Is there any way to build cloudron apps without publishing the app to docker hub?
-
I am in an environment where based on our compliance requirements I cannot publish images to docker hub.
I have the Cloudron Build Service and Docker Registry apps installed on my cloudron instance.
I am trying to follow this tutorial to build a node js app.
I have cloned the sample app but when I look at the Build steps if I follow the steps I believe it would push the image to docker's public registry.
It seemed like possibly using the cloudron build service would address this so I installed that app and walked through the article on the app but it is not clear how to configure this to use the private registry hosted on cloudron.
I have updated the
docker.json
file to be:{ "cloudronbuildservice.cloudron.ourdomain.com: { "username": "email@address.com", "password": 'passwordthatcontians"character' } }
I have also tried
cloudron build --set-repository https://dockerregistry.cloudron.ourdoma8in.com/ourappname
and I get the following error:Using build service https://cloudronbuildservice.cloudron.ourdomain.com/ Building https://dockerregistry.cloudron.ourdomain.com/magnusonfinancialwebservices:20230914-165206-408b2a393 Uploading source tarball... Failed to build app (statusCode 404): <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Error</title> </head> <body> <pre>Cannot POST //api/v1/builds</pre> </body> </html>
This seems to be looking at the repository as the source for the code to build and not as the destination for what is built so I think I must not be understanding how this is supposed to work.
Trying to do a build without using the cloudron build service I looked at @timconsidine 's example here and it seems like I should be to run the following from the directory where the code from the nodejs sample app was cloned,
docker build -t https://dockerregistry.cloudron.ourdomain.com/ourappname:v1 .
This results in the error:
[+] Building 0.0s (0/0) docker:default ERROR: invalid tag "https://dockerregistry.cloudron.ourdomain.com/ourappname:v1": invalid reference format
The source code for this app will be hosted in gitea also on our cloudron instance and my intent is to have a workflow that takes the dockerfile from the gitea repo, uses the cloudron build service to build the app, publishes it to the docker repository hosted on cloudron, and then I can us the cloudron cli tool to install it on the cloudron server.
I am happy to work up to this in stages but I seem to be missing something about how even the basics of the process should work using docker to build it locally if I don't want to user dockerhub.
What can I do to build the sample app without using dockerhub?
Thanks for your help,
Chris
-
Earlier in the packaging tutorial it has steps to login to cloudron via the cli using
cloudron login my.example.com
but it doesn't have a sept to login to docker before trying to rundocker build
.At least one missing step I think that is needed to help get towards a solution is doing a docker login to the private docker registry hosted on cloudron by doing the following:
docker login https://dockerregistry.cloudron.ourdomain.com
and then login with your cloudron credentials.
-
To fix the docker build command drop the
https://
off of the tag name which turns it into:docker build -t dockerregistry.cloudron.ourdomain.com/cloudronusername/appname:v1 .
From this it seems like docker using the format of a tag name to defined the remote repository where a image should be pushed to, I feel like that isn't right as that seems like a bad idea.
Now when doing docker push change it to:
docker push dockerregistry.cloudron.ourdomain.com/cloudronusername/appname:v1
This isn't using the cloudron build server but at least this seems to work to get the image pushed to the cloudron hosted docker registry.
-
This post is deleted!
-
I'm not understanding the problem.
Certainly nohttps
needed in the docker build statement
The docker push goes to your own private registry -
To answer the original question atleast: Is there any way to build cloudron apps without publishing the app to docker hub? Yes, definitely.
Also, the "build service" is really just an exotic "docker build && docker push" done on the server side (instead of building and pushing from your laptop). You might ask why this is needed. This was mostly done because we work a lot out of coffee shops and libraries. Docker images, being large in size, usually cannot be pushed in public wifi. So, instead what we do is: upload just the package source code to the server and the server does the docker build and push.
This also means that if you have good internet access, you can just skip this build service stuff altogether.
The steps to create your app with a private registry are:
docker build -t myregistry/myapp:1.0.0 .
docker push myregistry/myapp:1.0.0
- you might have to docker login etc for this to work.- Images can be private or public. For example, all our appstore docker images are public, so it needs no authentication. If your images are private, you have to configure Cloudron with registry credentials - https://docs.cloudron.io/settings/#private-docker-registry
cloudron install --image myregistry/myapp:1.0.0
-
@girish I believe your instructions still result in the image that was built being pushed to docker hub.
Regardless of whether the image is marked private or public in docker hub, for compliance reasons we cannot use docker hub as a cloud service, private or public.
-
@ChristopherMag that is correct, it will be pushed by default to the docker hub. If using a private docker image registry, then you have to use this feature https://docs.cloudron.io/settings/#private-docker-registry
-
@ChristopherMag said in Is there any way to build cloudron apps without publishing the app to docker hub?:
@girish I believe your instructions still result in the image that was built being pushed to docker hub.
Not really, the format I used in the examples is <registry>/repo:tag . registry can be your registry. only if registry is missing, it will attempt docker hub.
@ChristopherMag that is correct, it will be pushed by default to the docker hub.
But I used myregistry in my examples. Wondering if I am missing something.
(note repository != registry)
-
@girish Your completely right, I didn't catch the wording and I was wrong.
I don't know of a way to have a registry on cloudron that isn't a domain, not just a host, so what makes more sense to me is seeing it has
docker build -t myregistry.cloudron.somedomain.com/myapp:1.0.0 .
Unless there is a way to alias a single hostname like
myregistry
to a more complete domain name.I haven't tested this but maybe docker will by default use the dns suffix learned from DHCP or manually configured as the suffix to
myregistry
so if you happen have cloudron hosting apps on the domain that matches your computers dns suffix then maybe you could specifymyregistry
and the rest would be properly inferred. -
@ChristopherMag good point I will remember to use
user.myregistry.com
or something like that next time!