This example demonstrates deploying Registry using a container that implements the mod_auth_openidc for authentication and MariaDB as the database. The example uses a container to deploy MariaDB but it is not a requirement to do so.

The instructions use Docker Compose and assume a Linux environment. We recommend not using Docker Desktop and instead using Docker Engine and Docker CLI with the Compose plugin installed (Scenario two).

This example puts secrets directly into the compose file. We strongly recommend you investigate various container orchestration systems and approaches to managing sensitive information.

  1. Create a directory to store database state:

    mkdir -p var/lib/mysql


  2. Create a directory to hold an X.509 certificate and private key for HTTPS (This approach uses the slashRoot mechanism. An alternative is to bind mount or COPY the files into the container/image and use the HTTPS_CERT_FILE and HTTPS_PRIVKEY_FILE environment variables):

    mkdir -p opt/registry/slashRoot/etc/apache2
cp fullchain.pem opt/registry/slashRoot/etc/apache2/cert.pem
cp privkey.pem opt/registry/slashRoot/etc/apache2/privkey.pem
sudo chown 33 opt/registry/slashRoot/etc/apache2/*.pem
sudo chmod 0600 opt/registry/slashRoot/etc/apache2/privkey.pem


  3. Create the Compose YAML file docker-compose.yml with contents

    services:
    comanage-registry-database:
        image: mariadb:10.10
        volumes:
            - ${PWD}/var/lib/mysql:/var/lib/mysql
        environment:
            - MARIADB_ROOT_PASSWORD=IwiydNTR7jUU0R7Mul92
            - MARIADB_DATABASE=registry
            - MARIADB_USER=registry_user
            - MARIADB_PASSWORD=mDSTuw12VyphRM7TvhNW

    comanage-registry:
        image: comanageproject/comanage-registry:4.1.2-mod_auth_openidc-1
        volumes:
            - ${PWD}/opt/registry/slashRoot:/opt/registry/slashRoot
        environment:
            - COMANAGE_REGISTRY_ADMIN_GIVEN_NAME=Scott
            - COMANAGE_REGISTRY_ADMIN_FAMILY_NAME=Koranda
            - COMANAGE_REGISTRY_ADMIN_USERNAME=http://cilogon.org/serverT/users/27326098
            - COMANAGE_REGISTRY_DATASOURCE=Database/Mysql
            - COMANAGE_REGISTRY_DATABASE=registry
            - COMANAGE_REGISTRY_DATABASE_HOST=comanage-registry-database
            - COMANAGE_REGISTRY_DATABASE_USER=registry_user
            - COMANAGE_REGISTRY_DATABASE_USER_PASSWORD=mDSTuw12VyphRM7TvhNW
            - COMANAGE_REGISTRY_EMAIL_FROM_EMAIL=registry@example.com
            - COMANAGE_REGISTRY_EMAIL_FROM_NAME=Registry
            - COMANAGE_REGISTRY_EMAIL_TRANSPORT=Smtp
            - COMANAGE_REGISTRY_EMAIL_HOST=tls://smtp.gmail.com
            - COMANAGE_REGISTRY_EMAIL_PORT=465
            - COMANAGE_REGISTRY_EMAIL_ACCOUNT=registry@example.com
            - COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD=Pr3gP6PvaTlxusMMhHEp
            - COMANAGE_REGISTRY_OIDC_CLIENT_ID=cilogon:/client_id/8c1f02f06ab959a9400ecd1e907173
            - COMANAGE_REGISTRY_OIDC_CLIENT_SECRET=PuE4eIqsvIZ66vt
            - COMANAGE_REGISTRY_OIDC_CRYPTO_PASSPHRASE=8389LlP3wNrSbIO7kzRp
            - COMANAGE_REGISTRY_OIDC_PROVIDER_METADATA_URL=https://cilogon.org/.well-known/openid-configuration
            - COMANAGE_REGISTRY_OIDC_SCOPES=openid email profile org.cilogon.userinfo
            - COMANAGE_REGISTRY_SECURITY_SALT=HH5WyMJIZ81uwHkPWpalUHSt9sAMIKHILDmNX8pI
            - COMANAGE_REGISTRY_SECURITY_SEED=076674830359094113871495332036
            - COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN=registry.example.com
        ports:
            - "80:80"
            - "443:443"


  4. Start the containers:

    docker compose up -d
  5. Wait for the images to be pulled and the containers to start.
  6. Browse to the value you used for COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN.

  7. To stop the containers:

    docker compose down
  • No labels