### Install and Configure Go using GVM Source: https://distribution.github.io/distribution/recipes/osx-setup-guide Installs Go version manager (gvm), installs a specific Go version, and sets it as the active version. Ensure gvm is installed before running. ```bash $ bash < <(curl -s -S -L https://raw.githubusercontent.com/moovweb/gvm/master/binscripts/gvm-installer) $ source ~/.gvm/scripts/gvm $ gvm install go1.4.2 $ gvm use go1.4.2 ``` -------------------------------- ### Run a local registry server Source: https://distribution.github.io/distribution/about/deploying Starts a Docker container for a local registry. Ensure Docker is installed on the host. This configuration is suitable for testing; production requires TLS and access control. ```bash $ docker run -d -p 5000:5000 --restart=always --name registry registry:3 ``` -------------------------------- ### Start Docker Compose Stack Source: https://distribution.github.io/distribution/recipes/nginx Starts the Nginx and registry services in detached mode. ```bash $ docker compose up -d ``` -------------------------------- ### Example Docker Distribution Event POST Request Source: https://distribution.github.io/distribution/about/notifications An example of a full POST request to a callback endpoint, demonstrating the event envelope structure with multiple events. Ensure the 'Content-Type' header matches the specified mediatype. ```http POST /callback HTTP/1.1 Host: application/vnd.docker.distribution.events.v2+json Authorization: Bearer Content-Type: application/vnd.docker.distribution.events.v2+json { "events": [ { "id": "asdf-asdf-asdf-asdf-0", "timestamp": "2006-01-02T15:04:05Z", "action": "push", "target": { "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "digest": "sha256:fea8895f450959fa676bcc1df0611ea93823a735a01205fd8622846041d0c7cf", "length": 1, "repository": "library/test", "url": "https://example.com/v2/library/test/manifests/sha256:c3b3692957d439ac1928219a83fac91e7bf96c153725526874673ae1f2023f8d5" }, "request": { "id": "asdfasdf", "addr": "client.local", "host": "registrycluster.local", "method": "PUT", "useragent": "test/0.1" }, "actor": { "name": "test-actor" }, "source": { "addr": "hostname.local:port" } }, { "id": "asdf-asdf-asdf-asdf-1", "timestamp": "2006-01-02T15:04:05Z", "action": "push", "target": { "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar", "digest": "sha256:c3b3692957d439ac1928219a83fac91e7bf96c153725526874673ae1f2023f8d5", "length": 2, "repository": "library/test", "url": "https://example.com/v2/library/test/blobs/sha256:c3b3692957d439ac1928219a83fac91e7bf96c153725526874673ae1f2023f8d5" }, "request": { "id": "asdfasdf", "addr": "client.local", "host": "registrycluster.local", "method": "PUT", "useragent": "test/0.1" }, "actor": { "name": "test-actor" }, "source": { "addr": "hostname.local:port" } }, { "id": "asdf-asdf-asdf-asdf-2", "timestamp": "2006-01-02T15:04:05Z", "action": "push", "target": { "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar", "digest": "sha256:c3b3692957d439ac1928219a83fac91e7bf96c153725526874673ae1f2023f8d5", "length": 3, "repository": "library/test", "url": "https://example.com/v2/library/test/blobs/sha256:c3b3692957d439ac1928219a83fac91e7bf96c153725526874673ae1f2023f8d5" }, "request": { "id": "asdfasdf", "addr": "client.local", "host": "registrycluster.local", "method": "PUT", "useragent": "test/0.1" }, "actor": { "name": "test-actor" }, "source": { "addr": "hostname.local:port" } } ] } ``` -------------------------------- ### Successful Upload Start Response Source: https://distribution.github.io/distribution/spec/api Returned after a successful POST request to start an upload. Includes the upload URL and other necessary headers for the next step. ```http 202 Accepted Location: /v2//blobs/uploads/ Range: bytes=0- Content-Length: 0 Docker-Upload-UUID: ``` -------------------------------- ### Start the Registry Source: https://distribution.github.io/distribution Starts a Docker container for the registry in detached mode, exposing port 5000. ```bash docker run -d -p 5000:5000 --name registry registry:3 ``` -------------------------------- ### Start registry with basic authentication Source: https://distribution.github.io/distribution/about/deploying Start the Docker registry container with basic authentication enabled using htpasswd. This command mounts the local auth directory and configures the registry to use the htpasswd file for authentication. ```bash $ docker run -d \ -p 5000:5000 \ --restart=always \ --name registry \ -v "$(pwd)"/auth:/auth \ -e "REGISTRY_AUTH=htpasswd" \ -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \ -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \ -v "$(pwd)"/certs:/certs \ -e "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt" \ -e "REGISTRY_HTTP_TLS_KEY=/certs/domain.key" \ registry:3 ``` -------------------------------- ### Setup Registry Configuration Source: https://distribution.github.io/distribution/recipes/osx-setup-guide Copies the default registry configuration file to a designated directory. Modify this file to change listening ports. ```bash $ mkdir /Users/Shared/Registry $ cp docs/content/recipes/osx/config.yml /Users/Shared/Registry/config.yml ``` -------------------------------- ### Start Docker Stack Source: https://distribution.github.io/distribution/recipes/apache Starts the Docker services defined in the docker-compose.yml file in detached mode. ```bash docker compose up -d ``` -------------------------------- ### Starting an Upload Source: https://distribution.github.io/distribution/spec/api Initiates the layer upload process by sending a POST request to the registry. This returns a URL for the subsequent upload steps. ```APIDOC ## POST /v2//blobs/uploads/ ### Description Starts a layer upload process. The registry service will return a URL to be used for the second step of the upload. ### Method POST ### Endpoint /v2//blobs/uploads/ ### Parameters #### Path Parameters - **name** (string) - Required - The image namespace under which the layer will be linked. ``` -------------------------------- ### Build Registry Binary Source: https://distribution.github.io/distribution/recipes/osx-setup-guide Compiles the registry binary using make and copies it to the system's executable path. Requires sudo privileges for installation. ```bash $ GOPATH=$(PWD)/Godeps/_workspace:$GOPATH make binaries $ sudo mkdir -p /usr/local/libexec $ sudo cp bin/registry /usr/local/libexec/registry ``` -------------------------------- ### Example Manifest List V2 Schema 2 Source: https://distribution.github.io/distribution/spec/manifest-v2-2 Demonstrates a manifest list pointing to image manifests for different platforms. Use this to represent multi-architecture images. ```json { "schemaVersion": 2, "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json", "manifests": [ { "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "digest": "sha256:e692418e4cbaf90ca69d05a66403747baa33ee08806650b51fab815ad7fc331f", "size": 7143, "platform": { "architecture": "ppc64le", "os": "linux" } }, { "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "digest": "sha256:5b0bcabd1ed22e9fb1310cf6c2dec7cdef19f0ad69efa1f392e94a4333501270", "size": 7682, "platform": { "architecture": "amd64", "os": "linux", "features": [ "sse4" ] } } ] } ``` -------------------------------- ### Configure Notification Endpoint Source: https://distribution.github.io/distribution/about/notifications Example configuration for setting up a notification endpoint with a URL, authorization header, timeout, and retry threshold. ```yaml notifications: endpoints: - name: alistener url: https://mylistener.example.com/event headers: Authorization: [Bearer ] timeout: 500ms threshold: 5 backoff: 1s ``` -------------------------------- ### Registry and Repository Middleware Example Source: https://distribution.github.io/distribution/about/configuration Configure custom middleware for registry and repository layers. Each middleware must implement the corresponding interface (e.g., distribution.Namespace). ```yaml middleware: registry: - name: ARegistryMiddleware options: foo: bar repository: - name: ARepositoryMiddleware options: foo: bar ``` -------------------------------- ### Podman Registry Creation and Systemd Generation Source: https://distribution.github.io/distribution/recipes/systemd Create a Podman container for the registry and generate its systemd service file. This setup uses socket activation for enhanced security and efficiency. ```bash podman create --name registry --network=none -v registry:/var/lib/registry registry:3 podman generate systemd --name --new registry > registry.service ``` -------------------------------- ### GET /v2/_catalog Source: https://distribution.github.io/distribution/spec/api Retrieve a sorted, json list of repositories available in the registry. ```APIDOC ## GET /v2/_catalog ### Description Retrieve a sorted, json list of repositories available in the registry. ### Method GET ### Endpoint /v2/_catalog ### Response #### Success Response (200) - **repositories** (array) - A sorted list of repository names. ``` -------------------------------- ### Registry Storage Configuration Source: https://distribution.github.io/distribution/about/configuration Example of a registry storage configuration in YAML format. This defines the filesystem storage backend and its root directory. ```yaml storage: filesystem: rootdirectory: /var/lib/registry ``` -------------------------------- ### Start Layer Upload POST Request Source: https://distribution.github.io/distribution/spec/api Initiates the layer upload process by sending a POST request to the registry service. This returns a URL for the subsequent data transfer step. ```http POST /v2//blobs/uploads/ ``` -------------------------------- ### Log in to the registry Source: https://distribution.github.io/distribution/about/deploying Log in to the Docker registry using the provided credentials. This command is used after starting the registry with basic authentication enabled. ```bash $ docker login myregistrydomain.com:5000 ``` -------------------------------- ### Getting a Token Source: https://distribution.github.io/distribution/spec/auth/oauth Details on how to obtain an access token using various grant types via the /token endpoint. ```APIDOC ## Getting a token POST /token ### Headers Content-Type: application/x-www-form-urlencoded ### Post parameters `grant_type` (REQUIRED) Type of grant used to get token. When getting a refresh token using credentials this type should be set to "password" and have the accompanying username and password parameters. Type "authorization_code" is reserved for future use for authenticating to an authorization server without having to send credentials directly from the client. When requesting an access token with a refresh token this should be set to "refresh_token". `service` (REQUIRED) The name of the service which hosts the resource to get access for. Refresh tokens will only be good for getting tokens for this service. `client_id` (REQUIRED) String identifying the client. This client_id does not need to be registered with the authorization server but should be set to a meaningful value in order to allow auditing keys created by unregistered clients. Accepted syntax is defined in RFC6749 Appendix A.1. `access_type` (OPTIONAL) Access which is being requested. If "offline" is provided then a refresh token will be returned. The default is "online" only returning short lived access token. If the grant type is "refresh_token" this will only return the same refresh token and not a new one. `scope` (OPTIONAL) The resource in question, formatted as one of the space-delimited entries from the `scope` parameters from the `WWW-Authenticate` header shown above. This query parameter should only be specified once but may contain multiple scopes using the scope list format defined in the scope grammar. If multiple `scope` is provided from `WWW-Authenticate` header the scopes should first be converted to a scope list before requesting the token. The above example would be specified as: `scope=repository:samalba/my-app:push`. When requesting a refresh token the scopes may be empty since the refresh token will not be limited by this scope, only the provided short lived access token will have the scope limitation. `refresh_token` (OPTIONAL) The refresh token to use for authentication when grant type "refresh_token" is used. `username` (OPTIONAL) The username to use for authentication when grant type "password" is used. `password` (OPTIONAL) The password to use for authentication when grant type "password" is used. ### Response fields `access_token` (REQUIRED) An opaque `Bearer` token that clients should supply to subsequent requests in the `Authorization` header. This token should not be attempted to be parsed or understood by the client but treated as opaque string. `scope` (REQUIRED) The scope granted inside the access token. This may be the same scope as requested or a subset. This requirement is stronger than specified in RFC6749 Section 4.2.2 by strictly requiring the scope in the return value. `expires_in` (REQUIRED) The duration in seconds since the token was issued that it will remain valid. When omitted, this defaults to 60 seconds. For compatibility with older clients, a token should never be returned with less than 60 seconds to live. `issued_at` (Optional) The RFC3339-serialized UTC standard time at which a given token was issued. If `issued_at` is omitted, the expiration is from when the token exchange completed. `refresh_token` (Optional) Token which can be used to get additional access tokens for the same subject with different scopes. This token should be kept secure by the client and only sent to the authorization server which issues bearer tokens. This field will only be set when `access_type=offline` is provided in the request. ``` -------------------------------- ### Restart Registry Service Source: https://distribution.github.io/distribution/recipes/osx-setup-guide Stops and then starts the registry service using launchctl. Use this to apply configuration changes or restart a stalled service. ```bash $ launchctl stop com.docker.registry $ launchctl start com.docker.registry ``` -------------------------------- ### Registry LetsEncrypt Hosts Configuration Source: https://distribution.github.io/distribution/about/configuration Example of configuring LetsEncrypt hosts in a registry YAML file. This specifies the hostnames for TLS certificate acquisition. ```yaml http: tls: letsencrypt: hosts: [myregistryaddress.org] ``` -------------------------------- ### Load Registry Service Source: https://distribution.github.io/distribution/recipes/osx-setup-guide Loads the registry service into launchd, making it available to start and stop. This command makes the service managed by launchd. ```bash $ launchctl load ~/Library/LaunchAgents/com.docker.registry.plist ``` -------------------------------- ### GET Catalog API Endpoint with Pagination Source: https://distribution.github.io/distribution/spec/api Use this GET request with query parameters 'n' and 'last' to retrieve a specific portion of the repository list. 'n' limits entries per response, and 'last' specifies the starting point for lexical ordering. ```http GET /v2/_catalog?n=&last= ``` -------------------------------- ### Create Directories Source: https://distribution.github.io/distribution/recipes/nginx Creates the necessary directories for configuration and data storage. ```bash $ mkdir -p auth data ``` -------------------------------- ### Digest Example Source: https://distribution.github.io/distribution/spec/api An example of a common sha256-based content digest. ```text sha256:6c3c624b58dbbcd3c0dd82b4c53f04194d1247c6eebdaab7c610cf7d66709b3b ``` -------------------------------- ### GET Blob Source: https://distribution.github.io/distribution/spec/api Retrieves a blob from the registry by its digest. A HEAD request can be used to get metadata without the blob content. ```APIDOC ### Blob Operations on blobs identified by `name` and `digest`. Used to fetch or delete layers by digest. ## GET Blob ### Description Retrieve the blob from the registry identified by `digest`. A `HEAD` request can also be issued to this endpoint to obtain resource information without receiving all data. ### Method GET, HEAD ### Endpoint `/v2//blobs/` ### Parameters #### Path Parameters - **name** (string) - Required - The name of the repository. - **digest** (string) - Required - The digest of the blob to retrieve. ### Response #### Success Response (200 OK for GET, 200 OK for HEAD) - **Content** (binary) - The blob content (for GET requests). - **Content-Length** (integer) - The size of the blob. - **Content-Type** (string) - The media type of the blob. - **Docker-Content-Digest** (string) - The digest of the blob. ``` -------------------------------- ### DELETE Manifest Request Example Source: https://distribution.github.io/distribution/spec/api Example of an HTTP DELETE request to remove a manifest or tag from a repository. The reference can be a tag or a digest; manifests can only be deleted by digest. ```http DELETE /v2//manifests/ Host: Authorization: ``` -------------------------------- ### GET Catalog API Endpoint Source: https://distribution.github.io/distribution/spec/api Use this GET request to retrieve a sorted list of all repositories available in the local registry cluster. Pagination may be applied. ```http GET /v2/_catalog ``` -------------------------------- ### Configure Google Cloud Storage (GCS) Source: https://distribution.github.io/distribution/about/configuration Set up Google Cloud Storage as the registry backend. Requires bucket name and a key file for authentication. ```yaml storage: gcs: bucket: bucketname keyfile: /path/to/keyfile credentials: type: service_account project_id: project_id_string private_key_id: private_key_id_string private_key: private_key_string client_email: client@example.com client_id: client_id_string auth_uri: http://example.com/auth_uri token_uri: http://example.com/token_uri auth_provider_x509_cert_url: http://example.com/provider_cert_url client_x509_cert_url: http://example.com/client_cert_url rootdirectory: /gcs/object/name/prefix ``` -------------------------------- ### GET /v2//manifests/ Source: https://distribution.github.io/distribution/spec/api Use this endpoint to fetch an image manifest. The name and reference parameters are required and can include a tag or digest. Include an Accept header for desired manifest content types. A 404 is returned if the image is unknown. ```http GET /v2//manifests/ ``` -------------------------------- ### Get Upload Status GET Request Source: https://distribution.github.io/distribution/spec/api Retrieves the current status and offset of an ongoing layer upload. The response indicates progress via the Range header. ```http GET /v2//blobs/uploads/ Host: ``` -------------------------------- ### Example JWT Signature Source: https://distribution.github.io/distribution/spec/auth/jwt This is an example of a signature generated for the JWT payload using the ES256 algorithm and the provided ECDSA key. The signature is a critical part of JWT security. ```text QhflHPfbd6eVF4lM9bwYpFZIV0PfikbyXuLx959ykRTBpe3CYnzs6YBK8FToVb5R47920PVLrh8zuLzdCr9t3w ``` -------------------------------- ### Example JWT JOSE Header Source: https://distribution.github.io/distribution/spec/auth/jwt This is an example of a JSON Object Signing and Encryption (JOSE) header for a JWT. It specifies the token type, signing algorithm, and key ID. ```json {"typ":"JWT","alg":"ES256","kid":"PYYO:TEWU:V7JH:26JV:AQTZ:LJC3:SXVJ:XGHA:34F2:2LAQ:ZRMK:Z7Q6"} ``` -------------------------------- ### Registry Configuration with CloudFront Middleware Source: https://distribution.github.io/distribution/storage-drivers/s3 This is a minimum configuration example for a registry using CloudFront as middleware for pull operations, while push operations are still directed to S3. Ensure the 'baseurl', 'privatekey', and 'keypairid' are correctly set for your CloudFront distribution. ```yaml ... storage: s3: region: us-east-1 bucket: docker.myregistry.com middleware: storage: - name: cloudfront options: baseurl: https://abcdefghijklmn.cloudfront.net/ privatekey: /etc/docker/cloudfront/pk-ABCEDFGHIJKLMNOPQRST.pem keypairid: ABCEDFGHIJKLMNOPQRST ... ``` -------------------------------- ### GET Manifest Request Source: https://distribution.github.io/distribution/spec/api Fetches the manifest for a given repository name and reference (tag or digest). A HEAD request can be used to get metadata without the manifest body. ```http GET /v2//manifests/ Host: Authorization: ``` -------------------------------- ### Example JWT Claim Set Source: https://distribution.github.io/distribution/spec/auth/jwt This is an example of a JWT Claim Set, containing issuer, subject, audience, and access control information. Ensure all required claims are present for proper authentication. ```json {"iss":"auth.docker.com","sub":"jlhawn","aud":"registry.docker.com","exp":1415387315,"nbf":1415387015,"iat":1415387015,"jti":"tYJCO1c6cnyy7kAn0c7rKPgbV1H1bFws","access":[{"type":"repository","name":"samalba/my-app","actions":["push","pull"]}]} ``` -------------------------------- ### Run Registry with Custom Configuration File Source: https://distribution.github.io/distribution/about/configuration Command to run the registry container, mounting a custom configuration file from the host. This is useful for complex configurations or when environment variable overrides are insufficient. ```bash $ docker run -d -p 5000:5000 --restart=always --name registry \ -v `pwd`/config.yml:/etc/distribution/config.yml \ registry:3 ``` -------------------------------- ### Get Manifest Digest for Deletion Source: https://distribution.github.io/distribution/spec/api When deleting a manifest from registry version 2.3 or later, use this Accept header when performing HEAD or GET requests to obtain the correct digest for deletion. ```http Accept: application/vnd.docker.distribution.manifest.v2+json ``` -------------------------------- ### Create Registry Certificate Directory Source: https://distribution.github.io/distribution/about/deploying Prepare a directory to store TLS certificates for securing the registry. This is a prerequisite for running an externally accessible registry. ```bash $ mkdir -p certs ``` -------------------------------- ### Example ECDSA Key for Signing Source: https://distribution.github.io/distribution/spec/auth/jwt This is an example of an Elliptic Curve Digital Signature Algorithm (ECDSA) key used for signing JWTs. It includes the key type, curve, key ID, and private parameters. ```json { "kty": "EC", "crv": "P-256", "kid": "PYYO:TEWU:V7JH:26JV:AQTZ:LJC3:SXVJ:XGHA:34F2:2LAQ:ZRMK:Z7Q6", "d": "R7OnbfMaD5J2jl7GeE8ESo7CnHSBm_1N2k9IXYFrKJA", "x": "m7zUpx3b-zmVE5cymSs64POG9QcyEpJaYCD82-549_Q", "y": "dU3biz8sZ_8GPB-odm8Wxz3lNDr1xcAQQPQaOcr1fmc" } ``` -------------------------------- ### Tag Image for Local Registry Source: https://distribution.github.io/distribution Tags the 'ubuntu' image to be pushed to the local registry as 'myfirstimage'. ```bash docker image tag ubuntu localhost:5000/myfirstimage ``` -------------------------------- ### Htpasswd Authentication Configuration Source: https://distribution.github.io/distribution/about/configuration Set up basic authentication using an htpasswd file. Ensure TLS is configured when using this scheme. The htpasswd file is loaded at startup. ```yaml htpasswd: realm: "my-realm" path: "/etc/registry/htpasswd" ``` -------------------------------- ### GET /v2//tags/list Source: https://distribution.github.io/distribution/spec/api Fetch the tags under the repository identified by `name`. ```APIDOC ## GET /v2//tags/list ### Description Fetch the tags under the repository identified by `name`. ### Method GET ### Endpoint /v2//tags/list ### Parameters #### Path Parameters - **name** (string) - Required - The name of the repository. ### Response #### Success Response (200) - **name** (string) - The name of the repository. - **tags** (array) - A list of tags for the repository. ``` -------------------------------- ### Configure Docker Daemon with Registry Mirror Source: https://distribution.github.io/distribution/recipes/mirror Add the `registry-mirrors` key to `/etc/docker/daemon.json` to make the registry mirror configuration persistent. The mirror URL must be the root of the domain. ```json { "registry-mirrors": ["https://mirror.company.example"] } ``` -------------------------------- ### GET /v2/ Source: https://distribution.github.io/distribution/spec/api Check that the endpoint implements Docker Registry API V2. ```APIDOC ## GET /v2/ ### Description Check that the endpoint implements Docker Registry API V2. ### Method GET ### Endpoint /v2/ ``` -------------------------------- ### Azure Managed Identity Configuration Source: https://distribution.github.io/distribution/storage-drivers/azure Example configuration for using Azure Managed Identity with the storage driver. ```APIDOC ## Azure Managed Identity Configuration ### Description This example shows how to configure the Azure storage driver to use managed identity for authentication. ### Method N/A (Configuration example) ### Endpoint N/A (Configuration example) ### Parameters N/A (Configuration example) ### Request Example ```json { "properties": { "azure": { "accountname": "accountname", "container": "containername", "credentials": { "type": "default" } } } } ``` ### Response N/A (Configuration example) ``` -------------------------------- ### Docker Client Operations with External Registry Source: https://distribution.github.io/distribution/about/deploying Demonstrates how to pull, tag, and push images to an externally accessible and secured Docker registry using its domain name. ```bash $ docker pull ubuntu:16.04 $ docker tag ubuntu:16.04 myregistry.domain.com/my-ubuntu $ docker push myregistry.domain.com/my-ubuntu $ docker pull myregistry.domain.com/my-ubuntu ``` -------------------------------- ### Run Registry with TLS Configuration Source: https://distribution.github.io/distribution/about/deploying Run the registry with TLS enabled, specifying the certificate and key locations, and mapping the HTTPS port. This makes the registry accessible externally. ```bash $ docker run -d \ --restart=always \ --name registry \ -v "$(pwd)"/certs:/certs \ -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \ -p 443:443 \ registry:3 ``` -------------------------------- ### Pull an Image from a Registry Source: https://distribution.github.io/distribution/about Use this command to download a specific tagged image from a registry. Ensure you have Docker installed and configured. ```bash docker pull registry-1.docker.io/distribution/registry:3.0 ``` -------------------------------- ### Registry Startup Log for Endpoint Configuration Source: https://distribution.github.io/distribution/about/notifications A log message indicating successful configuration of a notification endpoint, showing the endpoint name, URL, timeout, and headers. ```log INFO[0000] configuring endpoint alistener (https://mylistener.example.com/event), timeout=500ms, headers=map[Authorization:[Bearer ]] app.id=812bfeb2-62d6-43cf-b0c6-152f541618a3 environment=development service=registry ``` -------------------------------- ### DELETE Blob Request Source: https://distribution.github.io/distribution/spec/api Example of an HTTP request to delete a blob identified by its name and digest. Requires Host and Authorization headers. ```http DELETE /v2//blobs/ Host: Authorization: ``` -------------------------------- ### Success Response: Catalog List Source: https://distribution.github.io/distribution/spec/api This JSON response is returned upon a successful catalog fetch, listing available repositories. It includes the list of repository names. ```json 200 OK Content-Length: Content-Type: application/json { "repositories": [ , ... ], } ``` -------------------------------- ### Create htpasswd file for basic auth Source: https://distribution.github.io/distribution/about/deploying Use this command to create an htpasswd file for basic authentication. Ensure the -B option is used for bcrypt format compatibility. This command is for Linux/macOS. ```bash $ mkdir auth $ docker run \ --entrypoint htpasswd \ httpd:2 -Bbn testuser testpassword > auth/htpasswd ``` -------------------------------- ### Configure Authentication Providers Source: https://distribution.github.io/distribution/about/configuration Configure various authentication providers for the registry, including 'silly' for development, 'token' with JWT support, and 'htpasswd' for basic authentication. Only one provider can be configured. ```yaml auth: silly: realm: silly-realm service: silly-service token: realm: token-realm service: token-service issuer: registry-token-issuer rootcertbundle: /root/certs/bundle jwks: /path/to/jwks signingalgorithms: - EdDSA - HS256 - ES512 htpasswd: realm: basic-realm path: /path/to/htpasswd ``` -------------------------------- ### Push Image to Local Registry Source: https://distribution.github.io/distribution Pushes the tagged image 'localhost:5000/myfirstimage' to the local registry. ```bash docker push localhost:5000/myfirstimage ``` -------------------------------- ### HTTP Response with JWT Source: https://distribution.github.io/distribution/spec/auth/jwt An example of an HTTP response containing a JWT in a JSON payload. This is typically returned by an authorization server after successful authentication. ```http HTTP/1.1 200 OK Content-Type: application/json {"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6IlBZWU86VEVXVTpWN0pIOjI2SlY6QVFUWjpMSkMzOlNYVko6WEdIQTozNEYyOjJMQVE6WlJNSzpaN1E2In0.eyJpc3MiOiJhdXRoLmRvY2tlci5jb20iLCJzdWIiOiJqbGhhd24iLCJhdWQiOiJyZWdpc3RyeS5kb2NrZXIuY29tIiwiZXhwIjoxNDE1Mzg3MzE1LCJuYmYiOjE0MTUzODcwMTUsImlhdCI6MTQxNTM4NzAxNSwianRpIjoidFlKQ08xYzZjbnl5N2tBbjBjN3JLUGdiVjFIMWJGd3MiLCJhY2Nlc3MiOlt7InR5cGUiOiJyZXBvc2l0b3J5IiwibmFtZSI6InNhbWFsYmEvbXktYXBwIiwiYWN0aW9ucyI6WyJwdXNoIl19XX0.QhflHPfbd6eVF4lM9bwYpFZIV0PfikbyXuLx959ykRTBpe3CYnzs6YBK8FToVb5R47920PVLrh8zuLzdCr9t3w"} ``` -------------------------------- ### Cloudfront Storage Middleware Example Source: https://distribution.github.io/distribution/about/configuration Inject the Cloudfront storage middleware to serve content via Cloudfront. Configure base URL, private key, key pair ID, and other Cloudfront-specific options. ```yaml middleware: storage: - name: cloudfront options: baseurl: https://my.cloudfronted.domain.com/ privatekey: /path/to/pem keypairid: cloudfrontkeypairid duration: 3000s ipfilteredby: awsregion awsregion: us-east-1, use-east-2 updatefrequency: 12h iprangesurl: https://ip-ranges.amazonaws.com/ip-ranges.json ``` -------------------------------- ### List All Repositories in Catalog Source: https://distribution.github.io/distribution/spec/api Retrieve a list of all repositories in the registry's catalog. The response format may vary based on registry implementation and user access. ```http GET /v2/_catalog ``` -------------------------------- ### 404 Not Found - Blob Upload Unknown Source: https://distribution.github.io/distribution/spec/api Returned when a blob upload is unknown to the registry, indicating it was cancelled or never started. The upload must be restarted. ```http 404 Not Found Content-Type: application/json { "errors": [ { "code": , "message": "", "detail": ... }, ... ] } ``` -------------------------------- ### Success Response: OK (200) Source: https://distribution.github.io/distribution/spec/api Returns the manifest identified by name and reference. The Docker-Content-Digest header provides the digest of the content. ```http 200 OK Docker-Content-Digest: Content-Type: { "name": , "tag": , "fsLayers": [ { "blobSum": "" }, ... ], "history": , "signature": } ```