This repository contains a docker registry implementation in Workers that uses R2.
It supports all pushing and pulling workflows. It also supports Username/Password and public key JWT based authentication.
You have to install all the dependencies with your favorite package manager (e.g pnpm, npm, yarn, bun...).
$ npm install
After installation, there is a few steps to actually deploy the registry into production:
- Setup the R2 Bucket for this registry
$ wrangler --env production r2 bucket create r2-registry
Add this to your wrangler.toml
r2_buckets = [
{ binding = "REGISTRY", bucket_name = "r2-registry"}
]
- Setup the JWT_STATE_SECRET secret binding
$ node -p 'crypto.randomUUID()' | wrangler --env production secret put JWT_STATE_SECRET
- Deploy your image registry
$ wrangler deploy --env production
Your registry should be up and running. It will refuse any requests if you don't setup credentials.
Set the USERNAME and PASSWORD as secrets with wrangler secret put USERNAME --env production
and wrangler secret put PASSWORD --env production
.
You can add a base64 encoded JWT public key to verify passwords (or token) that are signed by the private key.
wrangler secret put JWT_REGISTRY_TOKENS_PUBLIC_KEY --env production
Right now there is some limitations with this docker registry.
- Pushing with docker is limited to images that have layers of maximum size 500MB. Refer to maximum request body sizes in your Workers plan.
- To circumvent that limitation, you can manually add the layer and the manifest into the R2 bucket or use a client that is able to chunk uploads in sizes less than 500MB (or the limit that you have in your Workers plan).
- If you use
wrangler dev
and push to the R2 registry with docker, the R2 registry will have to buffer the request on the Worker.
The project is licensed under the Apache License.
See CONTRIBUTING.md
for contributing to the project.