Skip to content

sub07/Wharf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.github/workflows
.github/workflows
 
 
.zed
.zed
 
 
src
src
 
 
static
static
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Wharf

A lightweight, server-side rendered web UI for Docker Registry v2. Gives your team visibility into what's in your registry — browse repositories, inspect tags and manifests (including multi-arch), and delete images — without touching the registry API directly.

Built with Rust (Axum + Maud). Single static binary, ~10 MB image, no JS framework, no database.

Quick Start

docker run -d \
  --name wharf \
  -p 8080:80 \
  -e REGISTRY_HOST=registry.example.com \
  -e REGISTRY_USERNAME=registry-api-user \
  -e REGISTRY_PASSWORD=registry-api-password \
  -e MANAGER_USERNAME=admin \
  -e MANAGER_PASSWORD=changeme \
  your-registry/wharf:latest

Wharf is now available at http://localhost:8080. The health check endpoint is at /health.

Configuration

All configuration is via environment variables — no config files.

Variable Description Default (in Docker)
REGISTRY_HOST Docker Registry v2 hostname (e.g. registry.example.com). Wharf connects over HTTPS. required
REGISTRY_USERNAME Credentials for the Registry v2 HTTP API (basic auth). required
REGISTRY_PASSWORD required
MANAGER_USERNAME Credentials for the Wharf web UI login. required
MANAGER_PASSWORD required
LISTEN_ADDR Bind address. 0.0.0.0
LISTEN_PORT Bind port. 80
STATIC_DIR Path to the static/ asset directory. /app/static

Two sets of credentials: REGISTRY_* credentials are used server-side to talk to your registry's v2 API. MANAGER_* credentials gate access to the Wharf UI itself (cookie-based auth, HttpOnly / Secure / SameSite=Strict).

Deployment

Docker Compose

services:
  wharf:
    image: your-registry/wharf:latest
    restart: unless-stopped
    ports:
      - "8080:80"
    environment:
      REGISTRY_HOST: registry.example.com
      REGISTRY_USERNAME: ${REGISTRY_USERNAME}
      REGISTRY_PASSWORD: ${REGISTRY_PASSWORD}
      MANAGER_USERNAME: ${MANAGER_USERNAME}
      MANAGER_PASSWORD: ${MANAGER_PASSWORD}
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:80/health"]
      interval: 30s
      timeout: 5s
      retries: 3

Reverse Proxy

Wharf serves plain HTTP. Terminate TLS at your reverse proxy. The Secure flag on auth cookies means browsers will only send them over HTTPS, so TLS termination in front of Wharf is recommended for production.

Features

  • Repository browser — lists all images with tag counts, paginated
  • Tag inspector — digest, architecture, creation date per tag
  • Multi-arch support — displays all platforms for manifest lists / OCI image indexes
  • Image deletion — delete individual tags or all tags for a repository
  • Copy pull commands — one-click docker pull commands
  • Light / dark theme

Building the Docker Image

Requires the Rust 2024 edition toolchain.

# Build the binary
cargo build --release

# Build the Docker image
docker build -t wharf:latest .

The Dockerfile expects the release binary at target/release/wharf and the static/ directory in the build context. The base image is ubuntu:24.04 (includes curl for healthchecks).

Registry Requirements

Wharf talks to the Docker Registry HTTP API V2. Your registry must:

  • Support HTTPS and basic authentication
  • Have the _catalog endpoint enabled (for listing repositories)
  • Have delete enabled (REGISTRY_STORAGE_DELETE_ENABLED=true) if you want to use the delete feature

License

MIT

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages