Kyle Isom
fa35899443
OCI clients (podman, docker) require an absolute URL in the WWW-Authenticate realm. Derive it from the request Host header so it works behind any proxy. Add service_name to rift config. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
39 lines
1.2 KiB
TOML
39 lines
1.2 KiB
TOML
# MCR configuration for rift.
|
|
#
|
|
# Container registry fronted by mc-proxy:
|
|
# :8443 → mcr API (L4 passthrough via mc-proxy)
|
|
# :443 → mcr-web (L7 via mc-proxy)
|
|
#
|
|
# Copy to /srv/mcr/mcr.toml on rift before starting.
|
|
|
|
[server]
|
|
listen_addr = ":8443"
|
|
grpc_addr = ":9443"
|
|
tls_cert = "/srv/mcr/certs/mcr.pem"
|
|
tls_key = "/srv/mcr/certs/mcr.key"
|
|
read_timeout = "30s"
|
|
write_timeout = "0s"
|
|
idle_timeout = "120s"
|
|
shutdown_timeout = "60s"
|
|
|
|
[database]
|
|
path = "/srv/mcr/mcr.db"
|
|
|
|
[storage]
|
|
layers_path = "/srv/mcr/layers"
|
|
uploads_path = "/srv/mcr/uploads"
|
|
|
|
[mcias]
|
|
server_url = "https://mcias.metacircular.net:8443"
|
|
ca_cert = "/srv/mcr/certs/ca.pem"
|
|
service_name = "mcr"
|
|
service_token = "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL21jaWFzLm1ldGFjaXJjdWxhci5uZXQiLCJzdWIiOiIwYWM3NDk3ZS0wZTE5LTRhOWMtYWI3Yi03YWZjMzc0ZDU3NzIiLCJleHAiOjE4MDYwMzczNzMsIm5iZiI6MTc3NDUwMTM3MywiaWF0IjoxNzc0NTAxMzczLCJqdGkiOiI1NTM0ZDU0OS1kYzY5LTRiNzctYTY5MC0xNzQ3NjE0MDUzYzEiLCJyb2xlcyI6bnVsbH0.bsnoGMrFzJJCIanGuiAvpqmlO2OssvFjYynQgiSt_TPMuLxziRuwuRIL9C_kRnHdF7C6c1mTHncKVj1hkLPiCg"
|
|
|
|
[web]
|
|
listen_addr = ":8080"
|
|
grpc_addr = "mcr:9443"
|
|
ca_cert = "/srv/mcr/certs/ca.pem"
|
|
|
|
[log]
|
|
level = "info"
|