Like 0
Fork 0

Last active 1737603702

Straight-forward setup for Zot in Docker. Steps are also included how to use it as a Docker registry.

Korbs's Avatar Korbs revised this gist 1737603702. Go to revision

3 files changed, 181 insertions

README.md(file created)

@@ -0,0 +1,68 @@
1 + # Zot Docker Setup
2 +
3 + Setup Zot in Docker
4 +
5 + This is mostly how SudoVanilla's Docker registry is setup.
6 +
7 + > I'm still new to Zot, so some information below could be inaccurate and some important information could be missing too.
8 +
9 + ## Configuration
10 +
11 + ### Address and Port
12 +
13 + Zot will need to bind itself to an address and port.
14 +
15 + - `address` - `192.168.0.0` (Use Local IP)
16 + - `port` - `2000`
17 +
18 + Example above would bind `http://192.168.0.0:2000`
19 +
20 + ### Access Control
21 +
22 + The already provided configuration is setup to allow guest users to view any images that is available on your Zot registry, with one user(you) being able to view, create, delete, and update images.
23 +
24 + Make sure you give yourself access to other permissions, the email you plan to use should be set to `users` under the `*` policies under `accessControl`.
25 +
26 + ### OpenID Connect (Optional)
27 +
28 + To setup OpenID Connect, configure the `openid` portion of the `config.json` file.
29 +
30 + - `name` - Name that appears on login button (Sign in with `name`)
31 + - `issuer` - `https://sso.whatever.org/odic`
32 + - Don't use the provider configuration endpoint, use the issuer endpoint
33 + - `clientid` - Client or App ID
34 + - `clientsecret` - Client or App secret
35 + - `scopes` - Permissions to give Zot that it can access.
36 +
37 + Your Zot redirect URL will look like this:
38 + ```
39 + // Path
40 + /zot/auth/callback/oidc
41 +
42 + // Full URL example
43 + https://zot.whatever.org/zot/auth/callback/oidc
44 + ```
45 +
46 + > The endpoint will use your `externalUrl` as the assumed redirect URL, make it is set correctly for your setup.
47 +
48 + > If you don't plan to use this, remove the `openid` portion from the `config.json` file.
49 +
50 + ### Htpasswd (Optional)
51 +
52 + If you plan to provide a login via email and password, you'll need to create an account with the `htpasswd` command and create the account you'll use.
53 +
54 + Create an account:
55 + ```bash
56 + htpasswd -bnB MyUsername MyPassword > ./htpasswd
57 + ```
58 +
59 + > If you don't plan to use this, remove the `htpasswd` line from the `config.json` file.
60 +
61 + ## Uploading to your Zot Registry
62 + Zot seems to be setup to accept OCI images, not the Docker format, so using `docker push` won't work.
63 +
64 + To build and push a Docker image to your Zot registry, I recommend using the Buildah command line tool.
65 +
66 + Learn how to here: https://gist.sudovanilla.org/Korbs/buildah-build-and-push
67 +
68 + > Don't use Skopeo, as it doesn't carry over the `cmd` or `entrypoint` of the Docker image.

config.json(file created)

@@ -0,0 +1,102 @@
1 + {
2 + "distSpecVersion": "1.0.1",
3 + "storage": {
4 + "dedupe": true,
5 + "gc": true,
6 + "gcDelay": "1h",
7 + "gcInterval": "6h",
8 + "rootDirectory": "/var/lib/registry"
9 + },
10 + "http": {
11 + "address": "192.168.0.0",
12 + "port": "2000",
13 + "externalUrl": "https://zot.whatever.org",
14 + "realm": "zot",
15 + "auth": {
16 + "htpasswd": {
17 + "path": "/etc/zot/htpasswd"
18 + },
19 + "openid": {
20 + "providers": {
21 + "oidc": {
22 + "name": "Company SSO or whatever",
23 + "issuer": "https://sso.whatever.org/oidc",
24 + "clientid": "CLIENT_ID",
25 + "clientsecret": "CLIENT_SECRET",
26 + "keypath": "",
27 + "scopes": [
28 + "openid",
29 + "profile",
30 + "email"
31 + ]
32 + }
33 + }
34 + },
35 + "failDelay": 1
36 + },
37 + "accessControl": {
38 + "repositories": {
39 + "*": {
40 + "policies": [
41 + {
42 + "users": [
43 + "your-email@whatever.org"
44 + ],
45 + "actions": [
46 + "read",
47 + "create",
48 + "update",
49 + "delete"
50 + ]
51 + }
52 + ],
53 + "defaultPolicy": [
54 + "read"
55 + ],
56 + "anonymousPolicy": [
57 + "read"
58 + ]
59 + }
60 + }
61 + }
62 + },
63 + "log": {
64 + "level": "debug",
65 + "output": "/var/log/zot/zot.log",
66 + "audit": "/var/log/zot/zot-audit.log"
67 + },
68 + "extensions": {
69 + "ui": {
70 + "enable": true
71 + },
72 + "search": {
73 + "enable": true,
74 + "cve": {
75 + "updateInterval": "24h"
76 + }
77 + },
78 + "sync": {
79 + "enable": false,
80 + "registries": [
81 + {
82 + "urls": [
83 + "https://mirror.gcr.io/library"
84 + ],
85 + "onDemand": true,
86 + "maxRetries": 3,
87 + "retryDelay": "5m",
88 + "pollInterval": "6h"
89 + },
90 + {
91 + "urls": [
92 + "https://docker.io/library"
93 + ],
94 + "onDemand": true
95 + }
96 + ]
97 + },
98 + "scrub": {
99 + "interval": "24h"
100 + }
101 + }
102 + }

docker-compose.yml(file created)

@@ -0,0 +1,11 @@
1 + services:
2 + zot:
3 + image: ghcr.io/project-zot/zot:latest
4 + network_mode: host # Configure the ports in the "config.json" file.
5 + stdin_open: true
6 + tty: true
7 + volumes:
8 + - ./config.json:/etc/zot/config.json
9 + - ./htpasswd:/etc/zot/htpasswd
10 + - ./zot:/var/lib/registry # Generated
11 + - ./logs:/var/log/zot/ # Generated
Newer Older

Powered by Opengist Load: 29ms

English
Privacy Policy