mirrors/at-container-registry
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1b1400a6fb09e642e2e9dc6fb47cd2632b4274c9
at-container-registry/docs/appview.md
Evan Jarrett 1f72d90726 fix issue with mismatched scopes locally
2025-10-21 10:49:06 -05:00

3.0 KiB
Raw Blame History

ATCR AppView

The AppView is the OCI-compliant registry server for ATCR (ATProto Container Registry). It provides the Docker Registry HTTP API V2 and a web interface for browsing container images.

What is AppView?

AppView serves as the central registry server that:

  • Serves OCI Distribution API - Compatible with Docker, containerd, podman, and other OCI clients
  • Resolves ATProto identities - Converts handles and DIDs to PDS endpoints
  • Routes manifests - Stores container manifests as ATProto records in users' Personal Data Servers
  • Routes blobs - Proxies blob operations to hold services (S3-compatible storage)
  • Provides web UI - Browse, search, and star repositories

Image Format

Container images use ATProto identities:

atcr.io/alice.bsky.social/myapp:latest
atcr.io/did:plc:xyz123/myapp:latest

Using ATCR

Push Images

# Install credential helper
curl -fsSL https://atcr.io/install.sh | bash

# Configure Docker (add to ~/.docker/config.json)
{
  "credHelpers": {
    "atcr.io": "atcr"
  }
}

# Push images (authenticates automatically)
docker tag myapp:latest atcr.io/yourhandle/myapp:latest
docker push atcr.io/yourhandle/myapp:latest

Pull Images

# Public images (no auth required)
docker pull atcr.io/alice.bsky.social/myapp:latest

# Private images (automatic OAuth authentication)
docker pull atcr.io/yourhandle/private-app:latest

Running Your Own AppView

Deploy your own registry instance with Docker Compose:

# Create configuration
cp .env.appview.example .env.appview
# Edit .env.appview with your settings

# Start services
docker-compose up -d

Configuration

Key environment variables:

  • ATCR_HTTP_ADDR - HTTP listen address (default: :5000)
  • ATCR_BASE_URL - Public URL for OAuth/JWT realm
  • ATCR_DEFAULT_HOLD_DID - Default hold service DID for blob storage (required)
  • ATCR_UI_ENABLED - Enable web interface (default: true)
  • JETSTREAM_URL - ATProto event stream URL for real-time updates

See deployment documentation for production setup.

Features

  • OCI-compliant - Full Docker Registry API V2 support
  • ATProto OAuth - Secure authentication with DPoP
  • Decentralized storage - Manifests stored in users' PDS
  • Web UI - Browse repositories, view tags, search images
  • Real-time updates - Jetstream integration for live indexing
  • Multi-arch support - ARM64, AMD64, and other platforms
  • BYOS - Bring Your Own Storage via hold services

Storage Architecture

Hybrid model:

  • Manifests → ATProto records in user's PDS (small JSON metadata)
  • Blobs → Hold services with S3-compatible backends (large binary layers)

This design keeps metadata portable and federated while leveraging cheap blob storage for layers.

License

MIT

Documentation: https://tangled.org/@evan.jarrett.net/at-container-registry Source Code: https://tangled.org/@evan.jarrett.net/at-container-registry

Reference in New Issue View Git Blame Copy Permalink