Air-gapped installation of RegistryUI is not currently supported.
RegistryUI can be installed stand-alone in a VM or bare-metal server providing all features and SSL support, without requiring a proxy or other tools (except of course Docker).
On such a system where Docker is installed, RegistryUI can be started (all containers) and will respond to http:// and https:// requests implementing a completely self-hosted Docker Registry with the RegistryUI website.
LetsEncrypt support in RegistryUI cannot be used when proxies (such as nginx, etc.) are used, as these rely on Server Name Indication (SNI), which prevents a request from being forwarded to the RegistryUI site before a certificate is available. With proxies, the SSL certificates are managed by the proxies instead.
RegistryUI has built-in support for LetsEncrypt and can automatically obtain and renew SSL certificates. There are no manual steps required for the initial installation or for certificate renewals. When the website is started, an SSL certificate is automatically obtained or renewed if necessary.
In order to be able to use https:// which is strongly recommended for any RegistryUI installation, the registryuiweb container must include additional environment variables, which are easily set up. These environment variables define the necessary information to register and renew SSL certificates for the site.
registryuiweb: container_name: registryuiweb . . . environment: - ASPNETCORE_URLS=http://+:80;https://+:443 # required so both ports 80/443 are available - YETAWF_P_YETAWF_CORE_PAGESECURITY=SSLOnly # redirects all http requests to https (recommended) - YETAWF_LETSENCRYPT_CERTS=DataLocal/LetsEncryptCerts # required permanent certs storage (do not modify) - YETAWF_LETSENCRYPT_DOMAINS=registry.yourcompany.com - YETAWF_LETSENCRYPT_STAGING=false - YETAWF_LETSENCRYPT_EMAILemail@example.com - YETAWF_LETSENCRYPT_COUNTRYNAME=United States - YETAWF_LETSENCRYPT_LOCALITY=US - YETAWF_LETSENCRYPT_ORGANIZATION=Your Company Name - YETAWF_LETSENCRYPT_ORGANIZATIONUNIT=Your Department - YETAWF_LETSENCRYPT_STATE=FL - YETAWF_LETSENCRYPT_TIMEUNTILEXPIRYBEFORERENEWAL=30 - YETAWF_LETSENCRYPT_TIMEAFTERISSUEDATEBEFORERENEWAL=7
|ASPNETCORE_URLS||Defines the ports used by the website (LetsEncrypt requires port 80, https requires 443).|
|YETAWF_P_YETAWF_CORE_PAGESECURITY||Causes all http requests to be redirected to https.|
|YETAWF_LETSENCRYPT_CERTS||Defines the location where certs are permanently saved. Do not alter.|
|YETAWF_LETSENCRYPT_DOMAINS||Defines the complete domain domain (without https://). Multiple domain names can be comma separated, in which case a certificate for each domain is obtained.|
|YETAWF_LETSENCRYPT_STAGING||Set to false in production so production certificates are obtained. If set to true, test certificates are obtained instead, which should only be used to test that certificate creation/renewal is working correctly.|
|YETAWF_LETSENCRYPT_EMAIL||Defines the email address that receives notifications when certificates are expiring.|
|YETAWF_LETSENCRYPT_COUNTRY||Defines the country where your company is located.|
|YETAWF_LETSENCRYPT_LOCALITY||Defines the country where your company is located.|
|YETAWF_LETSENCRYPT_ORGANIZATION||Defines the name of your company.|
|YETAWF_LETSENCRYPT_ORGANIZATIONUNIT||Defines the department within your company.|
|YETAWF_LETSENCRYPT_STATE||Defines the state where your company is located.|
|YETAWF_LETSENCRYPT_TIMEUNTILEXPIRYBEFORERENEWAL||Defines the number of days remaining on an SSL certificate before renewal is attempted.|
|YETAWF_LETSENCRYPT_TIMEAFTERISSUEDATEBEFORERENEWAL||Defines the number of days after a certificate is issued before a renewal is attempted.|
Most of the contents of these variables are defined by LetsEncrypt. For information about LetsEncrypt see https://letsencrypt.org/documents/isrg-cp-v2.0/.