github.com/tompao/docker@v1.9.1/docs/reference/api/registry_api.md (about) 1 <!--[metadata]> 2 +++ 3 draft = true 4 title = "Registry v1 API" 5 description = "API Documentation for Docker Registry" 6 keywords = ["API, Docker, index, registry, REST, documentation"] 7 [menu.main] 8 parent="smn_registry_ref" 9 +++ 10 <![end-metadata]--> 11 12 # Docker Registry API v1 13 14 ## Introduction 15 16 - This is the REST API for the Docker Registry 1.0 17 - It stores the images and the graph for a set of repositories 18 - It does not have user accounts data 19 - It has no notion of user accounts or authorization 20 - It delegates authentication and authorization to the Index Auth 21 service using tokens 22 - It supports different storage backends (S3, cloud files, local FS) 23 - It doesn't have a local database 24 - The registry is open source: [Docker Registry](https://github.com/docker/docker-registry) 25 26 We expect that there will be multiple registries out there. To help to 27 grasp the context, here are some examples of registries: 28 29 - **sponsor registry**: such a registry is provided by a third-party 30 hosting infrastructure as a convenience for their customers and the 31 Docker community as a whole. Its costs are supported by the third 32 party, but the management and operation of the registry are 33 supported by Docker. It features read/write access, and delegates 34 authentication and authorization to the Index. 35 - **mirror registry**: such a registry is provided by a third-party 36 hosting infrastructure but is targeted at their customers only. Some 37 mechanism (unspecified to date) ensures that public images are 38 pulled from a sponsor registry to the mirror registry, to make sure 39 that the customers of the third-party provider can `docker pull` 40 those images locally. 41 - **vendor registry**: such a registry is provided by a software 42 vendor, who wants to distribute Docker images. It would be operated 43 and managed by the vendor. Only users authorized by the vendor would 44 be able to get write access. Some images would be public (accessible 45 for anyone), others private (accessible only for authorized users). 46 Authentication and authorization would be delegated to the Index. 47 The goal of vendor registries is to let someone do `docker pull 48 basho/riak1.3` and automatically push from the vendor registry 49 (instead of a sponsor registry); i.e., get all the convenience of a 50 sponsor registry, while retaining control on the asset distribution. 51 - **private registry**: such a registry is located behind a firewall, 52 or protected by an additional security layer (HTTP authorization, 53 SSL client-side certificates, IP address authorization...). The 54 registry is operated by a private entity, outside of Docker's 55 control. It can optionally delegate additional authorization to the 56 Index, but it is not mandatory. 57 58 > **Note**: 59 > Mirror registries and private registries which do not use the Index 60 > don't even need to run the registry code. They can be implemented by any 61 > kind of transport implementing HTTP GET and PUT. Read-only registries 62 > can be powered by a simple static HTTPS server. 63 64 > **Note**: 65 > The latter implies that while HTTP is the protocol of choice for a registry, 66 > multiple schemes are possible (and in some cases, trivial): 67 > 68 > - HTTP with GET (and PUT for read-write registries); 69 > - local mount point; 70 > - remote Docker addressed through SSH. 71 72 The latter would only require two new commands in Docker, e.g., 73 `registryget` and `registryput`, wrapping access to the local filesystem 74 (and optionally doing consistency checks). Authentication and authorization 75 are then delegated to SSH (e.g., with public keys). 76 77 > **Note**: 78 > Private registry servers that expose an HTTP endpoint need to be secured with 79 > TLS (preferably TLSv1.2, but at least TLSv1.0). Make sure to put the CA 80 > certificate at /etc/docker/certs.d/my.registry.com:5000/ca.crt on the Docker 81 > host, so that the daemon can securely access the private registry. 82 > Support for SSLv3 and lower is not available due to security issues. 83 84 The default namespace for a private repository is `library`. 85 86 # Endpoints 87 88 ## Images 89 90 ### Get image layer 91 92 `GET /v1/images/(image_id)/layer` 93 94 Get image layer for a given `image_id` 95 96 **Example Request**: 97 98 GET /v1/images/088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c/layer HTTP/1.1 99 Host: registry-1.docker.io 100 Accept: application/json 101 Content-Type: application/json 102 Authorization: Token signature=123abc,repository="foo/bar",access=read 103 104 Parameters: 105 106 - **image_id** – the id for the layer you want to get 107 108 **Example Response**: 109 110 HTTP/1.1 200 111 Vary: Accept 112 X-Docker-Registry-Version: 0.6.0 113 Cookie: (Cookie provided by the Registry) 114 115 {layer binary data stream} 116 117 Status Codes: 118 119 - **200** – OK 120 - **401** – Requires authorization 121 - **404** – Image not found 122 123 ### Put image layer 124 125 `PUT /v1/images/(image_id)/layer` 126 127 Put image layer for a given `image_id` 128 129 **Example Request**: 130 131 PUT /v1/images/088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c/layer HTTP/1.1 132 Host: registry-1.docker.io 133 Transfer-Encoding: chunked 134 Authorization: Token signature=123abc,repository="foo/bar",access=write 135 136 {layer binary data stream} 137 138 Parameters: 139 140 - **image_id** – the id for the layer you want to get 141 142 **Example Response**: 143 144 HTTP/1.1 200 145 Vary: Accept 146 Content-Type: application/json 147 X-Docker-Registry-Version: 0.6.0 148 149 "" 150 151 Status Codes: 152 153 - **200** – OK 154 - **401** – Requires authorization 155 - **404** – Image not found 156 157 ## Image 158 159 ### Put image layer 160 161 `PUT /v1/images/(image_id)/json` 162 163 Put image for a given `image_id` 164 165 **Example Request**: 166 167 PUT /v1/images/088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c/json HTTP/1.1 168 Host: registry-1.docker.io 169 Accept: application/json 170 Content-Type: application/json 171 Cookie: (Cookie provided by the Registry) 172 173 { 174 id: "088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c", 175 parent: "aeee6396d62273d180a49c96c62e45438d87c7da4a5cf5d2be6bee4e21bc226f", 176 created: "2013-04-30T17:46:10.843673+03:00", 177 container: "8305672a76cc5e3d168f97221106ced35a76ec7ddbb03209b0f0d96bf74f6ef7", 178 container_config: { 179 Hostname: "host-test", 180 User: "", 181 Memory: 0, 182 MemorySwap: 0, 183 AttachStdin: false, 184 AttachStdout: false, 185 AttachStderr: false, 186 Tty: false, 187 OpenStdin: false, 188 StdinOnce: false, 189 Env: null, 190 Cmd: [ 191 "/bin/bash", 192 "-c", 193 "apt-get -q -yy -f install libevent-dev" 194 ], 195 Dns: null, 196 Image: "imagename/blah", 197 Volumes: { }, 198 VolumesFrom: "" 199 }, 200 docker_version: "0.1.7" 201 } 202 203 Parameters: 204 205 - **image_id** – the id for the layer you want to get 206 207 **Example Response**: 208 209 HTTP/1.1 200 210 Vary: Accept 211 Content-Type: application/json 212 X-Docker-Registry-Version: 0.6.0 213 214 "" 215 216 Status Codes: 217 218 - **200** – OK 219 - **401** – Requires authorization 220 221 ### Get image layer 222 223 `GET /v1/images/(image_id)/json` 224 225 Get image for a given `image_id` 226 227 **Example Request**: 228 229 GET /v1/images/088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c/json HTTP/1.1 230 Host: registry-1.docker.io 231 Accept: application/json 232 Content-Type: application/json 233 Cookie: (Cookie provided by the Registry) 234 235 Parameters: 236 237 - **image_id** – the id for the layer you want to get 238 239 **Example Response**: 240 241 HTTP/1.1 200 242 Vary: Accept 243 Content-Type: application/json 244 X-Docker-Registry-Version: 0.6.0 245 X-Docker-Size: 456789 246 X-Docker-Checksum: b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087 247 248 { 249 id: "088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c", 250 parent: "aeee6396d62273d180a49c96c62e45438d87c7da4a5cf5d2be6bee4e21bc226f", 251 created: "2013-04-30T17:46:10.843673+03:00", 252 container: "8305672a76cc5e3d168f97221106ced35a76ec7ddbb03209b0f0d96bf74f6ef7", 253 container_config: { 254 Hostname: "host-test", 255 User: "", 256 Memory: 0, 257 MemorySwap: 0, 258 AttachStdin: false, 259 AttachStdout: false, 260 AttachStderr: false, 261 Tty: false, 262 OpenStdin: false, 263 StdinOnce: false, 264 Env: null, 265 Cmd: [ 266 "/bin/bash", 267 "-c", 268 "apt-get -q -yy -f install libevent-dev" 269 ], 270 Dns: null, 271 Image: "imagename/blah", 272 Volumes: { }, 273 VolumesFrom: "" 274 }, 275 docker_version: "0.1.7" 276 } 277 278 Status Codes: 279 280 - **200** – OK 281 - **401** – Requires authorization 282 - **404** – Image not found 283 284 ## Ancestry 285 286 ### Get image ancestry 287 288 `GET /v1/images/(image_id)/ancestry` 289 290 Get ancestry for an image given an `image_id` 291 292 **Example Request**: 293 294 GET /v1/images/088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c/ancestry HTTP/1.1 295 Host: registry-1.docker.io 296 Accept: application/json 297 Content-Type: application/json 298 Cookie: (Cookie provided by the Registry) 299 300 Parameters: 301 302 - **image_id** – the id for the layer you want to get 303 304 **Example Response**: 305 306 HTTP/1.1 200 307 Vary: Accept 308 Content-Type: application/json 309 X-Docker-Registry-Version: 0.6.0 310 311 ["088b4502f51920fbd9b7c503e87c7a2c05aa3adc3d35e79c031fa126b403200f", 312 "aeee63968d87c7da4a5cf5d2be6bee4e21bc226fd62273d180a49c96c62e4543", 313 "bfa4c5326bc764280b0863b46a4b20d940bc1897ef9c1dfec060604bdc383280", 314 "6ab5893c6927c15a15665191f2c6cf751f5056d8b95ceee32e43c5e8a3648544"] 315 316 Status Codes: 317 318 - **200** – OK 319 - **401** – Requires authorization 320 - **404** – Image not found 321 322 ## Tags 323 324 ### List repository tags 325 326 `GET /v1/repositories/(namespace)/(repository)/tags` 327 328 Get all of the tags for the given repo. 329 330 **Example Request**: 331 332 GET /v1/repositories/reynholm/help-system-server/tags HTTP/1.1 333 Host: registry-1.docker.io 334 Accept: application/json 335 Content-Type: application/json 336 X-Docker-Registry-Version: 0.6.0 337 Cookie: (Cookie provided by the Registry) 338 339 Parameters: 340 341 - **namespace** – namespace for the repo 342 - **repository** – name for the repo 343 344 **Example Response**: 345 346 HTTP/1.1 200 347 Vary: Accept 348 Content-Type: application/json 349 X-Docker-Registry-Version: 0.6.0 350 351 { 352 "latest": "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f", 353 "0.1.1": "b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087" 354 } 355 356 Status Codes: 357 358 - **200** – OK 359 - **401** – Requires authorization 360 - **404** – Repository not found 361 362 ### Get image id for a particular tag 363 364 `GET /v1/repositories/(namespace)/(repository)/tags/(tag*)` 365 366 Get a tag for the given repo. 367 368 **Example Request**: 369 370 GET /v1/repositories/reynholm/help-system-server/tags/latest HTTP/1.1 371 Host: registry-1.docker.io 372 Accept: application/json 373 Content-Type: application/json 374 X-Docker-Registry-Version: 0.6.0 375 Cookie: (Cookie provided by the Registry) 376 377 Parameters: 378 379 - **namespace** – namespace for the repo 380 - **repository** – name for the repo 381 - **tag** – name of tag you want to get 382 383 **Example Response**: 384 385 HTTP/1.1 200 386 Vary: Accept 387 Content-Type: application/json 388 X-Docker-Registry-Version: 0.6.0 389 390 "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f" 391 392 Status Codes: 393 394 - **200** – OK 395 - **401** – Requires authorization 396 - **404** – Tag not found 397 398 ### Delete a repository tag 399 400 `DELETE /v1/repositories/(namespace)/(repository)/tags/(tag*)` 401 402 Delete the tag for the repo 403 404 **Example Request**: 405 406 DELETE /v1/repositories/reynholm/help-system-server/tags/latest HTTP/1.1 407 Host: registry-1.docker.io 408 Accept: application/json 409 Content-Type: application/json 410 Cookie: (Cookie provided by the Registry) 411 412 Parameters: 413 414 - **namespace** – namespace for the repo 415 - **repository** – name for the repo 416 - **tag** – name of tag you want to delete 417 418 **Example Response**: 419 420 HTTP/1.1 200 421 Vary: Accept 422 Content-Type: application/json 423 X-Docker-Registry-Version: 0.6.0 424 425 "" 426 427 Status Codes: 428 429 - **200** – OK 430 - **401** – Requires authorization 431 - **404** – Tag not found 432 433 ### Set a tag for a specified image id 434 435 `PUT /v1/repositories/(namespace)/(repository)/tags/(tag*)` 436 437 Put a tag for the given repo. 438 439 **Example Request**: 440 441 PUT /v1/repositories/reynholm/help-system-server/tags/latest HTTP/1.1 442 Host: registry-1.docker.io 443 Accept: application/json 444 Content-Type: application/json 445 Cookie: (Cookie provided by the Registry) 446 447 "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f" 448 449 Parameters: 450 451 - **namespace** – namespace for the repo 452 - **repository** – name for the repo 453 - **tag** – name of tag you want to add 454 455 **Example Response**: 456 457 HTTP/1.1 200 458 Vary: Accept 459 Content-Type: application/json 460 X-Docker-Registry-Version: 0.6.0 461 462 "" 463 464 Status Codes: 465 466 - **200** – OK 467 - **400** – Invalid data 468 - **401** – Requires authorization 469 - **404** – Image not found 470 471 ## Repositories 472 473 ### Delete a repository 474 475 `DELETE /v1/repositories/(namespace)/(repository)/` 476 477 Delete a repository 478 479 **Example Request**: 480 481 DELETE /v1/repositories/reynholm/help-system-server/ HTTP/1.1 482 Host: registry-1.docker.io 483 Accept: application/json 484 Content-Type: application/json 485 Cookie: (Cookie provided by the Registry) 486 487 "" 488 489 Parameters: 490 491 - **namespace** – namespace for the repo 492 - **repository** – name for the repo 493 494 **Example Response**: 495 496 HTTP/1.1 200 497 Vary: Accept 498 Content-Type: application/json 499 X-Docker-Registry-Version: 0.6.0 500 501 "" 502 503 Status Codes: 504 505 - **200** – OK 506 - **401** – Requires authorization 507 - **404** – Repository not found 508 509 ## Search 510 511 If you need to search the index, this is the endpoint you would use. 512 513 `GET /v1/search` 514 515 Search the Index given a search term. It accepts 516 517 [GET](http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.3) 518 only. 519 520 **Example request**: 521 522 GET /v1/search?q=search_term&page=1&n=25 HTTP/1.1 523 Host: index.docker.io 524 Accept: application/json 525 526 Query Parameters: 527 528 - **q** – what you want to search for 529 - **n** - number of results you want returned per page (default: 25, min:1, max:100) 530 - **page** - page number of results 531 532 **Example response**: 533 534 HTTP/1.1 200 OK 535 Vary: Accept 536 Content-Type: application/json 537 538 {"num_pages": 1, 539 "num_results": 3, 540 "results" : [ 541 {"name": "ubuntu", "description": "An ubuntu image..."}, 542 {"name": "centos", "description": "A centos image..."}, 543 {"name": "fedora", "description": "A fedora image..."} 544 ], 545 "page_size": 25, 546 "query":"search_term", 547 "page": 1 548 } 549 550 Response Items: 551 - **num_pages** - Total number of pages returned by query 552 - **num_results** - Total number of results returned by query 553 - **results** - List of results for the current page 554 - **page_size** - How many results returned per page 555 - **query** - Your search term 556 - **page** - Current page number 557 558 Status Codes: 559 560 - **200** – no error 561 - **500** – server error 562 563 ## Status 564 565 ### Status check for registry 566 567 `GET /v1/_ping` 568 569 Check status of the registry. This endpoint is also used to 570 determine if the registry supports SSL. 571 572 **Example Request**: 573 574 GET /v1/_ping HTTP/1.1 575 Host: registry-1.docker.io 576 Accept: application/json 577 Content-Type: application/json 578 579 "" 580 581 **Example Response**: 582 583 HTTP/1.1 200 584 Vary: Accept 585 Content-Type: application/json 586 X-Docker-Registry-Version: 0.6.0 587 588 "" 589 590 Status Codes: 591 592 - **200** – OK 593 594 ## Authorization 595 596 This is where we describe the authorization process, including the 597 tokens and cookies. 598