Skip to content

Docker — DevOps Guide

Architecture

The Docker registry consists of three containers:

  1. registry-docker-token-server — Custom Python token server validating against Authelia users
  2. registry-docker — Registry v3 API server
  3. registry-docker-ui — Joxit web UI (behind Authelia forward-auth)

Management

bash
cd /opt/services/registries

# Start/stop
task up:docker
task down:docker

# Logs
task logs:docker

# List images
task docker:catalog

# Regenerate service token
task docker:token:generate

Token Server

The custom token server authenticates podman login / docker login requests against Authelia's users_database.yml.

  • Source: docker/token-server/server.py
  • Config: Environment variables in compose file
  • Certs: docker/config/token-server-key.pem and token-server-cert.pem

Regenerate Certificates

bash
openssl req -x509 -newkey rsa:4096 -keyout docker/config/token-server-key.pem \
  -out docker/config/token-server-cert.pem -days 365 -nodes \
  -subj "/CN=registry-token-server"

# Generate JWKS
# ... (automated by token server)

task down:docker && task up:docker

Backup

bash
# Backup registry data
tar -czf docker-backup-$(date +%Y%m%d).tar.gz data/docker/registry/

Garbage Collection

Docker Registry v3 handles garbage collection via maintenance config in docker/config/registry.yml:

yaml
storage:
  maintenance:
    uploadpurging:
      enabled: true
      age: 168h
      interval: 24h

hochguertel.work Registry Platform