Implementation of the Docker Registry HTTP API V2 in Rust, that can act as a proxy to other registries

Overview

Docker registry server and proxy

(I'm bad at creating catchy names, but this one is good enough.)

This project aims to implement a Docker Registry HTTP API that can also act as a proxy to other registries with a dedicated path for that purpose. In other words, it's a storage for your own Docker images and a cache for others. If you're using GitLab, this will probably remind you of the Container Registry and the Dependency Proxy.

Note: This project is not production-ready and should be used at your own risk !

Why not Docker's Go implementation of the registry ?

While installing the registry was a breeze, I can't make it work as a pull-through registry and a storage registry at the same time. It's either one, or the other. While I could set up another registry (pretty much automated with Ansible), that would mean grabbing another TLS certificate, setting up another subdomain and configure the HTTP reverse proxy appropriately. Let alone configuring the HTTP reverse-proxy to use only one domain.

Non-goals

Implementing the entire Docker Registry HTTP API V2 specification is a non-goal. As long as I can push and pull images with the docker client, I will be fine. If I find tooling that needs monolithic blob uploads, I will maybe look into implementing that. Same goes for other URIs in the specification.

Current limitations

In the current state of the code (2022-12-13, commit afb86448), there are a few limitations. Some can be compensated, others not quite.

  1. No HTTP authentication. You must set up a reverse proxy for that, although chances are you already have one.
  2. Docker registry connection information — e.g. tokens to access the DockerHub anonymously — aren't cleaned when the token expires. They are recreated when the proxy needs to hit the upstream registry and the token has expired.
  3. Garbage collecting the proxy container registry has not been developed yet.

Configuration sample

A file named configuration.toml in the server's working directory will suffice. The file should contain the following keys, otherwise it won't start:

registry_storage = "storage/registry"
temporary_registry_storage = "storage/_tmp"
proxy_storage = "storage/proxy"

A few words on the container proxy

If proxying containers, you must give the registry the whole path to reach the container, especially for containers from the DockerHub. Otherwise, you may end up with issues regarding DNS not resolving addresses.

For example, if you want to reference hello-world:latest from the DockerHub, you must reference it with registry-1.docker.io/library/hello-world:latest. The whole URL will look like <your registry>/proxy/registry-1.docker.io/library/hello-world:latest. It's long-winded, but in the interest of keeping things simple with regular expressions, this will do. Containers from other registries are not affected since you must refer to them by the whole path anyway.

License

Copyright 2022 Mathias B. [email protected]

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

You might also like...
Hudsucker is a MITM HTTP/S proxy written in Rust.

hudsucker Hudsucker is a MITM HTTP/S proxy written in Rust. Features Modify HTTP/S requests Modify HTTP/S responses Modify websocket messages Usage Fo

A proxy implement with http / socks5 in-bound and vmess out-bound, written in Rust and tokio.rs

tokio-vmess an Asynchronous proxy implement with http / socks5 in-bound and vmess out-bound, written in Rust and tokio Run example first, Fill out the

♻ A simple and efficient Gemini-to-HTTP proxy written in Rust.

September A simple and efficient Gemini-to-HTTP proxy written in Rust. Usage Docker $ docker run -d [ -e ROOT="gemini://fuwn.me" ] [ -e PORT="8080"] [

Docker daemon API in Rust

Bollard: an asynchronous rust client library for the docker API Bollard leverages the latest Hyper and Tokio improvements for an asynchronous API cont

A remote shell, TCP tunnel and HTTP proxy for Replit.
A remote shell, TCP tunnel and HTTP proxy for Replit.

Autobahn A remote shell, TCP tunnel and HTTP proxy for Replit. Hybrid SSH/HTTP server for Replit. Based on leon332157/replish. Autobahn runs a WebSock

📡Proxy HTTP/1.1 requests over a sensitive point-to-point link
📡Proxy HTTP/1.1 requests over a sensitive point-to-point link

ptproxy Motivation What's this? Why do I need this? What's a sensitive network link? What's wrong with a VPN? What's wrong with HTTP[S]? What's wrong

A high performance http proxy server & extensions platform & net packet capture tool
A high performance http proxy server & extensions platform & net packet capture tool

CthulhuRs A high performance http proxy server A browser extensions platform A net packet capture tool Demonstration Main features of CthulhuRs Inject

🔌 A curseforge proxy server, keeping your API key safe and sound.

🔌 CFPROXY - The curseforge proxy server Curseforge has locked down their API and now restricts access without authentification. This spells trouble f

A high performence Socks5 proxy server with bind/reverse support implementation by Rust.

rsocx A high performence Socks5 proxy server with bind/reverse support implementation by Rust Features Async-std No unsafe code Single executable Linu

Owner
l4p1n (Mathias B.)
Writes stuff in many languages
l4p1n (Mathias B.)
Lightweight proxy that allows redirect HTTP(S) traffic through a proxy.

Proxyswarm Proxyswarm is a lightweight proxy that allows redirect HTTP(S) traffic through a proxy. WARNING: This app isn't recomended for download lar

Jorge Alejandro Jimenez Luna 4 Apr 16, 2022
A TCP proxy using HTTP - Reach SSH behind a Nginx reverse proxy

?? TCP over HTTP ?? The Questions ?? What does it do? You can proxy TCP traffic over HTTP. A basic setup would be: [Your TCP target] <--TCP-- [Exit No

Julian 185 Dec 15, 2022
Build tool for custom setups of docker containers. Docker compose didn't offer enough, Kubernetes offered too much. Carbon is the in-between.

docker abstraction layer with added flair Fast travel: Tips Contributing How it works Installation Help This tool started its life as a way to make de

akhara 3 Nov 10, 2022
Reverse proxy for HTTP microservices and STDIO. Openfass watchdog which can run webassembly with wasmer-gpu written in rust.

The of-watchdog implements an HTTP server listening on port 8080, and acts as a reverse proxy for running functions and microservices. It can be used independently, or as the entrypoint for a container with OpenFaaS.

yanghaku 7 Sep 15, 2022
Proxy sentry request to a sentry server using a tunnel/proxy endpoint

Sentry Tunnel This is a proxy that forwards tunneled sentry requests to the real sentry server. The implementation is based on the explanation provide

Paul FLORENCE 14 Dec 20, 2022
UDP proxy with Proxy Protocol and mmproxy support

udppp UDP proxy with Proxy Protocol and mmproxy support. Features Async Support Proxy Protocol V2 SOCKET preserve client IP addresses in L7 proxies(mm

b23r0 10 Dec 18, 2022
Web3-proxy: a fast caching and load balancing proxy for web3 (Ethereum or similar) JsonRPC servers.

web3-proxy Web3-proxy is a fast caching and load balancing proxy for web3 (Ethereum or similar) JsonRPC servers. Signed transactions (eth_sendRawTrans

null 55 Jan 8, 2023
Proxy copilot api to openai's gpt-4 api

Proxying Copilot API to OpenAI's GPT-4 API Usage Start the Server export GHU_TOKEN=ghu_xxxx; ./copilot2chat Or sh start.sh start # start the server th

Smark 3 Dec 6, 2023
A simple web server(and library) to display server stats over HTTP and Websockets/SSE or stream it to other systems.

x-server-stats A simple web server(and library) to display server stats over HTTP and Websockets/SSE or stream it to other systems. x-server(in x-serv

Pratyaksh 11 Oct 17, 2022
BitTorrent peer ID registry/parser/(soon) encoder for Rust

BitTorrent peer ID registry/parser/(soon) encoder By convention, BitTorrent clients identify themselves and their versions in peer IDs they send to tr

TORRENTDYNE 3 Oct 16, 2023