I run a local zot for use with stacker.
It is very useful to be able to publish oci images. It also can improve performance by acting as a caching proxy. See sync extension. This is especially useful due to docker.io's low bandwidth limits.
To use this for localhost:
-
Download a
zot
from releases and make it executable (chmod 755 zot
) -
Generate a new certificates.
./generate-certs certs
-
Run the zot server
./zot serve config.yaml
If you want you can still
-
Get zli, the zot command line interface tool from releases and chmod it.
-
Configure zli:
zli config add localhost https://127.0.0.1:5000/ verify-tls=false
For local auth, use of http auth is the easiest thing. You can manage an htpasswd file with htpasswd
from apache2-utils.
The htpasswd file here contains a user 'zot' with password 'zot'.
You can re-create it if you'd like, just remove it and then:
$ rm -f htpasswd.txt
$ htpasswd -cbB htpasswd.txt zot zot
You can add or update users with:
$ htpasswd -bB htpasswd.txt newuser newpassword
Delete users with:
$ htpasswd -D htpasswd.txt baduser
If you want to have your SSL certificate trusted, then you either have to use a real certificate (signed by a real CA) or make your local system trust things signed by your local CA.
Add your your newly created Certificate Authority on ubuntu, (doc) like this:
$ sudo cp certs/ca.pem /usr/local/share/ca-certificates/localhost-zot.crt
$ sudo update-ca-certificates
Alternatively, to just tell container tools (like skopeo) not to require valid certificates, you can put the following into either /etc/containers/registries.conf
or $HOME/.config/containers/registries.conf
per containers-registries.conf(5).
[[registry]]
location = "localhost:5000"
insecure = true
Using skopeo with your local zot is an easy way to get some images into it. The usage looks something like:
skopeo copy --dest-creds="zot:zot" --dest-tls-verify \
docker://ubuntu:latest \
docker://localhost:5000/docker-sync/ubuntu:latest
If you have a real (or trusted) CA you can drop the '--dest-tls-verify'.
The sync-docker2zot
script here will automate the syncing of some images into your local zot. Just run:
./sync-docker2zot