I have been working on improvement of existing CI/CD pipeline. were having some challenges like disk space, manage images and accessing data with docker registry server. I plan to use something else which could solve this issue, I came across the nice tool Portus docker registry. It has lots of features like Search for images, Image Favorites, LDAP authentication, Comment function to images etc.

Portus architecture and Component

Portus Architecture

Assumptions


Getting Started with Installation

The Setup

Download Portus Repository

mkdir -p /opt/apps/
git clone https://github.com/rahulinux/portus.git
cd portus/

Configure Secrets

You need to edit .env file and update following values:

MACHINE_FQDN=portus.example.local
# secret key is used for verifying the integrity of signed cookies.
# If you change this key, all old signed cookies will become invalid!
# Make sure the secret is at least 30 characters and all random,
# no regular words or you'll be exposed to dictionary attacks.
# secret can be generate using openssl rand -hex 64
SECRET_KEY_BASE=b494a25faa8d22e430e843e220e424e10ac84d2ce0e64231f5b636d21251eb6d267adb042ad5884cbff0f3891bcf911bdf8abb3ce719849ccda9a4889249e5c2
PORTUS_PASSWORD=12341234
DATABASE_PASSWORD=portus

Also update server_name FQDN in nginx/nginx.conf

Note: If you don’t have DNS, then you can add portus.example.local to /etc/hosts file, which will points to IPAddress where you are running portus container.

Configure certificates

If you have registered certificates, then you can simply store in ssl/portus.cert and ssl/portus.key

Or if you don’t have, then you can generate self sign certificates.

Start Portus

docker-compose up -d 
docker-compose logs -f # wait for finish db migration at first

Once it’s start all services, you can browse the https://portus.youdomain, first it will ask to create admin user and Configure the registry. Please note that you have to use same FQDN for adding registry in Poruts.

configure registry

Authentication and authorization

In Portus, Team exists as a group function that bundles each User. namespace means your project name where you are going to push/pull the images like portus.example.com/mynamespace/myimage:latest

by default each has access to their own namespace.

users-groups

There are three kinds of options for authorization to Namespace, and one of the following can be selected.

In addition, NameSpace allows flexible settings such as pull permission from Anonymous users, permission if logged in.

Audit

Audit log etc are also managed. It is a necessary function as a registry server used by a large number of people.

audit-logs

Vulnerability diagnosis

You can configure portus, to scan security vulnerabilities dignosis in images using CoreOS Clair.

Read more about this : http://port.us.org/features/6_security_scanning.html


For production setup, you can configure registry backend storage as S3, Amazon RDS as Database.

If you find any issue, please feel free to comment below :)

Updates

Error : Could not delete tag on the registry: end of file reached or peer cert: , #

Fix : Enable SSL in registry, you can find check box “Use SSL”