daniel
/
distribution
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Format configuration.md with code fences to avoid render issues 

Signed-off-by: Joao Fernandes <joao.fernandes@docker.com>
master
Joao Fernandes 2016-12-14 18:50:40 -08:00
parent 923c7763b0
commit a24f2a6d78
1 changed files with 510 additions and 460 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

158
docs/configuration.md
View File

@ -17,13 +17,17 @@ To override a configuration option, create an environment variable named
and the `_` (underscore) represents indention levels. For example, you can
configure the `rootdirectory` of the `filesystem` storage backend:
storage:
```
storage:
filesystem:
rootdirectory: /var/lib/registry
```
To override this value, set an environment variable like this:
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/somewhere
```
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/somewhere
```
This variable overrides the `/var/lib/registry` value to the `/somewhere`
directory.
@ -36,9 +40,11 @@ If the default configuration is not a sound basis for your usage, or if you are
Typically, create a new configuration file from scratch, and call it `config.yml`, then:
docker run -d -p 5000:5000 --restart=always --name registry \
```
docker run -d -p 5000:5000 --restart=always --name registry \
-v `pwd`/config.yml:/etc/docker/registry/config.yml \
registry:2
```
You can (and probably should) use [this as a starting point](https://github.com/docker/distribution/blob/master/cmd/registry/config-example.yml).
@ -48,8 +54,9 @@ This section lists all the registry configuration options. Some options in
the list are mutually exclusive. So, make sure to read the detailed reference
information about each option that appears later in this page.
version: 0.1
log:
```
version: 0.1
log:
accesslog:
disabled: true
level: debug
@ -71,8 +78,8 @@ information about each option that appears later in this page.
from: sender@example.com
to:
- errors@example.com
loglevel: debug # deprecated: use "log"
storage:
loglevel: debug # deprecated: use "log"
storage:
filesystem:
rootdirectory: /var/lib/registry
maxthreads: 100
@ -138,7 +145,7 @@ information about each option that appears later in this page.
dryrun: false
readonly:
enabled: false
auth:
auth:
silly:
realm: silly-realm
service: silly-service
@ -150,7 +157,7 @@ information about each option that appears later in this page.
htpasswd:
realm: basic-realm
path: /path/to/htpasswd
middleware:
middleware:
registry:
- name: ARegistryMiddleware
options:
@ -170,7 +177,7 @@ information about each option that appears later in this page.
- name: redirect
options:
baseurl: https://example.com/
reporting:
reporting:
bugsnag:
apikey: bugsnagapikey
releasestage: bugsnagreleasestage
@ -179,7 +186,7 @@ information about each option that appears later in this page.
licensekey: newreliclicensekey
name: newrelicname
verbose: true
http:
http:
addr: localhost:5000
prefix: /my/nested/registry/
host: https://myregistryaddress.org:5000
@ -200,7 +207,7 @@ information about each option that appears later in this page.
X-Content-Type-Options: [nosniff]
http2:
disabled: false
notifications:
notifications:
endpoints:
- name: alistener
disabled: false
@ -211,7 +218,7 @@ information about each option that appears later in this page.
backoff: 1000
ignoredmediatypes:
- application/octet-stream
redis:
redis:
addr: localhost:6379
password: asecret
db: 0
@ -222,7 +229,7 @@ information about each option that appears later in this page.
maxidle: 16
maxactive: 64
idletimeout: 300s
health:
health:
storagedriver:
enabled: true
interval: 10s
@ -243,20 +250,21 @@ information about each option that appears later in this page.
timeout: 3s
interval: 10s
threshold: 3
proxy:
proxy:
remoteurl: https://registry-1.docker.io
username: [username]
password: [password]
compatibility:
compatibility:
schema1:
signingkeyfile: /etc/registry/key.json
validation:
validation:
manifests:
urls:
allow:
- ^https?://([^/]+\.)*example\.com/
deny:
- ^https?://www\.example\.com/
```
In some instances a configuration option is **optional** but it contains child
options marked as **required**. This indicates that you can omit the parent with
@ -265,7 +273,9 @@ the children marked **required**.
## version
version: 0.1
```
version: 0.1
```
The `version` option is **required**. It specifies the configuration's version.
It is expected to remain a top-level field, to allow for a consistent version
@ -277,7 +287,8 @@ The `log` subsection configures the behavior of the logging system. The logging
system outputs everything to stdout. You can adjust the granularity and format
with this configuration section.
log:
```
log:
accesslog:
disabled: true
level: debug
@ -285,6 +296,7 @@ with this configuration section.
fields:
service: registry
environment: staging
```
<table>
<tr>
@ -335,8 +347,10 @@ with this configuration section.
### accesslog
accesslog:
```
accesslog:
disabled: true
```
Within `log`, `accesslog` configures the behavior of the access logging
system. By default, the access logging system outputs to stdout in
@ -345,7 +359,8 @@ Access logging can be disabled by setting the boolean flag `disabled` to `true`.
## hooks
hooks:
```
hooks:
- type: mail
levels:
- panic
@ -358,6 +373,7 @@ Access logging can be disabled by setting the boolean flag `disabled` to `true`.
from: name@sendhost.com
to:
- name@receivehost.com
```
The `hooks` subsection configures the logging hooks' behavior. This subsection
includes a sequence handler which you can use for sending mail, for example.
@ -367,14 +383,17 @@ Refer to `loglevel` to configure the level of messages printed.
> **DEPRECATED:** Please use [log](#log) instead.
loglevel: debug
```
loglevel: debug
```
Permitted values are `error`, `warn`, `info` and `debug`. The default is
`info`.
## storage
storage:
```
storage:
filesystem:
rootdirectory: /var/lib/registry
azure:
@ -436,12 +455,13 @@ Permitted values are `error`, `warn`, `info` and `debug`. The default is
dryrun: false
redirect:
disable: false
```
The storage option is **required** and defines which storage backend is in use.
You must configure one backend; if you configure more, the registry returns an error. You can choose any of these backend storage drivers:
| Storage&nbsp;driver | Description
| ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| Storage&nbsp;driver | Description |
|:--------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `filesystem` | Uses the local disk to store registry files. It is ideal for development and may be appropriate for some small-scale production applications. See the [driver's reference documentation](https://github.com/docker/docker.github.io/tree/master/registry/storage-drivers/filesystem.md). |
| `azure` | Uses Microsoft's Azure Blob Storage. See the [driver's reference documentation](https://github.com/docker/docker.github.io/tree/master/registry/storage-drivers/azure.md). |
| `gcs` | Uses Google Cloud Storage. See the [driver's reference documentation](https://github.com/docker/docker.github.io/tree/master/registry/storage-drivers/gcs.md). |
@ -460,7 +480,9 @@ backing data-store. If you do use a Windows volume, you must ensure that the
`PATH` to the mount point is within Windows' `MAX_PATH` limits (typically 255
characters). Failure to do so can result in the following error message:
mkdir /XXX protocol error and your registry will not function properly.
```
mkdir /XXX protocol error and your registry will not function properly.
```
### Maintenance
@ -476,12 +498,12 @@ configure upload directory purging, the following parameters
must be set.
| Parameter | Required | Description
--------- | -------- | -----------
`enabled` | yes | Set to true to enable upload purging. Default=true. |
`age` | yes | Upload directories which are older than this age will be deleted. Default=168h (1 week)
`interval` | yes | The interval between upload directory purging. Default=24h.
`dryrun` | yes | dryrun can be set to true to obtain a summary of what directories will be deleted. Default=false.
| Parameter | Required | Description |
|:-----------|:---------|:---------------------------------------------------------------------------------------------------|
| `enabled` | yes | Set to true to enable upload purging. Default=true. |
| `age` | yes | Upload directories which are older than this age will be deleted. Default=168h (1 week) |
| `interval` | yes | The interval between upload directory purging. Default=24h. |
| `dryrun` | yes | dryrun can be set to true to obtain a summary of what directories will be deleted. Default=false. |
Note: `age` and `interval` are strings containing a number with optional fraction and a unit suffix: e.g. 45m, 2h10m, 168h (1 week).
@ -501,8 +523,10 @@ Use the `delete` subsection to enable the deletion of image blobs and manifests
by digest. It defaults to false, but it can be enabled by writing the following
on the configuration file:
delete:
```
delete:
enabled: true
```
### cache
@ -530,13 +554,15 @@ doing aggressive caching.
Redirects can be disabled by adding a single flag `disable`, set to `true`
under the `redirect` section:
redirect:
```
redirect:
disable: true
```
## auth
auth:
```
auth:
silly:
realm: silly-realm
service: silly-service
@ -548,6 +574,7 @@ under the `redirect` section:
htpasswd:
realm: basic-realm
path: /path/to/htpasswd
```
The `auth` option is **optional**. There are
currently 3 possible auth providers, `silly`, `token` and `htpasswd`. You can configure only
@ -712,7 +739,8 @@ object they're wrapping. This means a registry middleware must implement the
An example configuration of the `cloudfront` middleware, a storage middleware:
middleware:
```
middleware:
registry:
- name: ARegistryMiddleware
options:
@ -728,6 +756,7 @@ An example configuration of the `cloudfront` middleware, a storage middleware:
privatekey: /path/to/pem
keypairid: cloudfrontkeypairid
duration: 3000s
```
Each middleware entry has `name` and `options` entries. The `name` must
correspond to the name under which the middleware registers itself. The
@ -798,12 +827,13 @@ storage middleware can be used to specify a custom URL to a location
of a proxy for the layer stored by the S3 storage driver.
| Parameter | Required | Description |
| --- | --- | --- |
|:----------|:---------|:------------------------------------------------------------------------------------------------------------|
| baseurl | yes | `SCHEME://HOST` at which layers are served. Can also contain port. For example, `https://example.com:5443`. |
## reporting
reporting:
```
reporting:
bugsnag:
apikey: bugsnagapikey
releasestage: bugsnagreleasestage
@ -812,6 +842,7 @@ of a proxy for the layer stored by the S3 storage driver.
licensekey: newreliclicensekey
name: newrelicname
verbose: true
```
The `reporting` option is **optional** and configures error and metrics
reporting tools. At the moment only two services are supported, [New
@ -909,7 +940,8 @@ configuration may contain both.
## http
http:
```
http:
addr: localhost:5000
net: tcp
prefix: /my/nested/registry/
@ -931,6 +963,7 @@ configuration may contain both.
X-Content-Type-Options: [nosniff]
http2:
disabled: false
```
The `http` option details the configuration for the HTTP server that hosts the registry.
@ -1164,7 +1197,8 @@ settings for the registry.
## notifications
notifications:
```
notifications:
endpoints:
- name: alistener
disabled: false
@ -1175,6 +1209,7 @@ settings for the registry.
backoff: 1000
ignoredmediatypes:
- application/octet-stream
```
The notifications option is **optional** and currently may contain a single
option, `endpoints`.
@ -1306,7 +1341,8 @@ The URL to which events should be published.
## redis
redis:
```
redis:
addr: localhost:6379
password: asecret
db: 0
@ -1317,6 +1353,7 @@ The URL to which events should be published.
maxidle: 16
maxactive: 64
idletimeout: 300s
```
Declare parameters for constructing the redis connections. Registry instances
may use the Redis instance for several applications. The current purpose is
@ -1404,10 +1441,12 @@ as the registry does not set an expire value on keys.
### pool
pool:
```
pool:
maxidle: 16
maxactive: 64
idletimeout: 300s
```
Configure the behavior of the Redis connection pool.
@ -1456,7 +1495,8 @@ Configure the behavior of the Redis connection pool.
## health
health:
```
health:
storagedriver:
enabled: true
interval: 10s
@ -1477,6 +1517,7 @@ Configure the behavior of the Redis connection pool.
timeout: 3s
interval: 10s
threshold: 3
```
The health option is **optional**. It may contain preferences for a periodic
health check on the storage driver's backend storage, and optional periodic
@ -1785,10 +1826,12 @@ The TCP address to connect to, including a port number.
## Proxy
proxy:
```
proxy:
remoteurl: https://registry-1.docker.io
username: [username]
password: [password]
```
Proxy enables a registry to be configured as a pull through cache to the official Docker Hub. See [mirror](https://github.com/docker/docker.github.io/tree/master/registry/recipes/mirror.md) for more information. Pushing to a registry configured as a pull through cache is currently unsupported.
@ -1837,9 +1880,11 @@ To enable pulling private repositories (e.g. `batman/robin`) a username and pass
## Compatibility
compatibility:
```
compatibility:
schema1:
signingkeyfile: /etc/registry/key.json
```
Configure handling of older and deprecated features. Each subsection
defines such a feature with configurable behavior.
@ -1869,13 +1914,15 @@ defines such a feature with configurable behavior.
## Validation
validation:
```
validation:
manifests:
urls:
allow:
- ^https?://([^/]+\.)*example\.com/
deny:
- ^https?://www\.example\.com/
```
### disabled
@ -1905,17 +1952,19 @@ one of the `allow` regular expressions and one of the following holds:
The following is a simple example you can use for local development:
version: 0.1
log:
```
version: 0.1
log:
level: debug
storage:
storage:
filesystem:
rootdirectory: /var/lib/registry
http:
http:
addr: localhost:5000
secret: asecretforlocaldevelopment
debug:
addr: localhost:5001
```
The above configures the registry instance to run on port `5000`, binding to
`localhost`, with the `debug` server enabled. Registry data storage is in the
@ -1947,7 +1996,7 @@ conjunction with the S3 storage driver.
<td>The storage middleware name. Currently <code>cloudfront</code> is an accepted value.</td>
</tr>
<tr>
<td><code>disabled<code></td>
<td><code>disabled</code></td>
<td>Set to <code>false</code> to easily disable the middleware.</td>
</tr>
<tr>
@ -1966,7 +2015,8 @@ conjunction with the S3 storage driver.
The following example illustrates these values:
middleware:
```
middleware:
storage:
- name: cloudfront
disabled: false
@ -1975,7 +2025,7 @@ The following example illustrates these values:
privatekey: /path/to/asecret.pem
keypairid: asecret
duration: 60
```
>**Note**: Cloudfront keys exist separately to other AWS keys. See
>[the documentation on AWS credentials](http://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html)