Basic Configuration

Enterprise Logo URL:	Enter the full URL to your company's logo.
Contact Information:	Information to show in the Contact Page. If none specified, CoreOS contact information is displayed.
User Creation:	Enable Open User Creation If enabled, user accounts can be created by anyone. Users can always be created in the users panel under this superuser view.
Encrypted Client Password:	Require Encrypted Client Passwords If enabled, users will not be able to login from the Docker command line with a non-encrypted password and must generate an encrypted password to use. This feature is highly recommended for setups with LDAP authentication, as Docker currently stores passwords in plaintext on user's machines.

Server Configuration

Server Hostname:

The HTTP host (and optionally the port number if a non-standard HTTP/HTTPS port) of the location where the registry will be accessible on the network

SSL:

Enable SSL

A valid SSL certificate and private key files are required to use this option.

Certificate:	The certificate must be in PEM format.
Private key:

redis

A redis key-value store is required for real-time events and build logs.

Redis Hostname:	>
Redis port:	Access to this port and hostname must be allowed from all hosts running the enterprise registry
Redis password:

Registry Storage

Registry images can be stored either locally or in a remote storage system. A remote storage system is required for high-avaliability systems.

Storage Engine:
{{ field.title }}:	{{ field.placeholder }} See Documentation for more information

E-mail

Valid e-mail server configuration is required for notification e-mails and the ability of users to reset their passwords.

Enable E-mails

SMTP Server: >

SMTP Server Port:

TLS:

Use TLS

Mail Sender:

E-mail address from which all e-mails are sent. If not specified, support@quay.io will be used.

Authentication:

Requires Authentication

Username:
Password:

Authentication

Authentication for the registry can be handled by either the registry itself or LDAP. External authentication providers (such as GitHub) can be used on top of this choice.

It is highly recommended to require encrypted client passwords. LDAP passwords used in the Docker client will be stored in plaintext! Enable this requirement now.

Note: The "Require Encrypted Client Passwords" feature is currently enabled which will prevent LDAP passwords from being saved as plaintext by the Docker client.

Authentication:

LDAP URI:	The full LDAP URI, including the ldap:// or ldaps:// prefix.
Base DN:	A list of Distinguished Name pieces which forms the base path for looking up all LDAP records. Example: [dc=my,dc=domain,dc=com]
User Relative DN:	A list of Distinguished Name pieces which forms the base path for looking up all user LDAP records, relative to the Base DN defined above. Example: [ou=employees]
Administrator DN:	The Distinguished Name for the Administrator account. This account must be able to login and view the records for all user accounts. Example: uid=admin,ou=employees,dc=my,dc=domain,dc=com
Administrator DN Password:	Note: This will be stored in plaintext inside the config.yaml, so setting up a dedicated account or using a password hash is highly recommended. The password for the Administrator DN.
UID Attribute:	The name of the property field in your LDAP user records that stores your users' username. Typically "uid".
Mail Attribute:	The name of the property field in your LDAP user records that stores your users' e-mail address(es). Typically "mail".

GitHub (Enterprise) Authentication

If enabled, users can use GitHub or GitHub Enterprise to authenticate to the registry.

Note: A registered GitHub (Enterprise) OAuth application is required. View instructions on how to Create an OAuth Application in GitHub

Enable GitHub Authentication

GitHub:
GitHub Endpoint:	The GitHub Enterprise endpoint. Must start with http:// or https://.
OAuth Client ID:
OAuth Client Secret:
Organization Filtering:	Restrict By Organization Membership If enabled, only members of specified GitHub Enterprise organizations will be allowed to login via GitHub Enterprise.

Google Authentication

If enabled, users can use Google to authenticate to the registry.

Note: A registered Google OAuth application is required. Visit the Google Developer Console to register an application.

Enable Google Authentication

OAuth Client ID:
OAuth Client Secret:

Dockerfile Build Support

If enabled, users can submit Dockerfiles to be built and pushed by the Enterprise Registry.

Enable Dockerfile Build

Note: Build workers are required for this feature. See Adding Build Workers for instructions on how to setup build workers.

GitHub (Enterprise) Build Triggers

If enabled, users can setup GitHub or GitHub Enterprise triggers to invoke Registry builds.

Note: A registered GitHub (Enterprise) OAuth application (separate from GitHub Authentication) is required. View instructions on how to Create an OAuth Application in GitHub

Enable GitHub Triggers

GitHub:
GitHub Endpoint:	The GitHub Enterprise endpoint. Must start with http:// or https://.
OAuth Client ID:
OAuth Client Secret:

BitBucket Build Triggers

If enabled, users can setup BitBucket triggers to invoke Registry builds.

Note: A registered BitBucket OAuth application is required. View instructions on how to Create an OAuth Application in BitBucket

Enable BitBucket Triggers

OAuth Consumer Key:
OAuth Consumer Secret:

GitLab Build Triggers

If enabled, users can setup GitLab triggers to invoke Registry builds.

Note: A registered GitLab OAuth application is required. Visit the GitLab applications admin panel to create a new application.

The callback URL to use is: {{ config.PREFERRED_URL_SCHEME || 'http' }}://{{ config.SERVER_HOSTNAME || 'localhost' }}/oauth2/gitlab/callback/trigger

Enable GitLab Triggers

GitLab:
GitLab Endpoint:	The GitLab Enterprise endpoint. Must start with http:// or https://.
OAuth Client ID:
OAuth Client Secret:

Checking your settings