1. Create a password file with one entry for the user `testuser`, with password
|
||||
`testpassword`:
|
||||
|
||||
```console
|
||||
$ mkdir auth
|
||||
$ docker run \
|
||||
--entrypoint htpasswd \
|
||||
httpd:2 -Bbn testuser testpassword > auth/htpasswd
|
||||
```
|
||||
```console
|
||||
$ mkdir auth
|
||||
$ docker run \
|
||||
--entrypoint htpasswd \
|
||||
httpd:2 -Bbn testuser testpassword > auth/htpasswd
|
||||
```
|
||||
|
||||
On Windows, make sure the output file is correctly encoded:
|
||||
On Windows, make sure the output file is correctly encoded:
|
||||
|
||||
```powershell
|
||||
docker run --rm --entrypoint htpasswd httpd:2 -Bbn testuser testpassword | Set-Content -Encoding ASCII auth/htpasswd
|
||||
```
|
||||
```powershell
|
||||
docker run --rm --entrypoint htpasswd httpd:2 -Bbn testuser testpassword | Set-Content -Encoding ASCII auth/htpasswd
|
||||
```
|
||||
|
||||
2. Stop the registry.
|
||||
2. Stop the registry.
|
||||
|
||||
```console
|
||||
$ docker container stop registry
|
||||
```
|
||||
```console
|
||||
$ docker container stop registry
|
||||
```
|
||||
|
||||
3. Start the registry with basic authentication.
|
||||
3. Start the registry with basic authentication.
|
||||
|
||||
```console
|
||||
$ docker run -d \
|
||||
-p 5000:5000 \
|
||||
--restart=always \
|
||||
--name registry \
|
||||
-v "$(pwd)"/auth:/auth \
|
||||
-e "REGISTRY_AUTH=htpasswd" \
|
||||
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
|
||||
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
|
||||
-v "$(pwd)"/certs:/certs \
|
||||
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
|
||||
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
|
||||
registry:2
|
||||
```
|
||||
```console
|
||||
$ docker run -d \
|
||||
-p 5000:5000 \
|
||||
--restart=always \
|
||||
--name registry \
|
||||
-v "$(pwd)"/auth:/auth \
|
||||
-e "REGISTRY_AUTH=htpasswd" \
|
||||
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
|
||||
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
|
||||
-v "$(pwd)"/certs:/certs \
|
||||
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
|
||||
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
|
||||
registry:2
|
||||
```
|
||||
|
||||
4. Try to pull an image from the registry, or push an image to the registry.
|
||||
These commands fail.
|
||||
4. Try to pull an image from the registry, or push an image to the registry.
|
||||
These commands fail.
|
||||
|
||||
5. Log in to the registry.
|
||||
5. Log in to the registry.
|
||||
|
||||
```console
|
||||
$ docker login myregistrydomain.com:5000
|
||||
```
|
||||
```console
|
||||
$ docker login myregistrydomain.com:5000
|
||||
```
|
||||
|
||||
Provide the username and password from the first step.
|
||||
Provide the username and password from the first step.
|
||||
|
||||
Test that you can now pull an image from the registry or push an image to
|
||||
the registry.
|
||||
Test that you can now pull an image from the registry or push an image to
|
||||
the registry.
|
||||
|
||||
> **X509 errors**: X509 errors usually indicate that you are attempting to use
|
||||
> a self-signed certificate without configuring the Docker daemon correctly.
|
||||
> See [run an insecure registry](insecure.md).
|
||||
{{< hint type=note title="X509 errors" >}}
|
||||
X509 errors usually indicate that you are attempting to use
|
||||
a self-signed certificate without configuring the Docker daemon correctly.
|
||||
See [run an insecure registry](../insecure).
|
||||
{{< /hint >}}
|
||||
|
||||
### More advanced authentication
|
||||
|
||||
You may want to leverage more advanced basic auth implementations by using a
|
||||
proxy in front of the registry. See the [recipes list](recipes/index.md).
|
||||
proxy in front of the registry. See the [recipes list](/recipes/).
|
||||
|
||||
The registry also supports delegated authentication which redirects users to a
|
||||
specific trusted token server. This approach is more complicated to set up, and
|
||||
only makes sense if you need to fully configure ACLs and need more control over
|
||||
the registry's integration into your global authorization and authentication
|
||||
systems. Refer to the following [background information](spec/auth/token.md) and
|
||||
[configuration information here](configuration.md#auth).
|
||||
systems. Refer to the following [background information](/spec/auth/token) and
|
||||
[configuration information here](../configuration#auth).
|
||||
|
||||
This approach requires you to implement your own authentication system or
|
||||
leverage a third-party implementation.
|
||||
|
@ -537,41 +539,42 @@ following:
|
|||
You are responsible for ensuring that you are in compliance with the terms of
|
||||
use for non-distributable layers.
|
||||
|
||||
1. Edit the `daemon.json` file, which is located in `/etc/docker/` on Linux
|
||||
hosts and `C:\ProgramData\docker\config\daemon.json` on Windows Server.
|
||||
Assuming the file was previously empty, add the following contents:
|
||||
1. Edit the `daemon.json` file, which is located in `/etc/docker/` on Linux
|
||||
hosts and `C:\ProgramData\docker\config\daemon.json` on Windows Server.
|
||||
Assuming the file was previously empty, add the following contents:
|
||||
|
||||
```json
|
||||
{
|
||||
"allow-nondistributable-artifacts": ["myregistrydomain.com:5000"]
|
||||
}
|
||||
```
|
||||
```json
|
||||
{
|
||||
"allow-nondistributable-artifacts": ["myregistrydomain.com:5000"]
|
||||
}
|
||||
```
|
||||
|
||||
The value is an array of registry addresses, separated by commas.
|
||||
The value is an array of registry addresses, separated by commas.
|
||||
|
||||
Save and exit the file.
|
||||
Save and exit the file.
|
||||
|
||||
2. Restart Docker.
|
||||
2. Restart Docker.
|
||||
|
||||
3. Restart the registry if it does not start automatically.
|
||||
3. Restart the registry if it does not start automatically.
|
||||
|
||||
4. When you push images to the registries in the list, their
|
||||
non-distributable layers are pushed to the registry.
|
||||
|
||||
> **Warning**: Non-distributable artifacts typically have restrictions on
|
||||
> how and where they can be distributed and shared. Only use this feature
|
||||
> to push artifacts to private registries and ensure that you are in
|
||||
> compliance with any terms that cover redistributing non-distributable
|
||||
> artifacts.
|
||||
4. When you push images to the registries in the list, their
|
||||
non-distributable layers are pushed to the registry.
|
||||
|
||||
{{< hint type=warning >}}
|
||||
Non-distributable artifacts typically have restrictions on
|
||||
how and where they can be distributed and shared. Only use this feature
|
||||
to push artifacts to private registries and ensure that you are in
|
||||
compliance with any terms that cover redistributing non-distributable
|
||||
artifacts.
|
||||
{{< /hint >}}
|
||||
|
||||
## Next steps
|
||||
|
||||
More specific and advanced information is available in the following sections:
|
||||
|
||||
- [Configuration reference](configuration.md)
|
||||
- [Working with notifications](notifications.md)
|
||||
- [Advanced "recipes"](recipes/index.md)
|
||||
- [Registry API](spec/api.md)
|
||||
- [Storage driver model](storage-drivers/index.md)
|
||||
- [Token authentication](spec/auth/token.md)
|
||||
- [Configuration reference](../configuration)
|
||||
- [Working with notifications](../notifications)
|
||||
- [Advanced "recipes"](/recipes)
|
||||
- [Registry API](/spec/api)
|
||||
- [Storage driver model](/storage-drivers)
|
||||
- [Token authentication](/spec/auth/token)
|
|
@ -9,7 +9,7 @@ This document describes what this command does and how and why it should be used
|
|||
|
||||
## About garbage collection
|
||||
|
||||
In the context of the Docker registry, garbage collection is the process of
|
||||
In the context of the registry, garbage collection is the process of
|
||||
removing blobs from the filesystem when they are no longer referenced by a
|
||||
manifest. Blobs can include both layers and manifests.
|
||||
|
||||
|
@ -21,15 +21,15 @@ that certain layers no longer exist on the filesystem.
|
|||
|
||||
Filesystem layers are stored by their content address in the Registry. This
|
||||
has many advantages, one of which is that data is stored once and referred to by manifests.
|
||||
See [here](compatibility.md#content-addressable-storage-cas) for more details.
|
||||
See [here](../compatibility#content-addressable-storage-cas) for more details.
|
||||
|
||||
Layers are therefore shared amongst manifests; each manifest maintains a reference
|
||||
to the layer. As long as a layer is referenced by one manifest, it cannot be garbage
|
||||
collected.
|
||||
|
||||
Manifests and layers can be `deleted` with the registry API (refer to the API
|
||||
documentation [here](spec/api.md#deleting-a-layer) and
|
||||
[here](spec/api.md#deleting-an-image) for details). This API removes references
|
||||
documentation [here](/spec/api#deleting-a-layer) and
|
||||
[here](/spec/api#deleting-an-image) for details). This API removes references
|
||||
to the target and makes them eligible for garbage collection. It also makes them
|
||||
unable to be read via the API.
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
published: false
|
||||
draft: true
|
||||
---
|
||||
|
||||
# Glossary
|
||||
|
@ -17,7 +17,7 @@ This page contains definitions for distribution related terms.
|
|||
|
||||
<dt id="image"><h4>Image</h4></dt>
|
||||
<dd>
|
||||
<blockquote>An image is a named set of immutable data from which a Docker container can be created.</blockquote>
|
||||
<blockquote>An image is a named set of immutable data from which a container can be created.</blockquote>
|
||||
<p>
|
||||
An image is represented by a json file called a <a href="#manifest">manifest</a>, and is conceptually a set of <a href="#layer">layers</a>.
|
||||
|
||||
|
@ -45,7 +45,7 @@ This page contains definitions for distribution related terms.
|
|||
</dd>
|
||||
|
||||
<dt id="registry"><h4>Registry</h4></dt>
|
||||
<dd><blockquote>A registry is a service that let you store and deliver <a href="#images">images</a>.</blockquote>
|
||||
<dd><blockquote>A registry is a service that let you store and deliver <a href="#images">images</a> and other content.</blockquote>
|
||||
</dd>
|
||||
|
||||
<dt id="registry"><h4>Repository</h4></dt>
|
|
@ -10,5 +10,3 @@ If you want to report a bug:
|
|||
|
||||
- be sure to first read about [how to contribute](https://github.com/distribution/distribution/blob/master/CONTRIBUTING.md).
|
||||
- you can then do so on the [GitHub project bugtracker](https://github.com/distribution/distribution/issues).
|
||||
|
||||
You can also find out more about the Docker's project [Getting Help resources](../opensource/ways.md).
|
|
@ -11,96 +11,96 @@ involves security trade-offs and additional configuration steps.
|
|||
|
||||
## Deploy a plain HTTP registry
|
||||
|
||||
> **Warning**:
|
||||
> It's not possible to use an insecure registry with basic authentication.
|
||||
{:.warning}
|
||||
{{< hint type=warning >}}
|
||||
It's not possible to use an insecure registry with basic authentication.
|
||||
{{< /hint >}}
|
||||
|
||||
This procedure configures Docker to entirely disregard security for your
|
||||
registry. This is **very** insecure and is not recommended. It exposes your
|
||||
registry to trivial man-in-the-middle (MITM) attacks. Only use this solution for
|
||||
isolated testing or in a tightly controlled, air-gapped environment.
|
||||
|
||||
1. Edit the `daemon.json` file, whose default location is
|
||||
`/etc/docker/daemon.json` on Linux or
|
||||
`C:\ProgramData\docker\config\daemon.json` on Windows Server. If you use
|
||||
Docker Desktop for Mac or Docker Desktop for Windows, click the Docker icon, choose
|
||||
**Preferences** (Mac) or **Settings** (Windows), and choose **Docker Engine**.
|
||||
1. Edit the `daemon.json` file, whose default location is
|
||||
`/etc/docker/daemon.json` on Linux or
|
||||
`C:\ProgramData\docker\config\daemon.json` on Windows Server. If you use
|
||||
Docker Desktop for Mac or Docker Desktop for Windows, click the Docker icon, choose
|
||||
**Preferences** (Mac) or **Settings** (Windows), and choose **Docker Engine**.
|
||||
|
||||
If the `daemon.json` file does not exist, create it. Assuming there are no
|
||||
other settings in the file, it should have the following contents:
|
||||
If the `daemon.json` file does not exist, create it. Assuming there are no
|
||||
other settings in the file, it should have the following contents:
|
||||
|
||||
```json
|
||||
{
|
||||
"insecure-registries" : ["myregistrydomain.com:5000"]
|
||||
}
|
||||
```
|
||||
```json
|
||||
{
|
||||
"insecure-registries" : ["myregistrydomain.com:5000"]
|
||||
}
|
||||
```
|
||||
|
||||
Substitute the address of your insecure registry for the one in the example.
|
||||
Substitute the address of your insecure registry for the one in the example.
|
||||
|
||||
With insecure registries enabled, Docker goes through the following steps:
|
||||
With insecure registries enabled, Docker goes through the following steps:
|
||||
|
||||
- First, try using HTTPS.
|
||||
- If HTTPS is available but the certificate is invalid, ignore the error
|
||||
about the certificate.
|
||||
- If HTTPS is not available, fall back to HTTP.
|
||||
- First, try using HTTPS.
|
||||
|
||||
- If HTTPS is available but the certificate is invalid, ignore the error
|
||||
about the certificate.
|
||||
|
||||
- If HTTPS is not available, fall back to HTTP.
|
||||
|
||||
|
||||
2. Restart Docker for the changes to take effect.
|
||||
|
||||
|
||||
Repeat these steps on every Engine host that wants to access your registry.
|
||||
|
||||
|
||||
## Use self-signed certificates
|
||||
|
||||
> **Warning**:
|
||||
> Using this along with basic authentication requires to **also** trust the certificate into the OS cert store for some versions of docker (see below)
|
||||
{:.warning}
|
||||
{{< hint type=warning >}}
|
||||
Using this along with basic authentication requires to **also** trust the certificate into the OS cert store for some versions of docker (see below)
|
||||
{{< /hint >}}
|
||||
|
||||
This is more secure than the insecure registry solution.
|
||||
|
||||
1. Generate your own certificate:
|
||||
1. Generate your own certificate:
|
||||
|
||||
```console
|
||||
$ mkdir -p certs
|
||||
```console
|
||||
$ mkdir -p certs
|
||||
|
||||
$ openssl req \
|
||||
-newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
|
||||
-addext "subjectAltName = DNS:myregistry.domain.com" \
|
||||
-x509 -days 365 -out certs/domain.crt
|
||||
```
|
||||
$ openssl req \
|
||||
-newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
|
||||
-addext "subjectAltName = DNS:myregistry.domain.com" \
|
||||
-x509 -days 365 -out certs/domain.crt
|
||||
```
|
||||
|
||||
Be sure to use the name `myregistry.domain.com` as a CN.
|
||||
Be sure to use the name `myregistry.domain.com` as a CN.
|
||||
|
||||
2. Use the result to [start your registry with TLS enabled](./deploying.md#get-a-certificate).
|
||||
2. Use the result to [start your registry with TLS enabled](../deploying#get-a-certificate).
|
||||
|
||||
3. Instruct every Docker daemon to trust that certificate. The way to do this
|
||||
depends on your OS.
|
||||
3. Instruct every Docker daemon to trust that certificate. The way to do this
|
||||
depends on your OS.
|
||||
|
||||
- **Linux**: Copy the `domain.crt` file to
|
||||
`/etc/docker/certs.d/myregistrydomain.com:5000/ca.crt` on every Docker
|
||||
host. You do not need to restart Docker.
|
||||
- **Linux**: Copy the `domain.crt` file to
|
||||
`/etc/docker/certs.d/myregistrydomain.com:5000/ca.crt` on every Docker
|
||||
host. You do not need to restart Docker.
|
||||
|
||||
- **Windows Server**:
|
||||
- **Windows Server**:
|
||||
|
||||
1. Open Windows Explorer, right-click the `domain.crt`
|
||||
file, and choose Install certificate. When prompted, select the following
|
||||
options:
|
||||
1. Open Windows Explorer, right-click the `domain.crt`
|
||||
file, and choose Install certificate. When prompted, select the following
|
||||
options:
|
||||
|
||||
| Store location | local machine |
|
||||
| Place all certificates in the following store | selected |
|
||||
| Store location | local machine |
|
||||
| Place all certificates in the following store | selected |
|
||||
|
||||
2. Click **Browser** and select **Trusted Root Certificate Authorities**.
|
||||
2. Click **Browser** and select **Trusted Root Certificate Authorities**.
|
||||
|
||||
3. Click **Finish**. Restart Docker.
|
||||
3. Click **Finish**. Restart Docker.
|
||||
|
||||
- **Docker Desktop for Mac**: Follow the instructions in
|
||||
[Adding custom CA certificates](../desktop/mac/index.md#add-tls-certificates){: target="_blank" rel="noopener" class="_"}.
|
||||
Restart Docker.
|
||||
- **Docker Desktop for Mac**: Follow the instructions in
|
||||
[Adding custom CA certificates](https://docs.docker.com/desktop/mac/#add-tls-certificates).
|
||||
Restart Docker.
|
||||
|
||||
- **Docker Desktop for Windows**: Follow the instructions in
|
||||
[Adding custom CA certificates](../desktop/windows/index.md#adding-tls-certificates){: target="_blank" rel="noopener" class="_"}.
|
||||
Restart Docker.
|
||||
- **Docker Desktop for Windows**: Follow the instructions in
|
||||
[Adding custom CA certificates](https://docs.docker.com/desktop/windows/#adding-tls-certificates).
|
||||
Restart Docker.
|
||||
|
||||
|
||||
## Troubleshoot insecure registry
|
|
@ -8,9 +8,9 @@ The Registry supports sending webhook notifications in response to events
|
|||
happening within the registry. Notifications are sent in response to manifest
|
||||
pushes and pulls and layer pushes and pulls. These actions are serialized into
|
||||
events. The events are queued into a registry-internal broadcast system which
|
||||
queues and dispatches events to [_Endpoints_](notifications.md#endpoints).
|
||||
queues and dispatches events to [_Endpoints_](#endpoints).
|
||||
|
||||
![Workflow of registry notifications](images/notifications.png)
|
||||
![Workflow of registry notifications](/images/notifications.png)
|
||||
|
||||
## Endpoints
|
||||
|
||||
|
@ -45,7 +45,7 @@ The above would configure the registry with an endpoint to send events to
|
|||
5 failures happen consecutively, the registry backs off for 1 second before
|
||||
trying again.
|
||||
|
||||
For details on the fields, see the [configuration documentation](configuration.md#notifications).
|
||||
For details on the fields, see the [configuration documentation](../configuration/#notifications).
|
||||
|
||||
A properly configured endpoint should lead to a log message from the registry
|
||||
upon startup:
|
|
@ -9,7 +9,7 @@ These recipes are not useful for most standard set-ups.
|
|||
|
||||
## Requirements
|
||||
|
||||
Before following these steps, work through the [deployment guide](../deploying.md).
|
||||
Before following these steps, work through the [deployment guide](../about/deploying).
|
||||
|
||||
At this point, it's assumed that:
|
||||
|
||||
|
@ -21,8 +21,8 @@ At this point, it's assumed that:
|
|||
|
||||
## The List
|
||||
|
||||
* [using Apache as an authenticating proxy](apache.md)
|
||||
* [using Nginx as an authenticating proxy](nginx.md)
|
||||
* [running a Registry on macOS](osx-setup-guide.md)
|
||||
* [mirror the Docker Hub](mirror.md)
|
||||
* [start registry via systemd](systemd.md)
|
||||
* [using Apache as an authenticating proxy](apache)
|
||||
* [using Nginx as an authenticating proxy](nginx)
|
||||
* [running a Registry on macOS](osx-setup-guide)
|
||||
* [mirror the Docker Hub](mirror)
|
||||
* [start registry via systemd](systemd)
|
|
@ -12,7 +12,7 @@ Usually, that includes enterprise setups using LDAP/AD on the backend and a SSO
|
|||
|
||||
### Alternatives
|
||||
|
||||
If you just want authentication for your registry, and are happy maintaining users access separately, you should really consider sticking with the native [basic auth registry feature](../deploying.md#native-basic-auth).
|
||||
If you just want authentication for your registry, and are happy maintaining users access separately, you should really consider sticking with the native [basic auth registry feature](/about/deploying#native-basic-auth).
|
||||
|
||||
### Solution
|
||||
|
||||
|
@ -30,13 +30,13 @@ Furthermore, introducing an extra http layer in your communication pipeline adds
|
|||
|
||||
## Setting things up
|
||||
|
||||
Read again [the requirements](index.md#requirements).
|
||||
Read again [the requirements](../#requirements).
|
||||
|
||||
Ready?
|
||||
|
||||
Run the following script:
|
||||
|
||||
```
|
||||
```sh
|
||||
mkdir -p auth
|
||||
mkdir -p data
|
||||
|
||||
|
@ -191,19 +191,27 @@ EOF
|
|||
|
||||
Now, start your stack:
|
||||
|
||||
docker-compose up -d
|
||||
```console
|
||||
$ docker-compose up -d
|
||||
```
|
||||
|
||||
Log in with a "push" authorized user (using `testuserpush` and `testpasswordpush`), then tag and push your first image:
|
||||
|
||||
docker login myregistrydomain.com:5043
|
||||
docker tag ubuntu myregistrydomain.com:5043/test
|
||||
docker push myregistrydomain.com:5043/test
|
||||
```console
|
||||
$ docker login myregistrydomain.com:5043
|
||||
$ docker tag ubuntu myregistrydomain.com:5043/test
|
||||
$ docker push myregistrydomain.com:5043/test
|
||||
```
|
||||
|
||||
Now, log in with a "pull-only" user (using `testuser` and `testpassword`), then pull back the image:
|
||||
|
||||
docker login myregistrydomain.com:5043
|
||||
docker pull myregistrydomain.com:5043/test
|
||||
```console
|
||||
$ docker login myregistrydomain.com:5043
|
||||
$ docker pull myregistrydomain.com:5043/test
|
||||
```
|
||||
|
||||
Verify that the "pull-only" can NOT push:
|
||||
|
||||
docker push myregistrydomain.com:5043/test
|
||||
```console
|
||||
$ docker push myregistrydomain.com:5043/test
|
||||
```
|
|
@ -2,22 +2,16 @@
|
|||
description: Setting-up a local mirror for Docker Hub images
|
||||
keywords: registry, on-prem, images, tags, repository, distribution, mirror, Hub, recipe, advanced
|
||||
title: Registry as a pull through cache
|
||||
redirect_from:
|
||||
- /engine/admin/registry_mirror/
|
||||
---
|
||||
|
||||
## Use-case
|
||||
|
||||
If you have multiple instances of Docker running in your environment, such as
|
||||
multiple physical or virtual machines all running Docker, each daemon goes out
|
||||
to the internet and fetches an image it doesn't have locally, from the Docker
|
||||
repository. You can run a local registry mirror and point all your daemons
|
||||
If you have multiple consumers of containers running in your environment, such as
|
||||
multiple physical or virtual machines using containers, or a Kubernetes cluster,
|
||||
each cunsumer fetches an images it doesn't have locally, from the external registry.
|
||||
You can run a local registry mirror and point all your consumers
|
||||
there, to avoid this extra internet traffic.
|
||||
|
||||
> **Note**
|
||||
>
|
||||
> Docker Official Images are an intellectual property of Docker.
|
||||
|
||||
### Alternatives
|
||||
|
||||
Alternatively, if the set of images you are using is well delimited, you can
|
||||
|
@ -88,7 +82,8 @@ but this property does not hold true for a registry cache cluster.
|
|||
|
||||
> **Note**
|
||||
>
|
||||
> Service accounts included in the Team plan are limited to 5,000 pulls per day. See [Service Accounts](/docker-hub/service-accounts/) for more details.
|
||||
> Service accounts included in the Team plan are limited to 5,000 pulls per day.
|
||||
> See [Service Accounts](https://docs.docker.com/docker-hub/service-accounts/) for more details.
|
||||
|
||||
### Configure the cache
|
||||
|
||||
|
@ -113,12 +108,12 @@ proxy:
|
|||
|
||||
> **Warning**: For the scheduler to clean up old entries, `delete` must
|
||||
> be enabled in the registry configuration. See
|
||||
> [Registry Configuration](../configuration.md) for more details.
|
||||
> [Registry Configuration](/about/configuration) for more details.
|
||||
|
||||
### Configure the Docker daemon
|
||||
|
||||
Either pass the `--registry-mirror` option when starting `dockerd` manually,
|
||||
or edit [`/etc/docker/daemon.json`](../../engine/reference/commandline/dockerd.md#daemon-configuration-file)
|
||||
or edit [`/etc/docker/daemon.json`](https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file)
|
||||
and add the `registry-mirrors` key and value, to make the change persistent.
|
||||
|
||||
```json
|
207
docs/content/recipes/nginx.md
Normal file
|
@ -0,0 +1,207 @@
|
|||
---
|
||||
description: Restricting access to your registry using a nginx proxy
|
||||
keywords: registry, on-prem, images, tags, repository, distribution, nginx, proxy, authentication, TLS, recipe, advanced
|
||||
title: Authenticate proxy with nginx
|
||||
---
|
||||
|
||||
## Use-case
|
||||
|
||||
People already relying on a nginx proxy to authenticate their users to other
|
||||
services might want to leverage it and have Registry communications tunneled
|
||||
through the same pipeline.
|
||||
|
||||
Usually, that includes enterprise setups using LDAP/AD on the backend and a SSO
|
||||
mechanism fronting their internal http portal.
|
||||
|
||||
### Alternatives
|
||||
|
||||
If you just want authentication for your registry, and are happy maintaining
|
||||
users access separately, you should really consider sticking with the native
|
||||
[basic auth registry feature](/about/deploying#native-basic-auth).
|
||||
|
||||
### Solution
|
||||
|
||||
With the method presented here, you implement basic authentication for docker
|
||||
engines in a reverse proxy that sits in front of your registry.
|
||||
|
||||
While we use a simple htpasswd file as an example, any other nginx
|
||||
authentication backend should be fairly easy to implement once you are done with
|
||||
the example.
|
||||
|
||||
We also implement push restriction (to a limited user group) for the sake of the
|
||||
example. Again, you should modify this to fit your mileage.
|
||||
|
||||
### Gotchas
|
||||
|
||||
While this model gives you the ability to use whatever authentication backend
|
||||
you want through the secondary authentication mechanism implemented inside your
|
||||
proxy, it also requires that you move TLS termination from the Registry to the
|
||||
proxy itself.
|
||||
|
||||
> **Note**: It is not recommended to bind your registry to `localhost:5000` without
|
||||
> authentication. This creates a potential loophole in your registry security.
|
||||
> As a result, anyone who can log on to the server where your registry is running
|
||||
> can push images without authentication.
|
||||
|
||||
Furthermore, introducing an extra http layer in your communication pipeline
|
||||
makes it more complex to deploy, maintain, and debug. Make sure the extra
|
||||
complexity is required.
|
||||
|
||||
For instance, Amazon's Elastic Load Balancer (ELB) in HTTPS mode already sets
|
||||
the following client header:
|
||||
|
||||
```none
|
||||
X-Real-IP
|
||||
X-Forwarded-For
|
||||
X-Forwarded-Proto
|
||||
```
|
||||
|
||||
So if you have an Nginx instance sitting behind it, remove these lines from the
|
||||
example config below:
|
||||
|
||||
```none
|
||||
proxy_set_header Host $http_host; # required for docker client's sake
|
||||
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
```
|
||||
|
||||
Otherwise Nginx resets the ELB's values, and the requests are not routed
|
||||
properly. For more information, see
|
||||
[#970](https://github.com/distribution/distribution/issues/970).
|
||||
|
||||
## Setting things up
|
||||
|
||||
Review the [requirements](../#requirements), then follow these steps.
|
||||
|
||||
1. Create the required directories
|
||||
|
||||
```console
|
||||
$ mkdir -p auth data
|
||||
```
|
||||
|
||||
2. Create the main nginx configuration. Paste this code block into a new file called `auth/nginx.conf`:
|
||||
|
||||
```conf
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
|
||||
upstream docker-registry {
|
||||
server registry:5000;
|
||||
}
|
||||
|
||||
## Set a variable to help us decide if we need to add the
|
||||
## 'Docker-Distribution-Api-Version' header.
|
||||
## The registry always sets this header.
|
||||
## In the case of nginx performing auth, the header is unset
|
||||
## since nginx is auth-ing before proxying.
|
||||
map $upstream_http_docker_distribution_api_version $docker_distribution_api_version {
|
||||
'' 'registry/2.0';
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name myregistrydomain.com;
|
||||
|
||||
# SSL
|
||||
ssl_certificate /etc/nginx/conf.d/domain.crt;
|
||||
ssl_certificate_key /etc/nginx/conf.d/domain.key;
|
||||
|
||||
# Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
|
||||
ssl_protocols TLSv1.1 TLSv1.2;
|
||||
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
|
||||
# disable any limits to avoid HTTP 413 for large image uploads
|
||||
client_max_body_size 0;
|
||||
|
||||
# required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486)
|
||||
chunked_transfer_encoding on;
|
||||
|
||||
location /v2/ {
|
||||
# Do not allow connections from docker 1.5 and earlier
|
||||
# docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
|
||||
if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
|
||||
return 404;
|
||||
}
|
||||
|
||||
# To add basic authentication to v2 use auth_basic setting.
|
||||
auth_basic "Registry realm";
|
||||
auth_basic_user_file /etc/nginx/conf.d/nginx.htpasswd;
|
||||
|
||||
## If $docker_distribution_api_version is empty, the header is not added.
|
||||
## See the map directive above where this variable is defined.
|
||||
add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;
|
||||
|
||||
proxy_pass http://docker-registry;
|
||||
proxy_set_header Host $http_host; # required for docker client's sake
|
||||
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_read_timeout 900;
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
3. Create a password file `auth/nginx.htpasswd` for "testuser" and "testpassword".
|
||||
|
||||
```console
|
||||
$ docker run --rm --entrypoint htpasswd registry:2 -Bbn testuser testpassword > auth/nginx.htpasswd
|
||||
```
|
||||
|
||||
> **Note**: If you do not want to use `bcrypt`, you can omit the `-B` parameter.
|
||||
|
||||
4. Copy your certificate files to the `auth/` directory.
|
||||
|
||||
```console
|
||||
$ cp domain.crt auth
|
||||
$ cp domain.key auth
|
||||
```
|
||||
|
||||
5. Create the compose file. Paste the following YAML into a new file called `docker-compose.yml`.
|
||||
|
||||
```yaml
|
||||
version: "3"
|
||||
|
||||
services:
|
||||
nginx:
|
||||
# Note : Only nginx:alpine supports bcrypt.
|
||||
# If you don't need to use bcrypt, you can use a different tag.
|
||||
# Ref. https://github.com/nginxinc/docker-nginx/issues/29
|
||||
image: "nginx:alpine"
|
||||
ports:
|
||||
- 5043:443
|
||||
depends_on:
|
||||
- registry
|
||||
volumes:
|
||||
- ./auth:/etc/nginx/conf.d
|
||||
- ./auth/nginx.conf:/etc/nginx/nginx.conf:ro
|
||||
|
||||
registry:
|
||||
image: registry:2
|
||||
volumes:
|
||||
- ./data:/var/lib/registry
|
||||
```
|
||||
|
||||
## Starting and stopping
|
||||
|
||||
Now, start your stack:
|
||||
|
||||
```consonle
|
||||
$ docker-compose up -d
|
||||
```
|
||||
|
||||
Login with a "push" authorized user (using `testuser` and `testpassword`), then
|
||||
tag and push your first image:
|
||||
|
||||
```console
|
||||
$ docker login -u=testuser -p=testpassword -e=root@example.ch myregistrydomain.com:5043
|
||||
$ docker tag ubuntu myregistrydomain.com:5043/test
|
||||
$ docker push myregistrydomain.com:5043/test
|
||||
$ docker pull myregistrydomain.com:5043/test
|
||||
```
|
|
@ -26,49 +26,65 @@ If you know, safely skip to the next section.
|
|||
|
||||
If you don't, the TLDR is:
|
||||
|
||||
bash < <(curl -s -S -L https://raw.githubusercontent.com/moovweb/gvm/master/binscripts/gvm-installer)
|
||||
source ~/.gvm/scripts/gvm
|
||||
gvm install go1.4.2
|
||||
gvm use go1.4.2
|
||||
```console
|
||||
$ bash < <(curl -s -S -L https://raw.githubusercontent.com/moovweb/gvm/master/binscripts/gvm-installer)
|
||||
$ source ~/.gvm/scripts/gvm
|
||||
$ gvm install go1.4.2
|
||||
$ gvm use go1.4.2
|
||||
```
|
||||
|
||||
If you want to understand, you should read [How to Write Go Code](https://golang.org/doc/code.html).
|
||||
|
||||
## Checkout the source tree
|
||||
|
||||
mkdir -p $GOPATH/src/github.com/distribution
|
||||
git clone https://github.com/distribution/distribution.git $GOPATH/src/github.com/distribution/distribution
|
||||
cd $GOPATH/src/github.com/distribution/distribution
|
||||
```console
|
||||
$ mkdir -p $GOPATH/src/github.com/distribution
|
||||
$ git clone https://github.com/distribution/distribution.git $GOPATH/src/github.com/distribution/distribution
|
||||
$ cd $GOPATH/src/github.com/distribution/distribution
|
||||
```
|
||||
|
||||
## Build the binary
|
||||
|
||||
GOPATH=$(PWD)/Godeps/_workspace:$GOPATH make binaries
|
||||
sudo mkdir -p /usr/local/libexec
|
||||
sudo cp bin/registry /usr/local/libexec/registry
|
||||
```console
|
||||
$ GOPATH=$(PWD)/Godeps/_workspace:$GOPATH make binaries
|
||||
$ sudo mkdir -p /usr/local/libexec
|
||||
$ sudo cp bin/registry /usr/local/libexec/registry
|
||||
```
|
||||
|
||||
## Setup
|
||||
|
||||
Copy the registry configuration file in place:
|
||||
|
||||
mkdir /Users/Shared/Registry
|
||||
cp docs/osx/config.yml /Users/Shared/Registry/config.yml
|
||||
```console
|
||||
$ mkdir /Users/Shared/Registry
|
||||
$ cp docs/osx/config.yml /Users/Shared/Registry/config.yml
|
||||
```
|
||||
|
||||
## Run the registry under launchd
|
||||
|
||||
Copy the registry plist into place:
|
||||
|
||||
plutil -lint docs/recipes/osx/com.docker.registry.plist
|
||||
cp docs/recipes/osx/com.docker.registry.plist ~/Library/LaunchAgents/
|
||||
chmod 644 ~/Library/LaunchAgents/com.docker.registry.plist
|
||||
```console
|
||||
$ plutil -lint docs/recipes/osx/com.docker.registry.plist
|
||||
$ cp docs/recipes/osx/com.docker.registry.plist ~/Library/LaunchAgents/
|
||||
$ chmod 644 ~/Library/LaunchAgents/com.docker.registry.plist
|
||||
```
|
||||
|
||||
Start the registry:
|
||||
|
||||
launchctl load ~/Library/LaunchAgents/com.docker.registry.plist
|
||||
```console
|
||||
$ launchctl load ~/Library/LaunchAgents/com.docker.registry.plist
|
||||
```
|
||||
|
||||
### Restart the registry service
|
||||
|
||||
launchctl stop com.docker.registry
|
||||
launchctl start com.docker.registry
|
||||
```console
|
||||
$ launchctl stop com.docker.registry
|
||||
$ launchctl start com.docker.registry
|
||||
```
|
||||
|
||||
### Unload the registry service
|
||||
|
||||
launchctl unload ~/Library/LaunchAgents/com.docker.registry.plist
|
||||
```console
|
||||
$ launchctl unload ~/Library/LaunchAgents/com.docker.registry.plist
|
||||
```
|
|
@ -7,8 +7,9 @@ title: Start registry via systemd
|
|||
## Use-case
|
||||
|
||||
Using systemd to manage containers can make service discovery and maintenance easier
|
||||
by managining all services in the same way. Additionally, when using Podman, systemd
|
||||
by managing all services in the same way. Additionally, when using Podman, systemd
|
||||
can start the registry with socket-activation, providing additional security options:
|
||||
|
||||
* Run as non-root and expose on a low-numbered socket (< 1024)
|
||||
* Run with `--network=none`
|
||||
|
||||
|
@ -18,9 +19,10 @@ When deploying the registry via Docker, a simple service file can be used to man
|
|||
the registry:
|
||||
|
||||
registry.service
|
||||
```
|
||||
|
||||
```ini
|
||||
[Unit]
|
||||
Description=Docker registry
|
||||
Description=Distribution registry
|
||||
After=docker.service
|
||||
Requires=docker.service
|
||||
|
||||
|
@ -40,7 +42,7 @@ WantedBy=multi-user.target
|
|||
|
||||
In this case, the registry will store images in the named-volume `registry`.
|
||||
Note that the container is destroyed on restart instead of using `--rm` or
|
||||
destroy on stop. This is done to make accessing `docker logs ...` easier in
|
||||
destroy on stop. This is done to make accessing `docker logs ...` easier in
|
||||
the case of issues.
|
||||
|
||||
### Podman
|
||||
|
@ -50,7 +52,7 @@ socket-activation of containers.
|
|||
|
||||
#### Create service file
|
||||
|
||||
```
|
||||
```sh
|
||||
podman create --name registry --network=none -v registry:/var/lib/registry registry:2
|
||||
podman generate systemd --name --new registry > registry.service
|
||||
```
|
||||
|
@ -58,9 +60,10 @@ podman generate systemd --name --new registry > registry.service
|
|||
#### Create socket file
|
||||
|
||||
registry.socket
|
||||
```
|
||||
|
||||
```ini
|
||||
[Unit]
|
||||
Description=container registry
|
||||
Description=Distribution registry
|
||||
|
||||
[Socket]
|
||||
ListenStream=5000
|
||||
|
@ -71,7 +74,7 @@ WantedBy=sockets.target
|
|||
|
||||
### Installation
|
||||
|
||||
Installation can be either rootful or rootless. For Docker, rootless configurations
|
||||
Installation can be either rootful or rootless. For Docker, rootless configurations
|
||||
often include additional setup steps that are beyond the scope of this recipe, whereas
|
||||
for Podman, rootless containers generally work out of the box.
|
||||
|
12
docs/content/spec/_index.md
Normal file
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
title: "Reference Overview"
|
||||
description: "Explains registry JSON objects"
|
||||
keywords: registry, service, images, repository, json
|
||||
---
|
||||
|
||||
# Docker Registry Reference
|
||||
|
||||
* [HTTP API V2](api)
|
||||
* [Storage Driver](/storage-drivers/)
|
||||
* [Token Authentication Specification](auth/token)
|
||||
* [Token Authentication Implementation](auth/jwt)
|
|
@ -2,7 +2,7 @@
|
|||
title: "HTTP API V2"
|
||||
description: "Specification for the Registry API."
|
||||
keywords: registry, on-prem, images, tags, repository, distribution, api, advanced
|
||||
redirect_from:
|
||||
aliases:
|
||||
- /reference/api/registry_api/
|
||||
---
|
||||
|
12
docs/content/spec/auth/_index.md
Normal file
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
title: "Distribution Registry Token Authentication"
|
||||
description: "Distribution Registry v2 authentication schema"
|
||||
keywords: registry, on-prem, images, tags, repository, distribution, authentication, advanced
|
||||
---
|
||||
|
||||
# Distribution Registry v2 authentication
|
||||
|
||||
See the [Token Authentication Specification](token),
|
||||
[Token Authentication Implementation](jwt),
|
||||
[Token Scope Documentation](scope),
|
||||
[OAuth2 Token Authentication](oauth) for more information.
|
|
@ -1,10 +1,10 @@
|
|||
---
|
||||
title: "Token Authentication Implementation"
|
||||
description: "Describe the reference implementation of the Docker Registry v2 authentication schema"
|
||||
description: "Describe the reference implementation of the Distribution Registry v2 authentication schema"
|
||||
keywords: registry, on-prem, images, tags, repository, distribution, JWT authentication, advanced
|
||||
---
|
||||
|
||||
# Docker Registry v2 Bearer token specification
|
||||
# Distribution Registry v2 Bearer token specification
|
||||
|
||||
This specification covers the `distribution/distribution` implementation of the
|
||||
v2 Registry's authentication schema. Specifically, it describes the JSON
|
|
@ -1,10 +1,10 @@
|
|||
---
|
||||
title: "Oauth2 Token Authentication"
|
||||
description: "Specifies the Docker Registry v2 authentication"
|
||||
description: "Specifies the Distribution Registry v2 authentication"
|
||||
keywords: registry, on-prem, images, tags, repository, distribution, oauth2, advanced
|
||||
---
|
||||
|
||||
# Docker Registry v2 authentication using OAuth2
|
||||
# Distribution Registry v2 authentication using OAuth2
|
||||
|
||||
This document describes support for the OAuth2 protocol within the authorization
|
||||
server. [RFC6749](https://tools.ietf.org/html/rfc6749) should be used as a
|
||||
|
@ -12,7 +12,7 @@ reference for the protocol and HTTP endpoints described here.
|
|||
|
||||
**Note**: Not all token servers implement oauth2. If the request to the endpoint
|
||||
returns `404` using the HTTP `POST` method, refer to
|
||||
[Token Documentation](token.md) for using the HTTP `GET` method supported by all
|
||||
[Token Documentation](../token) for using the HTTP `GET` method supported by all
|
||||
token servers.
|
||||
|
||||
## Refresh token format
|
||||
|
@ -161,7 +161,7 @@ Content-Type: application/x-www-form-urlencoded
|
|||
|
||||
#### Example getting refresh token
|
||||
|
||||
```
|
||||
```none
|
||||
POST /token HTTP/1.1
|
||||
Host: auth.docker.io
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
@ -176,7 +176,7 @@ Content-Type: application/json
|
|||
|
||||
#### Example refreshing an Access Token
|
||||
|
||||
```
|
||||
```none
|
||||
POST /token HTTP/1.1
|
||||
Host: auth.docker.io
|
||||
Content-Type: application/x-www-form-urlencoded
|
|
@ -4,7 +4,7 @@ description: "Describes the scope and access fields used for registry authorizat
|
|||
keywords: registry, on-prem, images, tags, repository, distribution, advanced, access, scope
|
||||
---
|
||||
|
||||
# Docker Registry Token Scope and Access
|
||||
# Distribution Registry Token Scope and Access
|
||||
|
||||
Tokens used by the registry are always restricted what resources they may
|
||||
be used to access, where those resources may be accessed, and what actions
|
||||
|
@ -41,10 +41,11 @@ is authorized for a specific resource.
|
|||
|
||||
#### Resource Class
|
||||
|
||||
> [!WARNING]
|
||||
> Resource Class is deprecated and ignored.
|
||||
> `repository` and `repository(plugin)` are considered equal when authorizing a token.
|
||||
> Authorization services should no longer return scopes with a resource class.
|
||||
{{< hint type=warning >}}
|
||||
Resource Class is deprecated and ignored.
|
||||
`repository` and `repository(plugin)` are considered equal when authorizing a token.
|
||||
Authorization services should no longer return scopes with a resource class.
|
||||
{{< /hint >}}
|
||||
|
||||
The resource type might have a resource class which further classifies the
|
||||
the resource name within the resource type. A class is not required and
|
||||
|
@ -108,11 +109,13 @@ Full reference grammar is defined
|
|||
[here](https://pkg.go.dev/github.com/distribution/distribution/reference). Currently
|
||||
the scope name grammar is a subset of the reference grammar.
|
||||
|
||||
> **NOTE:** that the `resourcename` may contain one `:` due to a possible port
|
||||
> number in the hostname component of the `resourcename`, so a naive
|
||||
> implementation that interprets the first three `:`-delimited tokens of a
|
||||
> `scope` to be the `resourcetype`, `resourcename`, and a list of `action`
|
||||
> would be insufficient.
|
||||
{{< hint type=note >}}
|
||||
Note that the `resourcename` may contain one `:` due to a possible port
|
||||
number in the hostname component of the `resourcename`, so a naive
|
||||
implementation that interprets the first three `:`-delimited tokens of a
|
||||
`scope` to be the `resourcetype`, `resourcename`, and a list of `action`
|
||||
would be insufficient.
|
||||
{{< /hint >}}
|
||||
|
||||
## Resource Provider Use
|
||||
|
||||
|
@ -141,7 +144,7 @@ Each JWT access token may only have a single subject and audience but multiple
|
|||
resource scopes. The subject and audience are put into standard JWT fields
|
||||
`sub` and `aud`. The resource scope is put into the `access` field. The
|
||||
structure of the access field can be seen in the
|
||||
[jwt documentation](jwt.md).
|
||||
[jwt documentation](../jwt).
|
||||
|
||||
## Refresh Tokens
|
||||
|
|
@ -1,14 +1,14 @@
|
|||
---
|
||||
title: "Token Authentication Specification"
|
||||
description: "Specifies the Docker Registry v2 authentication"
|
||||
description: "Specifies the Distribution Registry v2 authentication"
|
||||
keywords: registry, on-prem, images, tags, repository, distribution, Bearer authentication, advanced
|
||||
---
|
||||
|
||||
# Docker Registry v2 authentication via central service
|
||||
# Distribution Registry v2 authentication via central service
|
||||
|
||||
This document outlines the v2 Docker registry authentication scheme:
|
||||
This document outlines the v2 Distribution registry authentication scheme:
|
||||
|
||||
![v2 registry auth](../images/v2-registry-auth.png)
|
||||
![v2 registry auth](/images/v2-registry-auth.png)
|
||||
|
||||
1. Attempt to begin a push/pull operation with the registry.
|
||||
2. If the registry requires authorization it will return a `401 Unauthorized`
|
||||
|
@ -27,9 +27,9 @@ This document outlines the v2 Docker registry authentication scheme:
|
|||
- Registry clients which can understand and respond to token auth challenges
|
||||
returned by the resource server.
|
||||
- An authorization server capable of managing access controls to their
|
||||
resources hosted by any given service (such as repositories in a Docker
|
||||
resources hosted by any given service (such as repositories in a Distribution
|
||||
Registry).
|
||||
- A Docker Registry capable of trusting the authorization server to sign tokens
|
||||
- A Distribution Registry capable of trusting the authorization server to sign tokens
|
||||
which clients can use for authorization and the ability to verify these
|
||||
tokens for single use or for use during a sufficiently short period of time.
|
||||
|
||||
|
@ -39,11 +39,8 @@ The described server is meant to serve as a standalone access control manager
|
|||
for resources hosted by other services which wish to authenticate and manage
|
||||
authorizations using a separate access control manager.
|
||||
|
||||
A service like this is used by the official Docker Registry to authenticate
|
||||
clients and verify their authorization to Docker image repositories.
|
||||
|
||||
As of Docker 1.6, the registry client within the Docker Engine has been updated
|
||||
to handle such an authorization workflow.
|
||||
A service like this is used by public and private registries to authenticate
|
||||
clients and verify their authorization to image repositories.
|
||||
|
||||
## How to authenticate
|
||||
|
||||
|
@ -191,7 +188,7 @@ https://auth.docker.io/token?service=registry.docker.io&scope=repository:samalba
|
|||
|
||||
The token server should first attempt to authenticate the client using any
|
||||
authentication credentials provided with the request. From Docker 1.11 the
|
||||
Docker engine supports both Basic Authentication and [OAuth2](oauth.md) for
|
||||
Docker engine supports both Basic Authentication and [OAuth2](../oauth) for
|
||||
getting tokens. Docker 1.10 and before, the registry client in the Docker Engine
|
||||
only supports Basic Authentication. If an attempt to authenticate to the token
|
||||
server fails, the token server should return a `401 Unauthorized` response
|
|
@ -1,10 +1,9 @@
|
|||
---
|
||||
title: Update deprecated schema image manifest version 2, v1 images
|
||||
description: Update deprecated schema v1 iamges
|
||||
title: Image manifest version 2, schema 1
|
||||
description: Update deprecated schema v1 images
|
||||
keywords: registry, on-prem, images, tags, repository, distribution, api, advanced, manifest
|
||||
---
|
||||
|
||||
## Image manifest version 2, schema 1
|
||||
With the release of image manifest version 2, schema 2, image manifest version
|
||||
2, schema 1 has been deprecated. This could lead to compatibility and
|
||||
vulnerability issues in images that haven't been updated to image manifest
|
||||
|
@ -17,7 +16,7 @@ associated with the deprecated image manifest that will block your image from
|
|||
running successfully. A list of possible methods to help update your image is
|
||||
also included below.
|
||||
|
||||
### Update to image manifest version 2, schema 2
|
||||
## Update to image manifest version 2, schema 2
|
||||
|
||||
One way to upgrade an image from image manifest version 2, schema 1 to
|
||||
schema 2 is to `docker pull` the image and then `docker push` the image with a
|
||||
|
@ -29,8 +28,7 @@ manifest format, but does not update the contents within the image. Images
|
|||
using manifest version 2, schema 1 may contain unpatched vulnerabilities. We
|
||||
recommend looking for an alternative image or rebuilding it.
|
||||
|
||||
|
||||
### Update FROM statement
|
||||
## Update FROM statement
|
||||
|
||||
You can rebuild the image by updating the `FROM` statement in your
|
||||
`Dockerfile`. If your image manifest is out-of-date, there is a chance the
|
Before Width: | Height: | Size: 11 KiB After Width: | Height: | Size: 11 KiB |
|
@ -1,14 +1,14 @@
|
|||
---
|
||||
published: false
|
||||
draft: true
|
||||
---
|
||||
|
||||
# Distribution API Implementations
|
||||
|
||||
This is a list of known implementations of the Distribution API spec.
|
||||
|
||||
## [Docker Distribution Registry](https://github.com/distribution/distribution)
|
||||
## [CNCF Distribution Registry](https://github.com/distribution/distribution)
|
||||
|
||||
Docker distribution is the reference implementation of the distribution API
|
||||
CNCF distribution is the reference implementation of the distribution API
|
||||
specification. It aims to fully implement the entire specification.
|
||||
|
||||
### Releases
|
|
@ -1,15 +1,15 @@
|
|||
---
|
||||
published: false
|
||||
title: "Docker Distribution JSON Canonicalization"
|
||||
draft: true
|
||||
title: "CNCF Distribution JSON Canonicalization"
|
||||
description: "Explains registry JSON objects"
|
||||
keywords: ["registry, service, images, repository, json"]
|
||||
---
|
||||
|
||||
|
||||
|
||||
# Docker Distribution JSON Canonicalization
|
||||
# CNCF Distribution JSON Canonicalization
|
||||
|
||||
To provide consistent content hashing of JSON objects throughout Docker
|
||||
To provide consistent content hashing of JSON objects throughout CNCF
|
||||
Distribution APIs, the specification defines a canonical JSON format. Adopting
|
||||
such a canonicalization also aids in caching JSON responses.
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
title: "Image Manifest V 2, Schema 2 "
|
||||
title: "Image Manifest V 2, Schema 2"
|
||||
description: "image manifest for the Registry."
|
||||
keywords: registry, on-prem, images, tags, repository, distribution, api, advanced, manifest
|
||||
---
|
||||
|
@ -10,7 +10,7 @@ This document outlines the format of the V2 image manifest, schema version 2.
|
|||
The original (and provisional) image manifest for V2 (schema 1), was introduced
|
||||
in the Docker daemon in the [v1.3.0
|
||||
release](https://github.com/docker/docker/commit/9f482a66ab37ec396ac61ed0c00d59122ac07453)
|
||||
and is specified in the [schema 1 manifest definition](manifest-v2-1.md)
|
||||
and is now deprecated.
|
||||
|
||||
This second schema version has two primary goals. The first is to allow
|
||||
multi-architecture images, through a "fat manifest" which references image
|
||||
|
@ -71,7 +71,7 @@ image manifest based on the Content-Type returned in the HTTP response.
|
|||
- **`digest`** *string*
|
||||
|
||||
The digest of the content, as defined by the
|
||||
[Registry V2 HTTP API Specificiation](api.md#digest-parameter).
|
||||
[Registry V2 HTTP API Specificiation](../api#digest-parameter).
|
||||
|
||||
- **`platform`** *object*
|
||||
|
||||
|
@ -113,7 +113,8 @@ image manifest based on the Content-Type returned in the HTTP response.
|
|||
|
||||
## Example Manifest List
|
||||
|
||||
*Example showing a simple manifest list pointing to image manifests for two platforms:*
|
||||
Example showing a simple manifest list pointing to image manifests for two platforms:
|
||||
|
||||
```json
|
||||
{
|
||||
"schemaVersion": 2,
|
||||
|
@ -186,7 +187,7 @@ image. It's the direct replacement for the schema-1 manifest.
|
|||
- **`digest`** *string*
|
||||
|
||||
The digest of the content, as defined by the
|
||||
[Registry V2 HTTP API Specificiation](api.md#digest-parameter).
|
||||
[Registry V2 HTTP API Specificiation](../api#digest-parameter).
|
||||
|
||||
- **`layers`** *array*
|
||||
|
||||
|
@ -212,7 +213,7 @@ image. It's the direct replacement for the schema-1 manifest.
|
|||
- **`digest`** *string*
|
||||
|
||||
The digest of the content, as defined by the
|
||||
[Registry V2 HTTP API Specificiation](api.md#digest-parameter).
|
||||
[Registry V2 HTTP API Specificiation](../api#digest-parameter).
|
||||
|
||||
- **`urls`** *array*
|
||||
|
||||
|
@ -222,7 +223,8 @@ image. It's the direct replacement for the schema-1 manifest.
|
|||
|
||||
## Example Image Manifest
|
||||
|
||||
*Example showing an image manifest:*
|
||||
Example showing an image manifest:
|
||||
|
||||
```json
|
||||
{
|
||||
"schemaVersion": 2,
|
|
@ -1,8 +1,6 @@
|
|||
---
|
||||
description: Explains how to use storage drivers
|
||||
keywords: registry, on-prem, images, tags, repository, distribution, storage drivers, advanced
|
||||
redirect_from:
|
||||
- /registry/storagedrivers/
|
||||
title: Registry storage driver
|
||||
---
|
||||
|
||||
|
@ -12,11 +10,11 @@ This document describes the registry storage driver model, implementation, and e
|
|||
|
||||
This storage driver package comes bundled with several drivers:
|
||||
|
||||
- [inmemory](inmemory.md): A temporary storage driver using a local inmemory map. This exists solely for reference and testing.
|
||||
- [filesystem](filesystem.md): A local storage driver configured to use a directory tree in the local filesystem.
|
||||
- [s3](s3.md): A driver storing objects in an Amazon Simple Storage Service (S3) bucket.
|
||||
- [azure](azure.md): A driver storing objects in [Microsoft Azure Blob Storage](https://azure.microsoft.com/en-us/services/storage/).
|
||||
- [gcs](gcs.md): A driver storing objects in a [Google Cloud Storage](https://cloud.google.com/storage/) bucket.
|
||||
- [inmemory](inmemory): A temporary storage driver using a local inmemory map. This exists solely for reference and testing.
|
||||
- [filesystem](filesystem): A local storage driver configured to use a directory tree in the local filesystem.
|
||||
- [s3](s3): A driver storing objects in an Amazon Simple Storage Service (S3) bucket.
|
||||
- [azure](azure): A driver storing objects in [Microsoft Azure Blob Storage](https://azure.microsoft.com/en-us/services/storage/).
|
||||
- [gcs](gcs): A driver storing objects in a [Google Cloud Storage](https://cloud.google.com/storage/) bucket.
|
||||
- oss: *NO LONGER SUPPORTED*
|
||||
- swift: *NO LONGER SUPPORTED*
|
||||
|
||||
|
@ -41,16 +39,17 @@ with a driver name and parameters map. If no such storage driver can be found,
|
|||
## Driver contribution
|
||||
|
||||
New storage drivers are not currently being accepted.
|
||||
See https://github.com/distribution/distribution/issues/3988 for discussion.
|
||||
See <https://github.com/distribution/distribution/issues/3988> for discussion.
|
||||
|
||||
There are forks of this repo that implement custom storage drivers.
|
||||
These are not supported by the OCI distribution project.
|
||||
The known forks are:
|
||||
- Storj DCS: https://github.com/storj/docker-registry
|
||||
- HuaweiCloud OBS: https://github.com/setoru/distribution/tree/obs
|
||||
- us3: https://github.com/lambertxiao/distribution/tree/main
|
||||
- Baidu BOS: https://github.com/dolfly/distribution/tree/bos
|
||||
- HDFS: https://github.com/haosdent/distribution/tree/master
|
||||
|
||||
- Storj DCS: <https://github.com/storj/docker-registry>
|
||||
- HuaweiCloud OBS: <https://github.com/setoru/distribution/tree/obs>
|
||||
- us3: <https://github.com/lambertxiao/distribution/tree/main>
|
||||
- Baidu BOS: <https://github.com/dolfly/distribution/tree/bos>
|
||||
- HDFS: <https://github.com/haosdent/distribution/tree/master>
|
||||
|
||||
### Writing new storage drivers
|
||||
|
|
@ -15,5 +15,6 @@ An implementation of the `storagedriver.StorageDriver` interface which uses Goog
|
|||
| `rootdirectory` | no | The root directory tree in which all registry files are stored. Defaults to the empty string (bucket root). If a prefix is used, the path `bucketname/<prefix>` has to be pre-created before starting the registry. The prefix is applied to all Google Cloud Storage keys to allow you to segment data in your bucket if necessary.|
|
||||
| `chunksize` | no (default 5242880) | This is the chunk size used for uploading large blobs, must be a multiple of 256*1024. |
|
||||
|
||||
**Note:** Instead of a key file you can use [Google Application Default Credentials](https://developers.google.com/identity/protocols/application-default-credentials).
|
||||
|
||||
{{< hint type=note >}}
|
||||
Instead of a key file you can use [Google Application Default Credentials](https://developers.google.com/identity/protocols/application-default-credentials).
|
||||
{{< /hint >}}
|
|
@ -7,9 +7,11 @@ title: In-memory storage driver (testing only)
|
|||
For purely tests purposes, you can use the `inmemory` storage driver. This
|
||||
driver is an implementation of the `storagedriver.StorageDriver` interface which
|
||||
uses local memory for object storage. If you would like to run a registry from
|
||||
volatile memory, use the [`filesystem` driver](filesystem.md) on a ramdisk.
|
||||
volatile memory, use the [`filesystem` driver](../filesystem) on a ramdisk.
|
||||
|
||||
**IMPORTANT**: This storage driver *does not* persist data across runs. This is why it is only suitable for testing. *Never* use this driver in production.
|
||||
{{< hint type=important >}}
|
||||
This storage driver *does not* persist data across runs. This is why it is only suitable for testing. *Never* use this driver in production.
|
||||
{{< /hint >}}
|
||||
|
||||
## Parameters
|
||||
|
|
@ -11,8 +11,8 @@ Amazon S3 or S3 compatible services for object storage.
|
|||
|
||||
| Parameter | Required | Description |
|
||||
|:--------------|:---------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `accesskey` | no | Your AWS Access Key. If you use [IAM roles](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html), omit to fetch temporary credentials from IAM. |
|
||||
| `secretkey` | no | Your AWS Secret Key. If you use [IAM roles](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html), omit to fetch temporary credentials from IAM. |
|
||||
| `accesskey` | no | Your AWS Access Key. If you use [IAM roles](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html), omit to fetch temporary credentials from IAM. |
|
||||
| `secretkey` | no | Your AWS Secret Key. If you use [IAM roles](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html), omit to fetch temporary credentials from IAM. |
|
||||
| `region` | yes | The AWS region in which your bucket exists. |
|
||||
| `regionendpoint` | no | Endpoint for S3 compatible storage services (Minio, etc). |
|
||||
| `forcepathstyle` | no | To enable path-style addressing when the value is set to `true`. The default is `true`. |
|
||||
|
@ -30,10 +30,10 @@ Amazon S3 or S3 compatible services for object storage.
|
|||
|
||||
> **Note** You can provide empty strings for your access and secret keys to run the driver
|
||||
> on an ec2 instance and handles authentication with the instance's credentials. If you
|
||||
> use [IAM roles](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html),
|
||||
> use [IAM roles](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html),
|
||||
> omit these keys to fetch temporary credentials from IAM.
|
||||
|
||||
`region`: The name of the aws region in which you would like to store objects (for example `us-east-1`). For a list of regions, see [Regions, Availability Zones, and Local Zones](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html).
|
||||
`region`: The name of the aws region in which you would like to store objects (for example `us-east-1`). For a list of regions, see [Regions, Availability Zones, and Local Zones](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html).
|
||||
|
||||
`regionendpoint`: (optional) Endpoint URL for S3 compatible APIs. This should not be provided when using Amazon S3.
|
||||
|
||||
|
@ -55,7 +55,7 @@ Amazon S3 or S3 compatible services for object storage.
|
|||
|
||||
`storageclass`: (optional) The storage class applied to each registry file. Defaults to STANDARD. Valid options are STANDARD and REDUCED_REDUNDANCY.
|
||||
|
||||
`objectacl`: (optional) The canned object ACL to be applied to each registry object. Defaults to `private`. If you are using a bucket owned by another AWS account, it is recommended that you set this to `bucket-owner-full-control` so that the bucket owner can access your objects. Other valid options are available in the [AWS S3 documentation](http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl).
|
||||
`objectacl`: (optional) The canned object ACL to be applied to each registry object. Defaults to `private`. If you are using a bucket owned by another AWS account, it is recommended that you set this to `bucket-owner-full-control` so that the bucket owner can access your objects. Other valid options are available in the [AWS S3 documentation](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl).
|
||||
|
||||
`loglevel`: (optional) Valid values are: `off` (default), `debug`, `debugwithsigning`, `debugwithhttpbody`, `debugwithrequestretries`, `debugwithrequesterrors` and `debugwitheventstreambody`. See the [AWS SDK for Go API reference](https://docs.aws.amazon.com/sdk-for-go/api/aws/#LogLevelType) for details.
|
||||
|
||||
|
@ -91,7 +91,7 @@ The following AWS policy is required by the registry for push and pull. Make sur
|
|||
}
|
||||
```
|
||||
|
||||
See [the S3 policy documentation](http://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) for more details.
|
||||
See [the S3 policy documentation](https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) for more details.
|
||||
|
||||
# CloudFront as Middleware with S3 backend
|
||||
|
||||
|
@ -112,7 +112,7 @@ to see whether you need CloudFront or S3 Transfer Acceleration.
|
|||
|
||||
If you are unfamiliar with creating a CloudFront distribution, see [Getting
|
||||
Started with
|
||||
Cloudfront](http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/GettingStarted.html).
|
||||
Cloudfront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/GettingStarted.html).
|
||||
|
||||
Defaults can be kept in most areas except:
|
||||
|
||||
|
@ -162,4 +162,4 @@ middleware:
|
|||
|
||||
A CloudFront key-pair is required for all AWS accounts needing access to your
|
||||
CloudFront distribution. You must have access to your AWS account's root credentials to create the required Cloudfront keypair. For information, see [Creating CloudFront Key
|
||||
Pairs](http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html#private-content-creating-cloudfront-key-pairs).
|
||||
Pairs](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html#private-content-creating-cloudfront-key-pairs).
|
6
docs/data/menu/extra.yaml
Normal file
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
header:
|
||||
- name: GitHub
|
||||
ref: https://github.com/distribution/distribution/
|
||||
icon: gdoc_github
|
||||
external: true
|
|
@ -1,20 +0,0 @@
|
|||
---
|
||||
description: describes deprecated functionality
|
||||
keywords: registry, manifest, images, signatures, repository, distribution, digest
|
||||
title: Docker Registry deprecation
|
||||
---
|
||||
|
||||
This document details functionality or components which are deprecated within
|
||||
the registry.
|
||||
|
||||
### v2.5.0
|
||||
|
||||
The signature store has been removed from the registry. Since `v2.4.0` it has
|
||||
been possible to configure the registry to generate manifest signatures rather
|
||||
than load them from storage. In this version of the registry this becomes
|
||||
the default behavior. Signatures which are attached to manifests on put are
|
||||
not stored in the registry. This does not alter the functional behavior of
|
||||
the registry.
|
||||
|
||||
Old signatures blobs can be removed from the registry storage by running the
|
||||
garbage-collect subcommand.
|
9
docs/go.mod
Normal file
|
@ -0,0 +1,9 @@
|
|||
module github.com/distribution/distribution/docs
|
||||
|
||||
go 1.21.1
|
||||
|
||||
require (
|
||||
github.com/google/docsy v0.7.1 // indirect
|
||||
github.com/imfing/hextra v0.5.0 // indirect
|
||||
github.com/thegeeklab/hugo-geekdoc v0.41.2 // indirect
|
||||
)
|
9
docs/go.sum
Normal file
|
@ -0,0 +1,9 @@
|
|||
github.com/FortAwesome/Font-Awesome v0.0.0-20230327165841-0698449d50f2/go.mod h1:IUgezN/MFpCDIlFezw3L8j83oeiIuYoj28Miwr/KUYo=
|
||||
github.com/google/docsy v0.7.1 h1:DUriA7Nr3lJjNi9Ulev1SfiG1sUYmvyDeU4nTp7uDxY=
|
||||
github.com/google/docsy v0.7.1/go.mod h1:JCmE+c+izhE0Rvzv3y+AzHhz1KdwlA9Oj5YBMklJcfc=
|
||||
github.com/google/docsy/dependencies v0.7.1/go.mod h1:gihhs5gmgeO+wuoay4FwOzob+jYJVyQbNaQOh788lD4=
|
||||
github.com/imfing/hextra v0.5.0 h1:uVUmtqx7UivuA6oCVSKkaM/YGcLuIA9P8j8mmCDg4hU=
|
||||
github.com/imfing/hextra v0.5.0/go.mod h1:cEfel3lU/bSx7lTE/+uuR4GJaphyOyiwNR3PTqFTXpI=
|
||||
github.com/thegeeklab/hugo-geekdoc v0.41.2 h1:U6TvFfO3TVoCvirpLFXMO/sE5qHavZ18N22tUtiTwBo=
|
||||
github.com/thegeeklab/hugo-geekdoc v0.41.2/go.mod h1:XEAtAuJ3nRMshRupMW1xPZ7EVMleS87rmr+RklRamRY=
|
||||
github.com/twbs/bootstrap v5.2.3+incompatible/go.mod h1:fZTSrkpSf0/HkL0IIJzvVspTt1r9zuf7XlZau8kpcY0=
|
19
docs/hugo.yaml
Normal file
|
@ -0,0 +1,19 @@
|
|||
baseURL: /
|
||||
languageCode: en-us
|
||||
title: CNCF Distribution
|
||||
theme: hugo-geekdoc
|
||||
|
||||
pluralizeListTitles: false
|
||||
enableRobotsTXT: true
|
||||
taxonomies: [tags]
|
||||
minify:
|
||||
disableHTML: true
|
||||
|
||||
# Geekdoc required configuration
|
||||
pygmentsUseClasses: true
|
||||
pygmentsCodeFences: true
|
||||
disablePathToLower: true
|
||||
|
||||
params:
|
||||
geekdocRepo: "https://github.com/distribution/distribution"
|
||||
geekdocEditPath: edit/main/docs
|
|
@ -1,63 +0,0 @@
|
|||
---
|
||||
description: High-level overview of the Registry
|
||||
keywords: registry, on-prem, images, tags, repository, distribution
|
||||
redirect_from:
|
||||
- /registry/overview/
|
||||
title: Docker Registry
|
||||
---
|
||||
|
||||
## What it is
|
||||
|
||||
The Registry is a stateless, highly scalable server side application that stores
|
||||
and lets you distribute Docker images. The Registry is open-source, under the
|
||||
permissive [Apache license](https://en.wikipedia.org/wiki/Apache_License).
|
||||
|
||||
## Why use it
|
||||
|
||||
You should use the Registry if you want to:
|
||||
|
||||
* tightly control where your images are being stored
|
||||
* fully own your images distribution pipeline
|
||||
* integrate image storage and distribution tightly into your in-house development workflow
|
||||
|
||||
## Alternatives
|
||||
|
||||
Users looking for a zero maintenance, ready-to-go solution are encouraged to
|
||||
head-over to the [Docker Hub](https://hub.docker.com), which provides a
|
||||
free-to-use, hosted Registry, plus additional features (organization accounts,
|
||||
automated builds, and more).
|
||||
|
||||
## Requirements
|
||||
|
||||
The Registry is compatible with Docker engine **version 1.6.0 or higher**.
|
||||
|
||||
## Basic commands
|
||||
|
||||
Start your registry
|
||||
|
||||
docker run -d -p 5000:5000 --name registry registry:2
|
||||
|
||||
Pull (or build) some image from the hub
|
||||
|
||||
docker pull ubuntu
|
||||
|
||||
Tag the image so that it points to your registry
|
||||
|
||||
docker image tag ubuntu localhost:5000/myfirstimage
|
||||
|
||||
Push it
|
||||
|
||||
docker push localhost:5000/myfirstimage
|
||||
|
||||
Pull it back
|
||||
|
||||
docker pull localhost:5000/myfirstimage
|
||||
|
||||
Now stop your registry and remove all data
|
||||
|
||||
docker container stop registry && docker container rm -v registry
|
||||
|
||||
## Next
|
||||
|
||||
You should now read the [detailed introduction about the registry](introduction.md),
|
||||
or jump directly to [deployment instructions](deploying.md).
|
|
@ -1,205 +0,0 @@
|
|||
---
|
||||
description: Restricting access to your registry using a nginx proxy
|
||||
keywords: registry, on-prem, images, tags, repository, distribution, nginx, proxy, authentication, TLS, recipe, advanced
|
||||
title: Authenticate proxy with nginx
|
||||
redirect_from:
|
||||
- /registry/nginx/
|
||||
---
|
||||
|
||||
## Use-case
|
||||
|
||||
People already relying on a nginx proxy to authenticate their users to other
|
||||
services might want to leverage it and have Registry communications tunneled
|
||||
through the same pipeline.
|
||||
|
||||
Usually, that includes enterprise setups using LDAP/AD on the backend and a SSO
|
||||
mechanism fronting their internal http portal.
|
||||
|
||||
### Alternatives
|
||||
|
||||
If you just want authentication for your registry, and are happy maintaining
|
||||
users access separately, you should really consider sticking with the native
|
||||
[basic auth registry feature](../deploying.md#native-basic-auth).
|
||||
|
||||
### Solution
|
||||
|
||||
With the method presented here, you implement basic authentication for docker
|
||||
engines in a reverse proxy that sits in front of your registry.
|
||||
|
||||
While we use a simple htpasswd file as an example, any other nginx
|
||||
authentication backend should be fairly easy to implement once you are done with
|
||||
the example.
|
||||
|
||||
We also implement push restriction (to a limited user group) for the sake of the
|
||||
example. Again, you should modify this to fit your mileage.
|
||||
|
||||
### Gotchas
|
||||
|
||||
While this model gives you the ability to use whatever authentication backend
|
||||
you want through the secondary authentication mechanism implemented inside your
|
||||
proxy, it also requires that you move TLS termination from the Registry to the
|
||||
proxy itself.
|
||||
|
||||
> **Note**: It is not recommended to bind your registry to `localhost:5000` without
|
||||
> authentication. This creates a potential loophole in your registry security.
|
||||
> As a result, anyone who can log on to the server where your registry is running
|
||||
> can push images without authentication.
|
||||
|
||||
Furthermore, introducing an extra http layer in your communication pipeline
|
||||
makes it more complex to deploy, maintain, and debug. Make sure the extra
|
||||
complexity is required.
|
||||
|
||||
For instance, Amazon's Elastic Load Balancer (ELB) in HTTPS mode already sets
|
||||
the following client header:
|
||||
|
||||
```
|
||||
X-Real-IP
|
||||
X-Forwarded-For
|
||||
X-Forwarded-Proto
|
||||
```
|
||||
|
||||
So if you have an Nginx instance sitting behind it, remove these lines from the
|
||||
example config below:
|
||||
|
||||
```none
|
||||
proxy_set_header Host $http_host; # required for docker client's sake
|
||||
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
```
|
||||
|
||||
Otherwise Nginx resets the ELB's values, and the requests are not routed
|
||||
properly. For more information, see
|
||||
[#970](https://github.com/distribution/distribution/issues/970).
|
||||
|
||||
## Setting things up
|
||||
|
||||
Review the [requirements](index.md#requirements), then follow these steps.
|
||||
|
||||
1. Create the required directories
|
||||
|
||||
```console
|
||||
$ mkdir -p auth data
|
||||
```
|
||||
|
||||
2. Create the main nginx configuration. Paste this code block into a new file called `auth/nginx.conf`:
|
||||
|
||||
```conf
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
|
||||
upstream docker-registry {
|
||||
server registry:5000;
|
||||
}
|
||||
|
||||
## Set a variable to help us decide if we need to add the
|
||||
## 'Docker-Distribution-Api-Version' header.
|
||||
## The registry always sets this header.
|
||||
## In the case of nginx performing auth, the header is unset
|
||||
## since nginx is auth-ing before proxying.
|
||||
map $upstream_http_docker_distribution_api_version $docker_distribution_api_version {
|
||||
'' 'registry/2.0';
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name myregistrydomain.com;
|
||||
|
||||
# SSL
|
||||
ssl_certificate /etc/nginx/conf.d/domain.crt;
|
||||
ssl_certificate_key /etc/nginx/conf.d/domain.key;
|
||||
|
||||
# Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
|
||||
ssl_protocols TLSv1.1 TLSv1.2;
|
||||
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
|
||||
# disable any limits to avoid HTTP 413 for large image uploads
|
||||
client_max_body_size 0;
|
||||
|
||||
# required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486)
|
||||
chunked_transfer_encoding on;
|
||||
|
||||
location /v2/ {
|
||||
# Do not allow connections from docker 1.5 and earlier
|
||||
# docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
|
||||
if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
|
||||
return 404;
|
||||
}
|
||||
|
||||
# To add basic authentication to v2 use auth_basic setting.
|
||||
auth_basic "Registry realm";
|
||||
auth_basic_user_file /etc/nginx/conf.d/nginx.htpasswd;
|
||||
|
||||
## If $docker_distribution_api_version is empty, the header is not added.
|
||||
## See the map directive above where this variable is defined.
|
||||
add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;
|
||||
|
||||
proxy_pass http://docker-registry;
|
||||
proxy_set_header Host $http_host; # required for docker client's sake
|
||||
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_read_timeout 900;
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
3. Create a password file `auth/nginx.htpasswd` for "testuser" and "testpassword".
|
||||
|
||||
```console
|
||||
$ docker run --rm --entrypoint htpasswd registry:2 -Bbn testuser testpassword > auth/nginx.htpasswd
|
||||
```
|
||||
|
||||
> **Note**: If you do not want to use `bcrypt`, you can omit the `-B` parameter.
|
||||
|
||||
4. Copy your certificate files to the `auth/` directory.
|
||||
|
||||
```console
|
||||
$ cp domain.crt auth
|
||||
$ cp domain.key auth
|
||||
```
|
||||
|
||||
5. Create the compose file. Paste the following YAML into a new file called `docker-compose.yml`.
|
||||
|
||||
```yaml
|
||||
version: "3"
|
||||
|
||||
services:
|
||||
nginx:
|
||||
# Note : Only nginx:alpine supports bcrypt.
|
||||
# If you don't need to use bcrypt, you can use a different tag.
|
||||
# Ref. https://github.com/nginxinc/docker-nginx/issues/29
|
||||
image: "nginx:alpine"
|
||||
ports:
|
||||
- 5043:443
|
||||
depends_on:
|
||||
- registry
|
||||
volumes:
|
||||
- ./auth:/etc/nginx/conf.d
|
||||
- ./auth/nginx.conf:/etc/nginx/nginx.conf:ro
|
||||
|
||||
registry:
|
||||
image: registry:2
|
||||
volumes:
|
||||
- ./data:/var/lib/registry
|
||||
```
|
||||
|
||||
## Starting and stopping
|
||||
|
||||
Now, start your stack:
|
||||
|
||||
docker-compose up -d
|
||||
|
||||
Login with a "push" authorized user (using `testuser` and `testpassword`), then
|
||||
tag and push your first image:
|
||||
|
||||
docker login -u=testuser -p=testpassword -e=root@example.ch myregistrydomain.com:5043
|
||||
docker tag ubuntu myregistrydomain.com:5043/test
|
||||
docker push myregistrydomain.com:5043/test
|
||||
docker pull myregistrydomain.com:5043/test
|
|
@ -1,12 +0,0 @@
|
|||
---
|
||||
title: "Docker Registry Token Authentication"
|
||||
description: "Docker Registry v2 authentication schema"
|
||||
keywords: registry, on-prem, images, tags, repository, distribution, authentication, advanced
|
||||
---
|
||||
|
||||
# Docker Registry v2 authentication
|
||||
|
||||
See the [Token Authentication Specification](token.md),
|
||||
[Token Authentication Implementation](jwt.md),
|
||||
[Token Scope Documentation](scope.md),
|
||||
[OAuth2 Token Authentication](oauth.md) for more information.
|
|
@ -1,12 +0,0 @@
|
|||
---
|
||||
title: "Reference Overview"
|
||||
description: "Explains registry JSON objects"
|
||||
keywords: registry, service, images, repository, json
|
||||
---
|
||||
|
||||
# Docker Registry Reference
|
||||
|
||||
* [HTTP API V2](api.md)
|
||||
* [Storage Driver](https://docs.docker.com/registry/storage-drivers/)
|
||||
* [Token Authentication Specification](auth/token.md)
|
||||
* [Token Authentication Implementation](auth/jwt.md)
|
|
@ -1,7 +0,0 @@
|
|||
---
|
||||
title: "Reference"
|
||||
description: "Explains registry JSON objects"
|
||||
keywords: registry, service, images, repository, json
|
||||
type: "menu"
|
||||
identifier: "smn_registry_ref"
|
||||
---
|
1
docs/static/brand.svg
vendored
Normal file
After Width: | Height: | Size: 7.8 KiB |
50
docs/static/custom.css
vendored
Normal file
|
@ -0,0 +1,50 @@
|
|||
/* Global customization */
|
||||
|
||||
:root {
|
||||
--code-max-height: 60rem;
|
||||
}
|
||||
|
||||
/* Light mode theming */
|
||||
:root,
|
||||
:root[color-theme="light"] {
|
||||
--header-background: #203554;
|
||||
--header-font-color: #ffffff;
|
||||
|
||||
--footer-background: #203554;
|
||||
--footer-font-color: #ffffff;
|
||||
--footer-link-color: rgb(110, 168, 212);
|
||||
--footer-link-color-visited: rgb(186, 142, 240);
|
||||
}
|
||||
@media (prefers-color-scheme: light) {
|
||||
:root {
|
||||
--header-background: #203554;
|
||||
--header-font-color: #ffffff;
|
||||
|
||||
--footer-background: #203554;
|
||||
--footer-font-color: #ffffff;
|
||||
--footer-link-color: rgb(110, 168, 212);
|
||||
--footer-link-color-visited: rgb(186, 142, 240);
|
||||
}
|
||||
}
|
||||
|
||||
/* Dark mode theming */
|
||||
:root[color-theme="dark"] {
|
||||
--header-background: #203554;
|
||||
--header-font-color: #ffffff;
|
||||
|
||||
--footer-background: #203554;
|
||||
--footer-font-color: #ffffff;
|
||||
--footer-link-color: rgb(110, 168, 212);
|
||||
--footer-link-color-visited: rgb(186, 142, 240);
|
||||
}
|
||||
@media (prefers-color-scheme: dark) {
|
||||
:root {
|
||||
--header-background: #203554;
|
||||
--header-font-color: #ffffff;
|
||||
|
||||
--footer-background: #203554;
|
||||
--footer-font-color: #ffffff;
|
||||
--footer-link-color: rgb(110, 168, 212);
|
||||
--footer-link-color-visited: rgb(186, 142, 240);
|
||||
}
|
||||
}
|
BIN
docs/static/favicon/favicon-16x16.png
vendored
Normal file
After Width: | Height: | Size: 991 B |
BIN
docs/static/favicon/favicon-32x32.png
vendored
Normal file
After Width: | Height: | Size: 1.9 KiB |
BIN
docs/static/favicon/favicon.svg
vendored
Normal file
After Width: | Height: | Size: 15 KiB |
Before Width: | Height: | Size: 20 KiB After Width: | Height: | Size: 20 KiB |
Before Width: | Height: | Size: 31 KiB After Width: | Height: | Size: 31 KiB |
Before Width: | Height: | Size: 12 KiB After Width: | Height: | Size: 12 KiB |
3
docs/themes/hugo-geekdoc/.lycheeignore
vendored
Normal file
|
@ -0,0 +1,3 @@
|
|||
https://github.com/thegeeklab/.+/edit/main/.*
|
||||
https://unsplash.com.*
|
||||
https://www.color-hex.com.*
|
21
docs/themes/hugo-geekdoc/LICENSE
vendored
Normal file
|
@ -0,0 +1,21 @@
|
|||
MIT License
|
||||
|
||||
Copyright (c) 2022 Robert Kaussow <mail@thegeeklab.de>
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is furnished
|
||||
to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice (including the next
|
||||
paragraph) shall be included in all copies or substantial portions of the
|
||||
Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
||||
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS
|
||||
OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
|
||||
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
|
||||
OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
46
docs/themes/hugo-geekdoc/README.md
vendored
Normal file
|
@ -0,0 +1,46 @@
|
|||
# Geekdoc
|
||||
|
||||
[![Build Status](https://ci.thegeeklab.de/api/badges/thegeeklab/hugo-geekdoc/status.svg)](https://ci.thegeeklab.de/repos/thegeeklab/hugo-geekdoc)
|
||||
[![Hugo Version](https://img.shields.io/badge/hugo-0.112-blue.svg)](https://gohugo.io)
|
||||
[![GitHub release](https://img.shields.io/github/v/release/thegeeklab/hugo-geekdoc)](https://github.com/thegeeklab/hugo-geekdoc/releases/latest)
|
||||
[![GitHub contributors](https://img.shields.io/github/contributors/thegeeklab/hugo-geekdoc)](https://github.com/thegeeklab/hugo-geekdoc/graphs/contributors)
|
||||
[![License: MIT](https://img.shields.io/github/license/thegeeklab/hugo-geekdoc)](https://github.com/thegeeklab/hugo-geekdoc/blob/main/LICENSE)
|
||||
|
||||
Geekdoc is a simple Hugo theme for documentations. It is intentionally designed as a fast and lean theme and may not fit the requirements of complex projects. If a more feature-complete theme is required there are a lot of good alternatives out there. You can find a demo and the full documentation at [https://geekdocs.de](https://geekdocs.de).
|
||||
|
||||
![Desktop and mobile preview](https://raw.githubusercontent.com/thegeeklab/hugo-geekdoc/main/images/readme.png)
|
||||
|
||||
## Build and release process
|
||||
|
||||
This theme is subject to a CI driven build and release process common for software development. During the release build, all necessary assets are automatically built by [webpack](https://webpack.js.org/) and bundled in a release tarball. You can download the latest release from the GitHub [release page](https://github.com/thegeeklab/hugo-geekdoc/releases).
|
||||
|
||||
Due to the fact that `webpack` and `npm scripts` are used as pre-processors, the theme cannot be used from the main branch by default. If you want to use the theme from a cloned branch instead of a release tarball you'll need to install `webpack` locally and run the build script once to create all required assets.
|
||||
|
||||
```shell
|
||||
# install required packages from package.json
|
||||
npm install
|
||||
|
||||
# run the build script to build required assets
|
||||
npm run build
|
||||
|
||||
# build release tarball
|
||||
npm run pack
|
||||
```
|
||||
|
||||
See the [Getting Started Guide](https://geekdocs.de/usage/getting-started/) for details about the different setup options.
|
||||
|
||||
## Contributors
|
||||
|
||||
Special thanks to all [contributors](https://github.com/thegeeklab/hugo-geekdoc/graphs/contributors). If you would like to contribute, please see the [instructions](https://github.com/thegeeklab/hugo-geekdoc/blob/main/CONTRIBUTING.md).
|
||||
|
||||
Geekdoc is inspired and partially based on the [hugo-book](https://github.com/alex-shpak/hugo-book) theme, thanks [Alex Shpak](https://github.com/alex-shpak/) for your work.
|
||||
|
||||
## License
|
||||
|
||||
This project is licensed under the MIT License - see the [LICENSE](https://github.com/thegeeklab/hugo-geekdoc/blob/main/LICENSE) file for details.
|
||||
|
||||
The used SVG icons and generated icon fonts are licensed under the license of the respective icon pack:
|
||||
|
||||
- Font Awesome: [CC BY 4.0 License](https://github.com/FortAwesome/Font-Awesome#license)
|
||||
- IcoMoon Free Pack: [GPL/CC BY 4.0](https://icomoon.io/#icons-icomoon)
|
||||
- Material Icons: [Apache License 2.0](https://github.com/google/material-design-icons/blob/main/LICENSE)
|
1
docs/themes/hugo-geekdoc/VERSION
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
v0.41.2
|
7
docs/themes/hugo-geekdoc/archetypes/docs.md
vendored
Normal file
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
title: "{{ .Name | humanize | title }}"
|
||||
weight: 1
|
||||
# geekdocFlatSection: false
|
||||
# geekdocToc: 6
|
||||
# geekdocHidden: false
|
||||
---
|
4
docs/themes/hugo-geekdoc/archetypes/posts.md
vendored
Normal file
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
title: "{{ replace .Name "-" " " | title }}"
|
||||
date: {{ .Date }}
|
||||
---
|
8
docs/themes/hugo-geekdoc/assets/search/config.json
vendored
Normal file
|
@ -0,0 +1,8 @@
|
|||
{{- $searchDataFile := printf "search/%s.data.json" .Language.Lang -}}
|
||||
{{- $searchData := resources.Get "search/data.json" | resources.ExecuteAsTemplate $searchDataFile . | resources.Minify -}}
|
||||
{
|
||||
"dataFile": {{ $searchData.RelPermalink | jsonify }},
|
||||
"indexConfig": {{ .Site.Params.geekdocSearchConfig | jsonify }},
|
||||
"showParent": {{ if .Site.Params.geekdocSearchShowParent }}true{{ else }}false{{ end }},
|
||||
"showDescription": {{ if .Site.Params.geekdocSearchshowDescription }}true{{ else }}false{{ end }}
|
||||
}
|
13
docs/themes/hugo-geekdoc/assets/search/data.json
vendored
Normal file
|
@ -0,0 +1,13 @@
|
|||
[
|
||||
{{ range $index, $page := (where .Site.Pages "Params.geekdocProtected" "ne" true) }}
|
||||
{{ if ne $index 0 }},{{ end }}
|
||||
{
|
||||
"id": {{ $index }},
|
||||
"href": "{{ $page.RelPermalink }}",
|
||||
"title": {{ (partial "utils/title" $page) | jsonify }},
|
||||
"parent": {{ with $page.Parent }}{{ (partial "utils/title" .) | jsonify }}{{ else }}""{{ end }},
|
||||
"content": {{ $page.Plain | jsonify }},
|
||||
"description": {{ $page.Summary | plainify | jsonify }}
|
||||
}
|
||||
{{ end }}
|
||||
]
|
1
docs/themes/hugo-geekdoc/assets/sprites/geekdoc.svg
vendored
Normal file
After Width: | Height: | Size: 22 KiB |
158
docs/themes/hugo-geekdoc/data/assets.json
vendored
Normal file
|
@ -0,0 +1,158 @@
|
|||
{
|
||||
"main.js": {
|
||||
"src": "js/main-924a1933.bundle.min.js",
|
||||
"integrity": "sha512-0QF6awwW0WbBo491yytmULiHrc9gx94bloJ9MSXIvdJh3YHWw7CWyeX2YXu0rzOQefJp4jW/I6ZjUDYpNVFhdA=="
|
||||
},
|
||||
"colortheme.js": {
|
||||
"src": "js/colortheme-d3e4d351.bundle.min.js",
|
||||
"integrity": "sha512-HpQogL/VeKqG/v1qYOfJOgFUzBnQvW4yO4tAJO+54IiwbLbB9feROdeaYf7dpO6o5tSHsSZhaYLhtLMRlEgpJQ=="
|
||||
},
|
||||
"mermaid.js": {
|
||||
"src": "js/mermaid-19cc0b12.bundle.min.js",
|
||||
"integrity": "sha512-EP8Ggw4/AoLCR9N2U4AOherShR6hKWYpKaC0Q/LwKR5wjH8x5Z0v0VL0S5x67X3AWUvR2aMO0IOc0Bo1xu4qmQ=="
|
||||
},
|
||||
"katex.js": {
|
||||
"src": "js/katex-373b7f53.bundle.min.js",
|
||||
"integrity": "sha512-k7PGb4UsYurOXnDJtwuPOhS6OgcI7PVrCZZT3h79JVH8KEcNzzsmzoAWMOaTeIFP79JnpYtZhaBBwEMNk4MlFw=="
|
||||
},
|
||||
"search.js": {
|
||||
"src": "js/search-9719be99.bundle.min.js",
|
||||
"integrity": "sha512-/7NZxFUEbalC/8RKDgfAsHFDI42/Ydp33uJmCLckZgnO+kuz9LrTfmPFfVJxPJ31StMxa3MTQ5Jq049CmNK4pw=="
|
||||
},
|
||||
"js/637-687440a7.chunk.min.js": {
|
||||
"src": "js/637-687440a7.chunk.min.js",
|
||||
"integrity": "sha512-fWyOGUUaxBiYIZoJ2R1FPhLRt/cC9prL1bsVuETWBjT1QpS6ebmmzMaYnKBPOpw56VqdlErWJuWe2GGxYJq3gA=="
|
||||
},
|
||||
"js/116-831698f6.chunk.min.js": {
|
||||
"src": "js/116-831698f6.chunk.min.js",
|
||||
"integrity": "sha512-ecC9DggU9rDmnERLt6l5lXnDir+fYAXDhA8r+o+LCML/C64QPvq3Uea+oNwN00hXbXa1f5c/tjICeJZyXu9Dqg=="
|
||||
},
|
||||
"js/425-a8288851.chunk.min.js": {
|
||||
"src": "js/425-a8288851.chunk.min.js",
|
||||
"integrity": "sha512-JcFSthlEXIsUdEtbQlAQp71m1GMurzdmPZN+J2/PTyMGgv/QBN8OX8TZQVouAPMY3rMirjB9gxhyNyxCZ0/IUQ=="
|
||||
},
|
||||
"js/869-1a62f06a.chunk.min.js": {
|
||||
"src": "js/869-1a62f06a.chunk.min.js",
|
||||
"integrity": "sha512-9GtubjugiKpB6oP+I13znOYnCGzMWkywSjO7PC/cTZ8BfK4amSwC6i+vCKVCnTrhpoUtFtzybF0d+dDsOqpO/g=="
|
||||
},
|
||||
"js/626-ec18a767.chunk.min.js": {
|
||||
"src": "js/626-ec18a767.chunk.min.js",
|
||||
"integrity": "sha512-plFEM+MV7s8fGxmB4fXdkDYK2URbdL7D0r0eKSsdBW+Z3PvfQOaW7OuoA5oUpGBZyd2wN1zpxTwqHC3WPbluLA=="
|
||||
},
|
||||
"js/305-02bced6e.chunk.min.js": {
|
||||
"src": "js/305-02bced6e.chunk.min.js",
|
||||
"integrity": "sha512-omqkH+cRXCbA6ax452pYFTBvqT895kBCycglJaYQxoB646IPcz2IHiIIWhWsEU7eVy4cy7eA+dQ4tgWG+JbGOQ=="
|
||||
},
|
||||
"js/86-841830e3.chunk.min.js": {
|
||||
"src": "js/86-841830e3.chunk.min.js",
|
||||
"integrity": "sha512-j4o/ljne580vctbO1z6GWwVFvaC3m6VpLTnyWIvE9Dd3PURujWHnWReNLclxcnlt5PK9Ohv4W8q3aEOKfUdJkw=="
|
||||
},
|
||||
"js/554-980b1ae9.chunk.min.js": {
|
||||
"src": "js/554-980b1ae9.chunk.min.js",
|
||||
"integrity": "sha512-9oVYpFOErj3ttWPhB/FvJwhijnezxV2mOKoTAT5+S1QQVAsSACgxnxG1VtjvyuSyCn0HD7l1dS054fP0yxQ9Dg=="
|
||||
},
|
||||
"js/693-2124948a.chunk.min.js": {
|
||||
"src": "js/693-2124948a.chunk.min.js",
|
||||
"integrity": "sha512-Ko3GXiQtfF28e9Omm4ypj+p+ykT5Uc1s8PxodgWV+N9h68t+QnTLJ3PghxWW3YqCrTyMkqpg+U3hkyFxotqnBA=="
|
||||
},
|
||||
"js/875-0cc44212.chunk.min.js": {
|
||||
"src": "js/875-0cc44212.chunk.min.js",
|
||||
"integrity": "sha512-600TvjSLQ2arsupduQSwNsOZIdp2xUnLsqUL0n9gVxdkvdFCYANyjORkO/a0knUzzNGv3oZqE9dqtEJSY7hLJw=="
|
||||
},
|
||||
"js/69-06c8b62f.chunk.min.js": {
|
||||
"src": "js/69-06c8b62f.chunk.min.js",
|
||||
"integrity": "sha512-UDuWdgHzd+HSXjzw8xnjYxxZOw2zJXWrL1Zo7oadh7n6TpxFAGDunn6EDYf2KFmcjVcC4QlqJrdWtoJVcUwr/w=="
|
||||
},
|
||||
"js/841-54550e4a.chunk.min.js": {
|
||||
"src": "js/841-54550e4a.chunk.min.js",
|
||||
"integrity": "sha512-aI+ntywFR8QzYpRGYsSGxqanSDnuXDuLAJA1Gbt5gFajjUxIBJV8qjgTLA7FIwp2icE4bqGGqxiNVA1iHTOSIA=="
|
||||
},
|
||||
"js/770-c8f14079.chunk.min.js": {
|
||||
"src": "js/770-c8f14079.chunk.min.js",
|
||||
"integrity": "sha512-DIFMhxj0xWxZzYBrVJbKhdM9pgk6sldGU7ZwItTZOHRRUnZ6t9szP06NTyj+u8yGZsdYNs2pZ8BE11z73IE70w=="
|
||||
},
|
||||
"js/411-d351386b.chunk.min.js": {
|
||||
"src": "js/411-d351386b.chunk.min.js",
|
||||
"integrity": "sha512-9o8/PabGB1IvJ1gotEkTK1PVxl0Dlx2fgWnOlZW1e9PEKDJJA678o3YMjmxurllubPC0i4XOkvvAvY1UUc5V4A=="
|
||||
},
|
||||
"js/31-228682ad.chunk.min.js": {
|
||||
"src": "js/31-228682ad.chunk.min.js",
|
||||
"integrity": "sha512-ipfn94AWwvQA5I4ybx5fe+VJSKT27ltpG0srqabFrj0IYIZ3RCFctWNqllDGhCIuVMgbiNHCjinxdA8NpaiPPw=="
|
||||
},
|
||||
"js/206-99fce408.chunk.min.js": {
|
||||
"src": "js/206-99fce408.chunk.min.js",
|
||||
"integrity": "sha512-sVuoOJUKhvA96dAxr0ZO7x5xmz25WE9Khnp+SB4F5vWL+J+dAvE2SXZ8irLWhS5u32tRjOjCeFZhyXpI47PlGQ=="
|
||||
},
|
||||
"js/284-e80fd0b5.chunk.min.js": {
|
||||
"src": "js/284-e80fd0b5.chunk.min.js",
|
||||
"integrity": "sha512-dwNdk1Jto6A4Ht/60GMUMarGkFKRTWiqxh+gM3YqjL7b2N/y0xut6op5EESN0gyfQL7xk4pgFowyMyS0rJPcRw=="
|
||||
},
|
||||
"js/764-e8ff889e.chunk.min.js": {
|
||||
"src": "js/764-e8ff889e.chunk.min.js",
|
||||
"integrity": "sha512-S94wRBs5tuMiknLYIobCoDPvnEquE9hmtjlw2m/yYAJJRaiTlCpl/neWfGoW3Eroz9uWdfrJta5piUSf3ggGVA=="
|
||||
},
|
||||
"js/366-23e20231.chunk.min.js": {
|
||||
"src": "js/366-23e20231.chunk.min.js",
|
||||
"integrity": "sha512-ZdFzJKlkluOGBZbidVvAFoh/4EK1z5q0kCYzWpXxof3aNUkIEawQhqHwnyEluGqNTZK3WCipT9UifauPLli6Dg=="
|
||||
},
|
||||
"js/68-408c048c.chunk.min.js": {
|
||||
"src": "js/68-408c048c.chunk.min.js",
|
||||
"integrity": "sha512-2x0FedDuG88J3visHLYeCd7iys7rXnCes0gAZ3ROc5hiKPgbYZBDW4sCUe9MhUC5YpWa3C0gLWqXW+hG2zLZew=="
|
||||
},
|
||||
"js/254-84661edf.chunk.min.js": {
|
||||
"src": "js/254-84661edf.chunk.min.js",
|
||||
"integrity": "sha512-JPsK+gAw8vXehHfD4LWUaCx3rW7NaPDXxSwnpQURaFKWUVIxDzKr3mFv3r4mfSyY67qIAVOx2b4NvAzhuZs34Q=="
|
||||
},
|
||||
"js/791-515d9e3a.chunk.min.js": {
|
||||
"src": "js/791-515d9e3a.chunk.min.js",
|
||||
"integrity": "sha512-5AetU1QSQjqq3J5BHmkLLshpfFzrCsprDszxddeMdk9peRN0Q+vu0pCMGzONBm7y/2IrZoSg4soEO0zVcPLc9w=="
|
||||
},
|
||||
"js/771-942a62df.chunk.min.js": {
|
||||
"src": "js/771-942a62df.chunk.min.js",
|
||||
"integrity": "sha512-8WfA8U1Udlfa6uWAYbdNKJzjlJ91qZ0ZhC+ldKdhghUgilxqA6UmZxHFKGRDQydjOFDk828O28XVmZU2IEvckA=="
|
||||
},
|
||||
"js/27-3c59de1a.chunk.min.js": {
|
||||
"src": "js/27-3c59de1a.chunk.min.js",
|
||||
"integrity": "sha512-dBBUvtlEcEY4UQSXNBpanCV1oMlEDMH4vHvACVUzG0c2Mbb9RHM8sTNSLnu+RvHvUCInCO3LbbUm3Cp2Re0eVg=="
|
||||
},
|
||||
"js/580-fabed2ac.chunk.min.js": {
|
||||
"src": "js/580-fabed2ac.chunk.min.js",
|
||||
"integrity": "sha512-L70er+tQ1Sy3yLwOKjGWDlqOtBGykeQO2F3EQzaiMgSb1qBKlrYYK7XnbI5w0qYtvYDvPmE1aflHAlrDMB6Njg=="
|
||||
},
|
||||
"js/644-a3e6d7ca.chunk.min.js": {
|
||||
"src": "js/644-a3e6d7ca.chunk.min.js",
|
||||
"integrity": "sha512-Qnwma/kO7a1x3UQXPSvKog3gI4S0H1zBy1MaQRDqpBLSEONhSdzr5gVwIqORF0sBPXAA5pPcGzHhkn83rqBviw=="
|
||||
},
|
||||
"js/320-1804d5a1.chunk.min.js": {
|
||||
"src": "js/320-1804d5a1.chunk.min.js",
|
||||
"integrity": "sha512-Srm5Oc13M8J2BystZLBh0VQqzsZnmuO5pi1/oSlmF8vp7poUUnMrnBf1QfrmsYIbFhYP7waiAm3X0s/IdTsJ6Q=="
|
||||
},
|
||||
"js/281-18063325.chunk.min.js": {
|
||||
"src": "js/281-18063325.chunk.min.js",
|
||||
"integrity": "sha512-YYPVu/iwpjYksSAqpWi1fqS29eLndA/TgC7dcSWuOe74+MKrBiGKSMbNzwUpTEV44KOKm6qZCnqjPnxReJuq5w=="
|
||||
},
|
||||
"js/990-52a18bdc.chunk.min.js": {
|
||||
"src": "js/990-52a18bdc.chunk.min.js",
|
||||
"integrity": "sha512-EuVHE1vNrU9XWjPOiLMBKKDTePuW4jYhguSruI3j2/J6mB3LQB8vSe6kKRQuHGRKYmX3gY2sDdAgFtCsCjm4vQ=="
|
||||
},
|
||||
"main.scss": {
|
||||
"src": "main-252d384c.min.css",
|
||||
"integrity": "sha512-WiV7BVk76Yp0EACJrwdWDk7+WNa+Jyiupi9aCKFrzZyiKkXk7BH+PL2IJcuDQpCMtMBFJEgen2fpKu9ExjjrUQ=="
|
||||
},
|
||||
"katex.css": {
|
||||
"src": "katex-1799419e.min.css",
|
||||
"integrity": "sha512-8rRve7ln2pKSPM7cASxirv/36DFCvY36b7sI40mS49nwsEPHsagrGiPzz1l24cpIQ9OvwfNAZmhoqjQLIrCTUg=="
|
||||
},
|
||||
"mobile.scss": {
|
||||
"src": "mobile-79ddc617.min.css",
|
||||
"integrity": "sha512-dzw2wMOouDwhSgstQKLbXD/vIqS48Ttc2IV6DeG7yam9yvKUuChJVaworzL8s2UoGMX4x2jEm50PjFJE4R4QWw=="
|
||||
},
|
||||
"print.scss": {
|
||||
"src": "print-735ccc12.min.css",
|
||||
"integrity": "sha512-c28KLNtBnKDW1+/bNWFhwuGBLw9octTXA2wnuaS2qlvpNFL0DytCapui9VM4YYkZg6e9TVp5LyuRQc2lTougDw=="
|
||||
},
|
||||
"custom.css": {
|
||||
"src": "custom.css",
|
||||
"integrity": "sha512-1kALo+zc1L2u1rvyxPIew+ZDPWhnIA1Ei2rib3eHHbskQW+EMxfI9Ayyva4aV+YRrHvH0zFxvPSFIuZ3mfsbRA=="
|
||||
}
|
||||
}
|
53
docs/themes/hugo-geekdoc/i18n/cs.yaml
vendored
Normal file
|
@ -0,0 +1,53 @@
|
|||
---
|
||||
edit_page: Upravit stránku
|
||||
|
||||
nav_navigation: Navigace
|
||||
nav_tags: Tagy
|
||||
nav_more: Více
|
||||
nav_top: Zpět nahoru
|
||||
|
||||
form_placeholder_search: Vyhledat
|
||||
|
||||
error_page_title: Ztracen? Nic se neděje
|
||||
error_message_title: Ztracen?
|
||||
error_message_code: Error 404
|
||||
error_message_text: >
|
||||
Vypadá to že stránka, kterou hledáte, neexistuje. Nemějte obavy, můžete
|
||||
se vrátit zpět na <a class="gdoc-error__link" href="{{ . }}">domovskou stránku</a>.
|
||||
|
||||
button_toggle_dark: Přepnout tmavý/světlý/automatický režim
|
||||
button_nav_open: Otevřít navigaci
|
||||
button_nav_close: Zavřít navigaci
|
||||
button_menu_open: Otevřít lištu nabídky
|
||||
button_menu_close: Zavřít lištu nabídky
|
||||
button_homepage: Zpět na domovskou stránku
|
||||
|
||||
title_anchor_prefix: "Odkaz na:"
|
||||
|
||||
posts_read_more: Přečíst celý příspěvek
|
||||
posts_read_time:
|
||||
one: "Doba čtení: 1 minuta"
|
||||
other: "Doba čtení: {{ . }} minut(y)"
|
||||
posts_update_prefix: Naposledy upraveno
|
||||
posts_count:
|
||||
one: "Jeden příspěvek"
|
||||
other: "Příspěvků: {{ . }}"
|
||||
posts_tagged_with: Všechny příspěvky označeny '{{ . }}'
|
||||
|
||||
footer_build_with: >
|
||||
Vytvořeno za pomocí <a href="https://gohugo.io/" class="gdoc-footer__link">Hugo</a> a
|
||||
<svg class="gdoc-icon gdoc_heart"><use xlink:href="#gdoc_heart"></use></svg>
|
||||
footer_legal_notice: Právní upozornění
|
||||
footer_privacy_policy: Zásady ochrany soukromí
|
||||
footer_content_license_prefix: >
|
||||
Obsah licencovaný pod
|
||||
|
||||
language_switch_no_tranlation_prefix: "Stránka není přeložena:"
|
||||
|
||||
propertylist_required: povinné
|
||||
propertylist_optional: volitené
|
||||
propertylist_default: výchozí
|
||||
|
||||
pagination_page_prev: předchozí
|
||||
pagination_page_next: další
|
||||
pagination_page_state: "{{ .PageNumber }}/{{ .TotalPages }}"
|
53
docs/themes/hugo-geekdoc/i18n/de.yaml
vendored
Normal file
|
@ -0,0 +1,53 @@
|
|||
---
|
||||
edit_page: Seite bearbeiten
|
||||
|
||||
nav_navigation: Navigation
|
||||
nav_tags: Tags
|
||||
nav_more: Weitere
|
||||
nav_top: Nach oben
|
||||
|
||||
form_placeholder_search: Suchen
|
||||
|
||||
error_page_title: Verlaufen? Keine Sorge
|
||||
error_message_title: Verlaufen?
|
||||
error_message_code: Fehler 404
|
||||
error_message_text: >
|
||||
Wir können die Seite nach der Du gesucht hast leider nicht finden. Keine Sorge,
|
||||
wir bringen Dich zurück zur <a class="gdoc-error__link" href="{{ . }}">Startseite</a>.
|
||||
|
||||
button_toggle_dark: Wechsel zwischen Dunkel/Hell/Auto Modus
|
||||
button_nav_open: Navigation öffnen
|
||||
button_nav_close: Navigation schließen
|
||||
button_menu_open: Menüband öffnen
|
||||
button_menu_close: Menüband schließen
|
||||
button_homepage: Zurück zur Startseite
|
||||
|
||||
title_anchor_prefix: "Link zu:"
|
||||
|
||||
posts_read_more: Ganzen Artikel lesen
|
||||
posts_read_time:
|
||||
one: "Eine Minute Lesedauer"
|
||||
other: "{{ . }} Minuten Lesedauer"
|
||||
posts_update_prefix: Aktualisiert am
|
||||
posts_count:
|
||||
one: "Ein Artikel"
|
||||
other: "{{ . }} Artikel"
|
||||
posts_tagged_with: Alle Artikel mit dem Tag '{{ . }}'
|
||||
|
||||
footer_build_with: >
|
||||
Entwickelt mit <a href="https://gohugo.io/" class="gdoc-footer__link">Hugo</a> und
|
||||
<svg class="gdoc-icon gdoc_heart"><use xlink:href="#gdoc_heart"></use></svg>
|
||||
footer_legal_notice: Impressum
|
||||
footer_privacy_policy: Datenschutzerklärung
|
||||
footer_content_license_prefix: >
|
||||
Inhalt lizensiert unter
|
||||
|
||||
language_switch_no_tranlation_prefix: "Seite nicht übersetzt:"
|
||||
|
||||
propertylist_required: erforderlich
|
||||
propertylist_optional: optional
|
||||
propertylist_default: Standardwert
|
||||
|
||||
pagination_page_prev: vorher
|
||||
pagination_page_next: weiter
|
||||
pagination_page_state: "{{ .PageNumber }}/{{ .TotalPages }}"
|
53
docs/themes/hugo-geekdoc/i18n/en.yaml
vendored
Normal file
|
@ -0,0 +1,53 @@
|
|||
---
|
||||
edit_page: Edit page
|
||||
|
||||
nav_navigation: Navigation
|
||||
nav_tags: Tags
|
||||
nav_more: More
|
||||
nav_top: Back to top
|
||||
|
||||
form_placeholder_search: Search
|
||||
|
||||
error_page_title: Lost? Don't worry
|
||||
error_message_title: Lost?
|
||||
error_message_code: Error 404
|
||||
error_message_text: >
|
||||
Seems like what you are looking for can't be found. Don't worry, we can
|
||||
bring you back to the <a class="gdoc-error__link" href="{{ . }}">homepage</a>.
|
||||
|
||||
button_toggle_dark: Toggle Dark/Light/Auto mode
|
||||
button_nav_open: Open Navigation
|
||||
button_nav_close: Close Navigation
|
||||
button_menu_open: Open Menu Bar
|
||||
button_menu_close: Close Menu Bar
|
||||
button_homepage: Back to homepage
|
||||
|
||||
title_anchor_prefix: "Anchor to:"
|
||||
|
||||
posts_read_more: Read full post
|
||||
posts_read_time:
|
||||
one: "One minute to read"
|
||||
other: "{{ . }} minutes to read"
|
||||
posts_update_prefix: Updated on
|
||||
posts_count:
|
||||
one: "One post"
|
||||
other: "{{ . }} posts"
|
||||
posts_tagged_with: All posts tagged with '{{ . }}'
|
||||
|
||||
footer_build_with: >
|
||||
Built with <a href="https://gohugo.io/" class="gdoc-footer__link">Hugo</a> and
|
||||
<svg class="gdoc-icon gdoc_heart"><use xlink:href="#gdoc_heart"></use></svg>
|
||||
footer_legal_notice: Legal Notice
|
||||
footer_privacy_policy: Privacy Policy
|
||||
footer_content_license_prefix: >
|
||||
Content licensed under
|
||||
|
||||
language_switch_no_tranlation_prefix: "Page not translated:"
|
||||
|
||||
propertylist_required: required
|
||||
propertylist_optional: optional
|
||||
propertylist_default: default
|
||||
|
||||
pagination_page_prev: prev
|
||||
pagination_page_next: next
|
||||
pagination_page_state: "{{ .PageNumber }}/{{ .TotalPages }}"
|
53
docs/themes/hugo-geekdoc/i18n/es.yaml
vendored
Normal file
|
@ -0,0 +1,53 @@
|
|||
---
|
||||
edit_page: Editar página
|
||||
|
||||
nav_navigation: Navegación
|
||||
nav_tags: Etiquetas
|
||||
nav_more: Más
|
||||
nav_top: Inicio de la página
|
||||
|
||||
form_placeholder_search: Buscar
|
||||
|
||||
error_page_title: Perdido? No te preocupes
|
||||
error_message_title: Perdido?
|
||||
error_message_code: Error 404
|
||||
error_message_text: >
|
||||
Al parecer, lo que estás buscando no pudo ser encontrado. No te preocupes, podemos
|
||||
llevarte de vuelta al <a class="gdoc-error__link" href="{{ . }}">inicio</a>.
|
||||
|
||||
button_toggle_dark: Cambiar el modo Oscuro/Claro/Auto
|
||||
button_nav_open: Abrir la Navegación
|
||||
button_nav_close: Cerrar la Navegación
|
||||
button_menu_open: Abrir el Menú Bar
|
||||
button_menu_close: Cerrar el Menú Bar
|
||||
button_homepage: Volver al Inicio
|
||||
|
||||
title_anchor_prefix: "Anclado a:"
|
||||
|
||||
posts_read_more: Lee la publicación completa
|
||||
posts_read_time:
|
||||
one: "Un minuto para leer"
|
||||
other: "{{ . }} minutos para leer"
|
||||
posts_update_prefix: Actualizado en
|
||||
posts_count:
|
||||
one: "Una publicación"
|
||||
other: "{{ . }} publicaciones"
|
||||
posts_tagged_with: Todas las publicaciones etiquetadas con '{{ . }}'
|
||||
|
||||
footer_build_with: >
|
||||
Creado con <a href="https://gohugo.io/" class="gdoc-footer__link">Hugo</a> y
|
||||
<svg class="gdoc-icon gdoc_heart"><use xlink:href="#gdoc_heart"></use></svg>
|
||||
footer_legal_notice: Aviso Legal
|
||||
footer_privacy_policy: Política de Privacidad
|
||||
footer_content_license_prefix: >
|
||||
Contenido licenciado con
|
||||
|
||||
language_switch_no_tranlation_prefix: "Página no traducida:"
|
||||
|
||||
propertylist_required: requerido
|
||||
propertylist_optional: opcional
|
||||
propertylist_default: estándar
|
||||
|
||||
pagination_page_prev: previo
|
||||
pagination_page_next: siguiente
|
||||
pagination_page_state: "{{ .PageNumber }}/{{ .TotalPages }}"
|
53
docs/themes/hugo-geekdoc/i18n/it.yaml
vendored
Normal file
|
@ -0,0 +1,53 @@
|
|||
---
|
||||
edit_page: Modifica la pagina
|
||||
|
||||
nav_navigation: Navigazione
|
||||
nav_tags: Etichette
|
||||
nav_more: Altro
|
||||
nav_top: Torna su
|
||||
|
||||
form_placeholder_search: Cerca
|
||||
|
||||
error_page_title: Perso? Non ti preoccupare
|
||||
error_message_title: Perso?
|
||||
error_message_code: Errore 404
|
||||
error_message_text: >
|
||||
Sembra che non sia possibile trovare quello che stavi cercando. Non ti preoccupare,
|
||||
possiamo riportarti alla <a class="gdoc-error__link" href="{{ . }}">pagina iniziale</a>.
|
||||
|
||||
button_toggle_dark: Seleziona il tema Chiaro/Scuro/Automatico
|
||||
button_nav_open: Apri la Navigazione
|
||||
button_nav_close: Chiudi la Navigazione
|
||||
button_menu_open: Apri la Barra del Menu
|
||||
button_menu_close: Chiudi la Barra del Menu
|
||||
button_homepage: Torna alla pagina iniziale
|
||||
|
||||
title_anchor_prefix: "Ancora a:"
|
||||
|
||||
posts_read_more: Leggi tutto il post
|
||||
posts_read_time:
|
||||
one: "Tempo di lettura: un minuto"
|
||||
other: "Tempo di lettura: {{ . }} minuti"
|
||||
posts_update_prefix: Aggiornato il
|
||||
posts_count:
|
||||
one: "Un post"
|
||||
other: "{{ . }} post"
|
||||
posts_tagged_with: Tutti i post etichettati con '{{ . }}'
|
||||
|
||||
footer_build_with: >
|
||||
Realizzato con <a href="https://gohugo.io/" class="gdoc-footer__link">Hugo</a> e
|
||||
<svg class="gdoc-icon gdoc_heart"><use xlink:href="#gdoc_heart"></use></svg>
|
||||
footer_legal_notice: Avviso Legale
|
||||
footer_privacy_policy: Politica sulla Privacy
|
||||
footer_content_license_prefix: >
|
||||
Contenuto sotto licenza
|
||||
|
||||
language_switch_no_tranlation_prefix: "Pagina non tradotta:"
|
||||
|
||||
propertylist_required: richiesto
|
||||
propertylist_optional: opzionale
|
||||
propertylist_default: valore predefinito
|
||||
|
||||
pagination_page_prev: precedente
|
||||
pagination_page_next: prossimo
|
||||
pagination_page_state: "{{ .PageNumber }}/{{ .TotalPages }}"
|
53
docs/themes/hugo-geekdoc/i18n/ja.yaml
vendored
Normal file
|
@ -0,0 +1,53 @@
|
|||
---
|
||||
edit_page: ページの編集
|
||||
|
||||
nav_navigation: ナビゲーション
|
||||
nav_tags: タグ
|
||||
nav_more: さらに
|
||||
nav_top: トップへ戻る
|
||||
|
||||
form_placeholder_search: 検索
|
||||
|
||||
error_page_title: お困りですか?ご心配なく
|
||||
error_message_title: お困りですか?
|
||||
error_message_code: 404 エラー
|
||||
error_message_text: >
|
||||
お探しのものが見つからないようです。<a class="gdoc-error__link" href="{{ . }}">トップページ</a>
|
||||
へ戻ることができるので、ご安心ください。
|
||||
|
||||
button_toggle_dark: モードの切替 ダーク/ライト/自動
|
||||
button_nav_open: ナビゲーションを開く
|
||||
button_nav_close: ナビゲーションを閉じる
|
||||
button_menu_open: メニューバーを開く
|
||||
button_menu_close: メニューバーを閉じる
|
||||
button_homepage: トップページへ戻る
|
||||
|
||||
title_anchor_prefix: "アンカー先:"
|
||||
|
||||
posts_read_more: 全投稿を閲覧
|
||||
posts_read_time:
|
||||
one: "読むのに 1 分かかります"
|
||||
other: "読むのに要する時間 {{ . }} (分)"
|
||||
posts_update_prefix: 更新時刻
|
||||
posts_count:
|
||||
one: "一件の投稿"
|
||||
other: "{{ . }} 件の投稿"
|
||||
posts_tagged_with: "'{{ . }}'のタグが付いた記事全部"
|
||||
|
||||
footer_build_with: >
|
||||
<a href="https://gohugo.io/" class="gdoc-footer__link">Hugo</a> でビルドしています。
|
||||
<svg class="gdoc-icon gdoc_heart"><use xlink:href="#gdoc_heart"></use></svg>
|
||||
footer_legal_notice: 法的な告知事項
|
||||
footer_privacy_policy: プライバシーポリシー
|
||||
footer_content_license_prefix: >
|
||||
提供するコンテンツのライセンス
|
||||
|
||||
language_switch_no_tranlation_prefix: "未翻訳のページ:"
|
||||
|
||||
propertylist_required: 必須
|
||||
propertylist_optional: 任意
|
||||
propertylist_default: 既定値
|
||||
|
||||
pagination_page_prev: 前
|
||||
pagination_page_next: 次
|
||||
pagination_page_state: "{{ .PageNumber }}/{{ .TotalPages }}"
|
53
docs/themes/hugo-geekdoc/i18n/nl.yaml
vendored
Normal file
|
@ -0,0 +1,53 @@
|
|||
---
|
||||
edit_page: Wijzig pagina
|
||||
|
||||
nav_navigation: Navigatie
|
||||
nav_tags: Markering
|
||||
nav_more: Meer
|
||||
nav_top: Terug naar boven
|
||||
|
||||
form_placeholder_search: Zoek
|
||||
|
||||
error_page_title: Verdwaald? Geen probleem
|
||||
error_message_title: Verdwaald?
|
||||
error_message_code: Error 404
|
||||
error_message_text: >
|
||||
Het lijkt er op dat wat je zoekt niet gevonden kan worden. Geen probleem,
|
||||
we kunnen je terug naar de <a class="gdoc-error__link" href="{{ . }}">startpagina</a> brengen.
|
||||
|
||||
button_toggle_dark: Wijzig Donker/Licht/Auto weergave
|
||||
button_nav_open: Open navigatie
|
||||
button_nav_close: Sluit navigatie
|
||||
button_menu_open: Open menubalk
|
||||
button_menu_close: Sluit menubalk
|
||||
button_homepage: Terug naar startpagina
|
||||
|
||||
title_anchor_prefix: "Link naar:"
|
||||
|
||||
posts_read_more: Lees volledige bericht
|
||||
posts_read_time:
|
||||
one: "Een minuut leestijd"
|
||||
other: "{{ . }} minuten leestijd"
|
||||
posts_update_prefix: Bijgewerkt op
|
||||
posts_count:
|
||||
one: "Een bericht"
|
||||
other: "{{ . }} berichten"
|
||||
posts_tagged_with: Alle berichten gemarkeerd met '{{ . }}'
|
||||
|
||||
footer_build_with: >
|
||||
Gebouwd met <a href="https://gohugo.io/" class="gdoc-footer__link">Hugo</a> en
|
||||
<svg class="gdoc-icon gdoc_heart"><use xlink:href="#gdoc_heart"></use></svg>
|
||||
footer_legal_notice: Juridische mededeling
|
||||
footer_privacy_policy: Privacybeleid
|
||||
footer_content_license_prefix: >
|
||||
Inhoud gelicenseerd onder
|
||||
|
||||
language_switch_no_tranlation_prefix: "Pagina niet vertaald:"
|
||||
|
||||
propertylist_required: verplicht
|
||||
propertylist_optional: optioneel
|
||||
propertylist_default: standaard
|
||||
|
||||
pagination_page_prev: vorige
|
||||
pagination_page_next: volgende
|
||||
pagination_page_state: "{{ .PageNumber }}/{{ .TotalPages }}"
|
53
docs/themes/hugo-geekdoc/i18n/zh-cn.yaml
vendored
Normal file
|
@ -0,0 +1,53 @@
|
|||
---
|
||||
edit_page: 编辑页面
|
||||
|
||||
nav_navigation: 导航
|
||||
nav_tags: 标签
|
||||
nav_more: 更多
|
||||
nav_top: 回到顶部
|
||||
|
||||
form_placeholder_search: 搜索
|
||||
|
||||
error_page_title: 迷路了? 不用担心
|
||||
error_message_title: 迷路了?
|
||||
error_message_code: 错误 404
|
||||
error_message_text: >
|
||||
好像找不到你要找的东西。 别担心,我们可以
|
||||
带您回到<a class="gdoc-error__link" href="{{ . }}">主页</a>。
|
||||
|
||||
button_toggle_dark: 切换暗/亮/自动模式
|
||||
button_nav_open: 打开导航
|
||||
button_nav_close: 关闭导航
|
||||
button_menu_open: 打开菜单栏
|
||||
button_menu_close: 关闭菜单栏
|
||||
button_homepage: 返回首页
|
||||
|
||||
title_anchor_prefix: "锚定到:"
|
||||
|
||||
posts_read_more: 阅读全文
|
||||
posts_read_time:
|
||||
one: "一分钟阅读时间"
|
||||
other: "{{ . }} 分钟阅读时间"
|
||||
posts_update_prefix: 更新时间
|
||||
posts_count:
|
||||
one: 一篇文章
|
||||
other: "{{ . }} 个帖子"
|
||||
posts_tagged_with: 所有带有“{{ . }}”标签的帖子。
|
||||
|
||||
footer_build_with: >
|
||||
基于 <a href="https://gohugo.io/" class="gdoc-footer__link">Hugo</a>
|
||||
<svg class="gdoc-icon gdoc_heart"><use xlink:href="#gdoc_heart"></use></svg> 制作
|
||||
footer_legal_notice: "法律声明"
|
||||
footer_privacy_policy: "隐私政策"
|
||||
footer_content_license_prefix: >
|
||||
内容许可证
|
||||
|
||||
language_switch_no_tranlation_prefix: "页面未翻译:"
|
||||
|
||||
propertylist_required: 需要
|
||||
propertylist_optional: 可选
|
||||
propertylist_default: 默认值
|
||||
|
||||
pagination_page_prev: 以前
|
||||
pagination_page_next: 下一个
|
||||
pagination_page_state: "{{ .PageNumber }}/{{ .TotalPages }}"
|
BIN
docs/themes/hugo-geekdoc/images/readme.png
vendored
Normal file
After Width: | Height: | Size: 201 KiB |
BIN
docs/themes/hugo-geekdoc/images/screenshot.png
vendored
Normal file
After Width: | Height: | Size: 297 KiB |
BIN
docs/themes/hugo-geekdoc/images/tn.png
vendored
Normal file
After Width: | Height: | Size: 127 KiB |
40
docs/themes/hugo-geekdoc/layouts/404.html
vendored
Normal file
|
@ -0,0 +1,40 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="{{ .Site.Language.Lang }}">
|
||||
<head>
|
||||
{{ partial "head/meta" . }}
|
||||
<title>{{ i18n "error_page_title" }}</title>
|
||||
|
||||
{{ partial "head/favicons" . }}
|
||||
{{ partial "head/others" . }}
|
||||
</head>
|
||||
|
||||
<body>
|
||||
{{ partial "svg-icon-symbols" . }}
|
||||
|
||||
|
||||
<div class="wrapper">
|
||||
<input type="checkbox" class="hidden" id="menu-header-control" />
|
||||
|
||||
{{ partial "site-header" (dict "Root" . "MenuEnabled" false) }}
|
||||
|
||||
|
||||
<main class="gdoc-error flex-even">
|
||||
<div class="flex align-center justify-center">
|
||||
<div class="gdoc-error__icon">
|
||||
<svg class="gdoc-icon gdoc_cloud_off"><use xlink:href="#gdoc_cloud_off"></use></svg>
|
||||
</div>
|
||||
<div class="gdoc-error__message">
|
||||
<div class="gdoc-error__line gdoc-error__title">{{ i18n "error_message_title" }}</div>
|
||||
<div class="gdoc-error__line gdoc-error__code">{{ i18n "error_message_code" }}</div>
|
||||
<div class="gdoc-error__line gdoc-error__help">
|
||||
{{ i18n "error_message_text" .Site.BaseURL | safeHTML }}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</main>
|
||||
|
||||
{{ partial "site-footer" . }}
|
||||
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
11
docs/themes/hugo-geekdoc/layouts/_default/_markup/render-codeblock-mermaid.html
vendored
Normal file
|
@ -0,0 +1,11 @@
|
|||
<!-- prettier-ignore-start -->
|
||||
{{ if not (.Page.Scratch.Get "mermaid") }}
|
||||
<!-- Include mermaid only first time -->
|
||||
<script defer src="{{ index (index .Page.Site.Data.assets "mermaid.js") "src" | relURL }}"></script>
|
||||
{{ .Page.Scratch.Set "mermaid" true }}
|
||||
{{ end }}
|
||||
<!-- prettier-ignore-end -->
|
||||
|
||||
<pre class="gdoc-mermaid mermaid text-center">
|
||||
{{- .Inner -}}
|
||||
</pre>
|
27
docs/themes/hugo-geekdoc/layouts/_default/_markup/render-heading.html
vendored
Normal file
|
@ -0,0 +1,27 @@
|
|||
{{- $showAnchor := (and (default true .Page.Params.geekdocAnchor) (default true .Page.Site.Params.geekdocAnchor)) -}}
|
||||
|
||||
|
||||
<!-- prettier-ignore-start -->
|
||||
{{- if $showAnchor -}}
|
||||
<div class="flex align-center gdoc-page__anchorwrap">
|
||||
<h{{ .Level }} id="{{ .Anchor | safeURL }}" {{- with .Attributes.class }}
|
||||
class="{{ . }}"
|
||||
{{- end }}
|
||||
>
|
||||
{{ .Text | safeHTML }}
|
||||
</h{{ .Level }}>
|
||||
<a data-clipboard-text="{{ .Page.Permalink }}#{{ .Anchor | safeURL }}" class="gdoc-page__anchor clip flex align-center" title="{{ i18n "title_anchor_prefix" }} {{ .Text | safeHTML }}" aria-label="{{ i18n "title_anchor_prefix" }} {{ .Text | safeHTML }}" href="#{{ .Anchor | safeURL }}">
|
||||
<svg class="gdoc-icon gdoc_link"><use xlink:href="#gdoc_link"></use></svg>
|
||||
</a>
|
||||
</div>
|
||||
{{- else -}}
|
||||
<div class="gdoc-page__anchorwrap">
|
||||
<h{{ .Level }} id="{{ .Anchor | safeURL }}" {{- with .Attributes.class }}
|
||||
class="{{ . }}"
|
||||
{{- end }}
|
||||
>
|
||||
{{ .Text | safeHTML }}
|
||||
</h{{ .Level }}>
|
||||
</div>
|
||||
{{- end -}}
|
||||
<!-- prettier-ignore-end -->
|
6
docs/themes/hugo-geekdoc/layouts/_default/_markup/render-image.html
vendored
Normal file
|
@ -0,0 +1,6 @@
|
|||
<img
|
||||
src="{{ .Destination | safeURL }}"
|
||||
alt="{{ .Text }}"
|
||||
{{ with .Title }}title="{{ . }}"{{ end }}
|
||||
/>
|
||||
{{- /* Drop trailing newlines */ -}}
|
14
docs/themes/hugo-geekdoc/layouts/_default/_markup/render-link.html
vendored
Normal file
|
@ -0,0 +1,14 @@
|
|||
{{- $raw := or (hasPrefix .Text "<img") (hasPrefix .Text "<figure") -}}
|
||||
{{- $code := hasPrefix .Text "<code" -}}
|
||||
<a
|
||||
class="gdoc-markdown__link{{ if $raw -}}
|
||||
--raw
|
||||
{{- else if $code -}}
|
||||
--code
|
||||
{{- end }}"
|
||||
href="{{ .Destination | safeURL }}"
|
||||
{{- with .Title }}{{ printf "title=\"%s\"" . | safeHTMLAttr }}{{- end }}
|
||||
>
|
||||
{{- .Text | safeHTML -}}
|
||||
</a>
|
||||
{{- /* Drop trailing newlines */ -}}
|
60
docs/themes/hugo-geekdoc/layouts/_default/baseof.html
vendored
Normal file
|
@ -0,0 +1,60 @@
|
|||
<!DOCTYPE html>
|
||||
<html
|
||||
lang="{{ .Site.Language.Lang }}"
|
||||
class="color-toggle-hidden"
|
||||
{{ if default false .Site.Params.geekdocDarkModeCode }}code-theme="dark"{{ end }}
|
||||
>
|
||||
<head>
|
||||
{{ partial "head/meta" . }}
|
||||
<title>
|
||||
{{- if eq .Kind "home" -}}
|
||||
{{ .Site.Title }}
|
||||
{{- else -}}
|
||||
{{ printf "%s | %s" (partial "utils/title" .) .Site.Title }}
|
||||
{{- end -}}
|
||||
</title>
|
||||
|
||||
{{ partial "head/favicons" . }}
|
||||
{{ partial "head/rel-me" . }}
|
||||
{{ partial "head/microformats" . }}
|
||||
{{ partial "head/others" . }}
|
||||
{{ partial "head/custom" . }}
|
||||
</head>
|
||||
|
||||
<body itemscope itemtype="https://schema.org/WebPage">
|
||||
{{ partial "svg-icon-symbols" . }}
|
||||
|
||||
|
||||
<div
|
||||
class="wrapper {{ if default false .Site.Params.geekdocDarkModeDim }}dark-mode-dim{{ end }}"
|
||||
>
|
||||
<input type="checkbox" class="hidden" id="menu-control" />
|
||||
<input type="checkbox" class="hidden" id="menu-header-control" />
|
||||
{{ $navEnabled := default true .Page.Params.geekdocNav }}
|
||||
{{ partial "site-header" (dict "Root" . "MenuEnabled" $navEnabled) }}
|
||||
|
||||
|
||||
<main class="container flex flex-even">
|
||||
{{ if $navEnabled }}
|
||||
<aside class="gdoc-nav">
|
||||
{{ partial "menu" . }}
|
||||
</aside>
|
||||
{{ end }}
|
||||
|
||||
|
||||
<div class="gdoc-page">
|
||||
{{ template "main" . }}
|
||||
|
||||
|
||||
<div class="gdoc-page__footer flex flex-wrap justify-between">
|
||||
{{ partial "menu-nextprev" . }}
|
||||
</div>
|
||||
</div>
|
||||
</main>
|
||||
|
||||
{{ partial "site-footer" . }}
|
||||
</div>
|
||||
|
||||
{{ partial "foot" . }}
|
||||
</body>
|
||||
</html>
|
11
docs/themes/hugo-geekdoc/layouts/_default/list.html
vendored
Normal file
|
@ -0,0 +1,11 @@
|
|||
{{ define "main" }}
|
||||
{{ partial "page-header" . }}
|
||||
|
||||
|
||||
<article
|
||||
class="gdoc-markdown gdoc-markdown__align--{{ default "left" (.Page.Params.geekdocAlign | lower) }}"
|
||||
>
|
||||
<h1>{{ partial "utils/title" . }}</h1>
|
||||
{{ partial "utils/content" . }}
|
||||
</article>
|
||||
{{ end }}
|
11
docs/themes/hugo-geekdoc/layouts/_default/single.html
vendored
Normal file
|
@ -0,0 +1,11 @@
|
|||
{{ define "main" }}
|
||||
{{ partial "page-header" . }}
|
||||
|
||||
|
||||
<article
|
||||
class="gdoc-markdown gdoc-markdown__align--{{ default "left" (.Page.Params.geekdocAlign | lower) }}"
|
||||
>
|
||||
<h1>{{ partial "utils/title" . }}</h1>
|
||||
{{ partial "utils/content" . }}
|
||||
</article>
|
||||
{{ end }}
|
49
docs/themes/hugo-geekdoc/layouts/_default/taxonomy.html
vendored
Normal file
|
@ -0,0 +1,49 @@
|
|||
{{ define "main" }}
|
||||
{{ range .Paginator.Pages }}
|
||||
<article class="gdoc-post">
|
||||
<header class="gdoc-post__header">
|
||||
<h1 class="gdoc-post__title">
|
||||
<a href="{{ .RelPermalink }}">{{ partial "utils/title" . }}</a>
|
||||
</h1>
|
||||
</header>
|
||||
|
||||
<section class="gdoc-markdown">
|
||||
{{ .Summary }}
|
||||
</section>
|
||||
|
||||
<div class="gdoc-post__readmore">
|
||||
{{ if .Truncated }}
|
||||
<a
|
||||
class="flex-inline align-center fake-link"
|
||||
title="{{ i18n "posts_read_more" }}"
|
||||
href="{{ .RelPermalink }}"
|
||||
>
|
||||
{{ i18n "posts_read_more" }}
|
||||
<i class="gdoc-icon">gdoc_arrow_right_alt</i>
|
||||
</a>
|
||||
{{ end }}
|
||||
</div>
|
||||
|
||||
<footer class="gdoc-post__footer">
|
||||
<div class="flex flex-wrap align-center gdoc-post__meta">
|
||||
{{ partial "posts/metadata.html" . }}
|
||||
</div>
|
||||
</footer>
|
||||
</article>
|
||||
{{ end }}
|
||||
{{ partial "pagination.html" . }}
|
||||
{{ end }}
|
||||
|
||||
{{ define "post-tag" }}
|
||||
<span class="gdoc-post__tag">
|
||||
<span class="gdoc-button">
|
||||
<a
|
||||
class="gdoc-button__link"
|
||||
href="{{ .page.RelPermalink }}"
|
||||
title="{{ i18n "posts_tagged_with" .name }}"
|
||||
>
|
||||
{{ .name }}
|
||||
</a>
|
||||
</span>
|
||||
</span>
|
||||
{{ end }}
|
32
docs/themes/hugo-geekdoc/layouts/_default/terms.html
vendored
Normal file
|
@ -0,0 +1,32 @@
|
|||
{{ define "main" }}
|
||||
{{ range .Paginator.Pages.ByTitle }}
|
||||
<article class="gdoc-post">
|
||||
<header class="gdoc-post__header">
|
||||
<h1 class="gdoc-post__title">
|
||||
<a href="{{ .RelPermalink }}">{{ partial "utils/title" . }}</a>
|
||||
</h1>
|
||||
</header>
|
||||
|
||||
<footer class="gdoc-post__meta flex align-center">
|
||||
<span class="flex align-center no-wrap">
|
||||
{{ $pageCount := len .Pages }}
|
||||
<svg class="gdoc-icon gdoc_tag"><use xlink:href="#gdoc_tag"></use></svg>
|
||||
<span class="gdoc-post__tag">
|
||||
{{ i18n "posts_count" $pageCount }}
|
||||
</span>
|
||||
</span>
|
||||
|
||||
<span class="flex align-center no-wrap">
|
||||
<svg class="gdoc-icon gdoc_star"><use xlink:href="#gdoc_star"></use></svg>
|
||||
<span>
|
||||
{{ $latet := index .Pages.ByDate 0 }}
|
||||
{{ with $latet }}
|
||||
<a href="{{ .RelPermalink }}">{{ partial "utils/title" . }}</a>
|
||||
{{ end }}
|
||||
</span>
|
||||
</span>
|
||||
</footer>
|
||||
</article>
|
||||
{{ end }}
|
||||
{{ partial "pagination.html" . }}
|
||||
{{ end }}
|
6
docs/themes/hugo-geekdoc/layouts/partials/foot.html
vendored
Normal file
|
@ -0,0 +1,6 @@
|
|||
{{ if default true .Site.Params.geekdocSearch }}
|
||||
<script defer src="{{ index (index .Site.Data.assets "search.js") "src" | relURL }}"></script>
|
||||
{{- $searchConfigFile := printf "search/%s.config.json" .Language.Lang -}}
|
||||
{{- $searchConfig := resources.Get "search/config.json" | resources.ExecuteAsTemplate $searchConfigFile . | resources.Minify -}}
|
||||
{{- $searchConfig.Publish -}}
|
||||
{{ end }}
|
1
docs/themes/hugo-geekdoc/layouts/partials/head/custom.html
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
<!-- You can add custom elements to the page header here. -->
|
13
docs/themes/hugo-geekdoc/layouts/partials/head/favicons.html
vendored
Normal file
|
@ -0,0 +1,13 @@
|
|||
<link rel="icon" type="image/svg+xml" href="{{ "favicon/favicon.svg" | relURL }}" />
|
||||
<link
|
||||
rel="icon"
|
||||
type="image/png"
|
||||
sizes="32x32"
|
||||
href="{{ "favicon/favicon-32x32.png" | relURL }}"
|
||||
/>
|
||||
<link
|
||||
rel="icon"
|
||||
type="image/png"
|
||||
sizes="16x16"
|
||||
href="{{ "favicon/favicon-16x16.png" | relURL }}"
|
||||
/>
|