What's on this Page
I have been working on improvement of existing CI/CD pipeline. were having some challenges like disk space, manage images and accessing data with docker registry server. I plan to use something else which could solve this issue, I came across the nice tool Portus docker registry. It has lots of features like Search for images, Image Favorites, LDAP authentication, Comment function to images etc.
Portus architecture and Component
- Portus : Portus is a WebUI, Rails application that performs authentication and authorization.
- MySQL : Portus image list, user · team · Registry · Namespace information etc. are held, you can use postgresql as database, but need to do some modification in image, default db is mariadb.
- Registry : this is a the container running the latest version of the Docker registry (aka distribution). It’s based on the official registry Docker image. In Production you can use backend storage to AWS S3 and Redis as cache, so disk space will never be an issue again.
- Crono : the crono process that keeps the data stored in the registry and in Portus’ DB in sync. like metadata such as the image list of Docker Registry to Portus by using the notification endpoint of Docker Registry.
- Nginx : Return static content as Nginx instead of Rails, Docker Registry and communication to Portus are separated according to request path and Field of SSL communication.
- Docker-engine is installed
- Docker compose is installed
- Certificates is created
Getting Started with Installation
- CentOS 7.4
- docker-engine 17.05.0
- docker-compose 1.16.1
- git (client)
Download Portus Repository
mkdir -p /opt/apps/ git clone https://github.com/rahulinux/portus.git cd portus/
You need to edit .env file and update following values:
MACHINE_FQDN=portus.example.local # secret key is used for verifying the integrity of signed cookies. # If you change this key, all old signed cookies will become invalid! # Make sure the secret is at least 30 characters and all random, # no regular words or you'll be exposed to dictionary attacks. # secret can be generate using openssl rand -hex 64 SECRET_KEY_BASE=b494a25faa8d22e430e843e220e424e10ac84d2ce0e64231f5b636d21251eb6d267adb042ad5884cbff0f3891bcf911bdf8abb3ce719849ccda9a4889249e5c2 PORTUS_PASSWORD=12341234 DATABASE_PASSWORD=portus
server_name FQDN in
Note: If you don’t have DNS, then you can add
/etc/hosts file, which will points to IPAddress where you are running portus container.
If you have registered certificates, then you can simply store in
Or if you don’t have, then you can generate self sign certificates.
docker-compose up -d docker-compose logs -f # wait for finish db migration at first
Once it’s start all services, you can browse the https://portus.youdomain, first it will ask to create admin user and Configure the registry. Please note that you have to use same FQDN for adding registry in Poruts.
Authentication and authorization
In Portus, Team exists as a group function that bundles each User. namespace means your project name where you are going to push/pull the images like
by default each has access to their own namespace.
There are three kinds of options for authorization to Namespace, and one of the following can be selected.
- Pull only available
- Push / Pull is possible
- Push / Pull is possible, the user can manage the Namespace
In addition, NameSpace allows flexible settings such as pull permission from Anonymous users, permission if logged in.
Audit log etc are also managed. It is a necessary function as a registry server used by a large number of people.
You can configure portus, to scan security vulnerabilities dignosis in images using CoreOS Clair.
Read more about this : http://port.us.org/features/6_security_scanning.html
For production setup, you can configure registry backend storage as S3, Amazon RDS as Database.
If you find any issue, please feel free to comment below :)
Error : Could not delete tag on the registry: end of file reached or peer cert: , #
Fix : Enable SSL in registry, you can find check box “Use SSL”