RegistryUI Documentation


Standalone Server

Air-gapped installation of RegistryUI is not currently supported.

RegistryUI can be installed stand-alone in a VM or bare-metal server providing all features and SSL support, without requiring a proxy or other tools (except of course Docker).

On such a system where Docker is installed, RegistryUI can be started (all containers) and will respond to http:// and https:// requests implementing a completely self-hosted Docker Registry with the RegistryUI website.

SSL Certs

LetsEncrypt support in RegistryUI cannot be used when proxies (such as nginx, etc.) are used, as these rely on Server Name Indication (SNI), which prevents a request from being forwarded to the RegistryUI site before a certificate is available. With proxies, the SSL certificates are managed by the proxies instead.

RegistryUI has built-in support for LetsEncrypt and can automatically obtain and renew SSL certificates. There are no manual steps required for the initial installation or for certificate renewals. When the website is started, an SSL certificate is automatically obtained or renewed if necessary.

In order to be able to use https:// which is strongly recommended for any RegistryUI installation, the registryuiweb container must include additional environment variables, which are easily set up. These environment variables define the necessary information to register and renew SSL certificates for the site.

        container_name: registryuiweb
        . . .
        - ASPNETCORE_URLS=http://+:80;https://+:443  # required so both ports 80/443 are available
        - YETAWF_P_YETAWF_CORE_PAGESECURITY=SSLOnly  # redirects all http requests to https (recommended)
        - YETAWF_LETSENCRYPT_CERTS=DataLocal/LetsEncryptCerts # required permanent certs storage (do not modify)
        - YETAWF_LETSENCRYPT_DOMAINS=registry.yourcompany.com
        - YETAWF_LETSENCRYPT_EMAIL=youremail@yourcompany.com
Environment VariableDescription
ASPNETCORE_URLSDefines the ports used by the website (LetsEncrypt requires port 80, https requires 443).
YETAWF_P_YETAWF_CORE_PAGESECURITYCauses all http requests to be redirected to https.
YETAWF_LETSENCRYPT_CERTSDefines the location where certs are permanently saved. Do not alter.
YETAWF_LETSENCRYPT_DOMAINSDefines the complete domain domain (without https://). Multiple domain names can be comma separated, in which case a certificate for each domain is obtained.
YETAWF_LETSENCRYPT_STAGINGSet to false in production so production certificates are obtained. If set to true, test certificates are obtained instead, which should only be used to test that certificate creation/renewal is working correctly.
YETAWF_LETSENCRYPT_EMAILDefines the email address that receives notifications when certificates are expiring.
YETAWF_LETSENCRYPT_COUNTRYDefines the country where your company is located.
YETAWF_LETSENCRYPT_LOCALITYDefines the country where your company is located.
YETAWF_LETSENCRYPT_ORGANIZATIONDefines the name of your company.
YETAWF_LETSENCRYPT_ORGANIZATIONUNITDefines the department within your company.
YETAWF_LETSENCRYPT_STATEDefines the state where your company is located.
YETAWF_LETSENCRYPT_TIMEUNTILEXPIRYBEFORERENEWALDefines the number of days remaining on an SSL certificate before renewal is attempted.
YETAWF_LETSENCRYPT_TIMEAFTERISSUEDATEBEFORERENEWALDefines the number of days after a certificate is issued before a renewal is attempted.

Most of the contents of these variables are defined by LetsEncrypt. For information about LetsEncrypt see https://letsencrypt.org/documents/isrg-cp-v2.0/.