This example demonstrates deploying Registry using a container that implements the mod_auth_openidc for authentication and MariaDB as the database. The example uses a container to deploy MariaDB but it is not a requirement to do so.
The instructions use Docker Compose and assume a Linux environment. We recommend not using Docker Desktop and instead using Docker Engine and Docker CLI with the Compose plugin installed (Scenario two).
This example puts secrets directly into the compose file. We strongly recommend you investigate various container orchestration systems and approaches to managing sensitive information.
Create a directory to store database state:
mkdir -p var/lib/mysql
Create a directory to hold an X.509 certificate and private key for HTTPS (This approach uses the slashRoot mechanism. An alternative is to bind mount or COPY the files into the container/image and use the HTTPS_CERT_FILE and HTTPS_PRIVKEY_FILE environment variables):
mkdir -p opt/registry/slashRoot/etc/apache2 cp fullchain.pem opt/registry/slashRoot/etc/apache2/cert.pem cp privkey.pem opt/registry/slashRoot/etc/apache2/privkey.pem sudo chown 33 opt/registry/slashRoot/etc/apache2/*.pem sudo chmod 0600 opt/registry/slashRoot/etc/apache2/privkey.pem
Create the Compose YAML file docker-compose.yml with contents
services: comanage-registry-database: image: mariadb:10.10 volumes: - ${PWD}/var/lib/mysql:/var/lib/mysql environment: - MARIADB_ROOT_PASSWORD=IwiydNTR7jUU0R7Mul92 - MARIADB_DATABASE=registry - MARIADB_USER=registry_user - MARIADB_PASSWORD=mDSTuw12VyphRM7TvhNW comanage-registry: image: comanageproject/comanage-registry:4.1.2-mod_auth_openidc-1 volumes: - ${PWD}/opt/registry/slashRoot:/opt/registry/slashRoot environment: - COMANAGE_REGISTRY_ADMIN_GIVEN_NAME=Scott - COMANAGE_REGISTRY_ADMIN_FAMILY_NAME=Koranda - COMANAGE_REGISTRY_ADMIN_USERNAME=http://cilogon.org/serverT/users/27326098 - COMANAGE_REGISTRY_DATASOURCE=Database/Mysql - COMANAGE_REGISTRY_DATABASE=registry - COMANAGE_REGISTRY_DATABASE_HOST=comanage-registry-database - COMANAGE_REGISTRY_DATABASE_USER=registry_user - COMANAGE_REGISTRY_DATABASE_USER_PASSWORD=mDSTuw12VyphRM7TvhNW - COMANAGE_REGISTRY_EMAIL_FROM_EMAIL=registry@example.com - COMANAGE_REGISTRY_EMAIL_FROM_NAME=Registry - COMANAGE_REGISTRY_EMAIL_TRANSPORT=Smtp - COMANAGE_REGISTRY_EMAIL_HOST=tls://smtp.gmail.com - COMANAGE_REGISTRY_EMAIL_PORT=465 - COMANAGE_REGISTRY_EMAIL_ACCOUNT=registry@example.com - COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD=Pr3gP6PvaTlxusMMhHEp - COMANAGE_REGISTRY_OIDC_CLIENT_ID=cilogon:/client_id/8c1f02f06ab959a9400ecd1e907173 - COMANAGE_REGISTRY_OIDC_CLIENT_SECRET=PuE4eIqsvIZ66vt - COMANAGE_REGISTRY_OIDC_CRYPTO_PASSPHRASE=8389LlP3wNrSbIO7kzRp - COMANAGE_REGISTRY_OIDC_PROVIDER_METADATA_URL=https://cilogon.org/.well-known/openid-configuration - COMANAGE_REGISTRY_OIDC_SCOPES=openid email profile org.cilogon.userinfo - COMANAGE_REGISTRY_SECURITY_SALT=HH5WyMJIZ81uwHkPWpalUHSt9sAMIKHILDmNX8pI - COMANAGE_REGISTRY_SECURITY_SEED=076674830359094113871495332036 - COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN=registry.example.com ports: - "80:80" - "443:443"
Start the containers:
docker compose up -d
- Wait for the images to be pulled and the containers to start.
- Browse to the value you used for COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN.
To stop the containers:
docker compose down