While this repository has been inactive for some time, this formal notice, issued on December 10, 2024, serves as the official declaration to clarify the situation. Consequently, this repository and all associated resources (including related projects, code, documentation, and distributed packages such as Docker images, PyPI packages, etc.) are now explicitly declared unmaintained and abandoned.
I would like to remind everyone that this project’s free license has always been based on the principle that the software is provided "AS-IS", without any warranty or expectation of liability or maintenance from the maintainer. As such, it is used solely at the user's own risk, with no warranty or liability from the maintainer, including but not limited to any damages arising from its use.
Due to the enactment of the Cyber Resilience Act (EU Regulation 2024/2847), which significantly alters the regulatory framework, including penalties of up to €15M, combined with its demands for unpaid and indefinite liability, it has become untenable for me to continue maintaining all my Open Source Projects as a natural person. The new regulations impose personal liability risks and create an unacceptable burden, regardless of my personal situation now or in the future, particularly when the work is done voluntarily and without compensation.
No further technical support, updates (including security patches), or maintenance, of any kind, will be provided.
These resources may remain online, but solely for public archiving, documentation, and educational purposes.
Users are strongly advised not to use these resources in any active or production-related projects, and to seek alternative solutions that comply with the new legal requirements (EU CRA).
Using these resources outside of these contexts is strictly prohibited and is done at your own risk.
Regarding the potential transfer of the project to another entity, discussions are ongoing, but no final decision has been made yet. As a last resort, if the project and its associated resources are not transferred, I may begin removing any published resources related to this project (e.g., from PyPI, Docker Hub, GitHub, etc.) starting March 15, 2025, especially if the CRA’s risks remain disproportionate.
- Website | Documentation | Blog | Supported versions | How to deploy
- Mailing list: Google Groups
- Last stable release: 2.4.0 (
2.4andlatesttags from the official Docker image)
Portus is an authorization server and a user interface for the next generation of the Docker registry. Portus targets version 2 of the Docker Registry API. The minimum required version of Registry is 2.1, which is the first version supporting soft deletes of blobs.
| master | v2.4 | Code Climate |
|---|---|---|
 |
 |
  |
Portus supports the concept of users and teams. Users have their own personal
Docker namespace where they have both read (aka docker pull) and write (aka
docker push) access. A team is a group of users that have read and write
access to a certain namespace. You can read more about this in our
documentation page about
it.
Portus implements the token based authentication system described by the new version of the Docker registry. This can be used to have full control over the images served by an instance of the Docker registry.
Portus provides quick access to all the images available on your private
instance of Docker registry. User's privileges are taken into account to make
sure private images (the ones requiring special rights also for docker pull)
are not shown to unauthorized personnel.
Portus allows you to host everything on your servers, on your own infrastructure. You don't have to trust a third-party service, just own everything yourself. Take a look at our documentation to read the different setups in which you can deploy Portus.
Some highlights:
- Synchronization with your private registry in order to fetch which images and tags are available.
- LDAP user authentication.
- OAuth and OpenID-Connect authentication
- Monitoring of all the activities performed onto your private registry and Portus itself.
- Search for repositories and tags inside of your private registry.
- Star your favorite repositories.
- Disable users temporarily.
- Optionally use Application Tokens for better security.
Take a tour by our documentation site to read more about this.
There are multiple ways of setting up a development
environment. We
recommend using docker-compose, so you only need to perform:
$ docker-compose up
You can read more about this environment here.
Also, make sure to understand our contribution guidelines, as explained in this document.
Unit tests are located in the spec directory. To run them, simply:
$ bundle exec rspec spec
Make sure to install phantomjs from your Linux
distribution before running unit tests, since feature tests rely on PhantomJS
being installed. All the other ruby dependencies are already covered by our
Gemfile.
We also have tests in the frontend. For this, you have to install yarn from your Linux distribution and run:
$ yarn test
Check this document in order to better understand how integration tests work. For development, though, if you have already installed Docker, docker-composer and bats, running the following should just work:
$ chmod +x bin/test-integration.sh
$ ./bin/test-integration.sh
A common pitfall for developers is to forget about code style. For that, make sure to run rubocop:
$ bundle exec rubocop -a
Note that the command above includes the -a flag. This flag will automatically
fix small issues for you. We also run a code style check for the frontend code:
$ yarn eslint
We also run brakeman in order to detect security vulnerabilities:
$ bundle exec brakeman
Last but not least, make sure that your git commit follows a proper style. To ensure this, you can run the following task:
$ bundle exec rake test:git
We use Travis CI for continuous integration. You can run what we run in Travis locally:
$ chmod +x bin/ci.sh
$ ./bin/ci.sh
This script simply executes all the tests and checks that we have presented above.
Portus is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.