Docker — DevOps Guide
Architecture
The Docker registry consists of three containers:
- registry-docker-token-server — Custom Python token server validating against Authelia users
- registry-docker — Registry v3 API server
- registry-docker-ui — Joxit web UI (behind Authelia forward-auth)
Management
bash
cd /opt/services/registries
# Start/stop
task up:docker
task down:docker
# Logs
task logs:docker
# List images
task docker:catalog
# Regenerate service token
task docker:token:generateToken Server
The custom token server authenticates podman login / docker login requests against Authelia's users_database.yml.
- Source:
docker/token-server/server.py - Config: Environment variables in compose file
- Certs:
docker/config/token-server-key.pemandtoken-server-cert.pem
Regenerate Certificates
bash
openssl req -x509 -newkey rsa:4096 -keyout docker/config/token-server-key.pem \
-out docker/config/token-server-cert.pem -days 365 -nodes \
-subj "/CN=registry-token-server"
# Generate JWKS
# ... (automated by token server)
task down:docker && task up:dockerBackup
bash
# Backup registry data
tar -czf docker-backup-$(date +%Y%m%d).tar.gz data/docker/registry/Garbage Collection
Docker Registry v3 handles garbage collection via maintenance config in docker/config/registry.yml:
yaml
storage:
maintenance:
uploadpurging:
enabled: true
age: 168h
interval: 24h