HN Reader

Ask HN: Is AI 'context switching' exhausting?

6 points by interstice 6h ago 7 comments

Ask HN: Data engineers, What suck when working on exploratory data-related task?

9 points by robz75 20h ago 13 comments

Is there a way to run an LLM as a better local search engine?

6 points by oblio 23h ago 13 comments

BMW ConnectedDrive lets me control my returned rental car (Sixt)

86 points by derturm666 2d ago 52 comments

Ask HN: You have $35,000 how do you invest it?

16 points by asim 22h ago 34 comments

Ask HN: What cool skill or project interests you, but feels out of reach?

125 points by akktor 9d ago 264 comments

Is GitHub Down?

39 points by Mahn 1d ago 23 comments

Ask HN: Tech people who are self employed. How do you do it?

17 points by throwaway_owe98 1d ago 6 comments

Ask HN: How to Deal with a Bad Manager?

84 points by finik_throwaway 2d ago 78 comments

Ask HN: How do I give back to people helped me when I was young and had nothing?

395 points by jupiterglimpse 5d ago 206 comments

What newspaper are you paying for these days?

11 points by mynti 1d ago 33 comments

Tell HN: Help restore the tax deduction for software dev in the US (Section 174)

2431 points by dang 9d ago 905 comments

Job searching and torrent-related homelab infra

2 points by McAlpine5892 1d ago 3 comments

Ask HN: What is your fallback job if AI takes away your career?

93 points by 7402 5d ago 191 comments

What does it mean to use C++ in the front end?

12 points by AliceHe2003 2d ago 3 comments

Ask HN: In a guide to inner work for founders and engs, what topics to cover?

3 points by cjbarber 1d ago 3 comments

Ask HN: How to learn CUDA to professional level

249 points by upmind 10d ago 82 comments

PSA: iwantmyname is utterly broken

5 points by kelstar18 1d ago 2 comments

Ask HN: Is there an AI bot that works like a literate programming build step

17 points by bryanrasmussen 3d ago 12 comments

Engineers at our startup don't build features anymore

14 points by s4293918 2d ago 18 comments

Ask HN: Genuine alternatives to Google and Apple for releasing paid apps

22 points by asjdflakjsdf 5d ago 13 comments

Ask HN: Is ageism in tech still a problem?

150 points by leonagano 5d ago 186 comments

Ask HN: Prevent Secrets from Committing to Repos

7 points by abhijais1 3d ago 14 comments

Ask HN: Casual Math Book Suggestions

15 points by vriendspookstem 5d ago 7 comments

Ask HN: Seeking ways to improve my planning skills and follow-through

23 points by skuuuLaPoo 6d ago 10 comments

Show HN: Unregistry – “docker push” directly to servers without a registry

324 psviderski 75 6/18/2025, 11:17:10 PM github.com ↗
I got tired of the push-to-registry/pull-from-registry dance every time I needed to deploy a Docker image.

In certain cases, using a full-fledged external (or even local) registry is annoying overhead. And if you think about it, there's already a form of registry present on any of your Docker-enabled hosts — the Docker's own image storage.

So I built Unregistry [1] that exposes Docker's (containerd) image storage through a standard registry API. It adds a `docker pussh` command that pushes images directly to remote Docker daemons over SSH. It transfers only the missing layers, making it fast and efficient.

  docker pussh myapp:latest user@server
Under the hood, it starts a temporary unregistry container on the remote host, pushes to it through an SSH tunnel, and cleans up when done.

I've built it as a byproduct while working on Uncloud [2], a tool for deploying containers across a network of Docker hosts, and figured it'd be useful as a standalone project.

Would love to hear your thoughts and use cases!

[1]: https://github.com/psviderski/unregistry

[2]: https://github.com/psviderski/uncloud

Comments (75)

politelemon · 35m ago
Considering the nature of servers, security boundaries and hardening,

> Linux via Homebrew

Please don't encourage this on Linux. It happens to offer a Linux setup as an afterthought but behaves like a pigeon on a chessboard rather than a package manager.

larsnystrom · 6m ago
Nice to only have to push the layers that changed. For me it's been enough to just do "docker save my-image | ssh host 'docker load'" but I don't push images very often so for me it's fine to push all layers every time.
alisonatwork · 4h ago
This is a cool idea that seems like it would integrate well with systems already using push deploy tooling like Ansible. It also seems like it would work as a good hotfix deployment mechanism at companies where the Docker registry doesn't have 24/7 support.

Does it integrate cleanly with OCI tooling like buildah etc, or if you need to have a full-blown Docker install on both ends? I haven't dug deeply into this yet because it's related to some upcoming work, but it seems like bootstrapping a mini registry on the remote server is the missing piece for skopeo to be able to work for this kind of setup.

psviderski · 3h ago
You need a containerd on the remote end (Docker and Kubernetes use containerd) and anything that speaks registry API (OCI Distribution spec: https://github.com/opencontainers/distribution-spec) on the client. Unregistry reuses the official Docker registry code for the API layer so it looks and feels like https://hub.docker.com/_/registry

You can use skopeo, crane, regclient, BuildKit, anything that speaks OCI-registry on the client. Although you will need to manually run unregistry on the remote host to use them. 'docker pussh' command just automates the workflow using the local Docker.

Just check it out, it's a bash script: https://github.com/psviderski/unregistry/blob/main/docker-pu...

You can hack your own way pretty easily.

0x457 · 3h ago
It needs docker daemon on both ends. This is just a clever way to share layer between two daemons via ssh.
nine_k · 6h ago
Nice. And the `pussh` command definitely deserves the distinction of one of the most elegant puns: easy to remember, self-explanatory, and just one letter away from its sister standard command.
gchamonlive · 4h ago
It's fine, but it wouldn't hurt to have a more formal alias like `docker push-over-ssh`.

EDIT: why I think it's important because on automations that are developed collaboratively, "pussh" could be seen as a typo by someone unfamiliar with the feature and cause unnecessary confusion, whereas "push-over-ssh" is clearly deliberate. Think of them maybe as short-hand/full flags.

psviderski · 2h ago
That's a valid concern. You can very easily give it whatever name you like. Docker looks for `docker-COMAND` executables in ~/.docker/cli-plugins directory making COMMAND a `docker` subcommand.

Rename the file to whatever you like, e.g. to get `docker pushoverssh`:

  mv ~/.docker/cli-plugins/docker-pussh ~/.docker/cli-plugins/docker-pushoverssh
Note that Docker doesn't allow dashes in plugin commands.
EricRiese · 5h ago
> The extra 's' is for 'sssh'

> What's that extra 's' for?

> That's a typo

someothherguyy · 4h ago
and prone to collision!
nine_k · 3h ago
Indeed so! Because it's art, not engineering. The engineering approach would require a recognizably distinct command, eliminating the possibility of such a pun.
metadat · 5h ago
This should have always been a thing! Brilliant.

Docker registries have their place but are overall over-engineered and an antithesis to the hacker mentality.

password4321 · 1h ago
As a VC-funded company Docker had to make money somehow.
scott113341 · 5h ago
Neat project and approach! I got fed up with expensive registries and ended up self-hosting Zot [1], but this seems way easier for some use cases. Does anyone else wish there was an easy-to-configure, cheap & usage-based, private registry service?

[1]: https://zotregistry.dev

stroebs · 1h ago
Your SSL certificate for zothub.io has expired in case you weren’t aware.
modeless · 4h ago
It's very silly that Docker didn't work this way to start with. Thank you, it looks cool!
TheRoque · 3h ago
You can already achieve the same thing by making your image into an archive, pushing it to your server, and then running it from the archive on your server.

Saving as archive looks like this: `docker save -o may-app.tar my-app:latest`

And loading it looks like this: `docker load -i /path/to/my-app.tar`

Using a tool like ansible, you can achieve easily what "Unregistry" is doing automatically. According to the github repo, save/load has the drawback of tranfering the whole image over the network, which could be an issue that's true. And managing the images instead of archive files seems more convenient.

nine_k · 3h ago
If you have an image with 100MB worth of bottom layers, and only change the tiny top layer, the unregistry will only send the top layer, while save / load would send the whole 100MB+.

Hence the value.

throwaway290 · 25s ago
Docker also has export/load which only exports the current layer filesystem.
isoprophlex · 1h ago
yeah i deal with horrible, bloated python machine learnings shits; >1 GB images are nothing. this is excellent, and i never knew how much i needed this tool until now.
lxe · 6h ago
Ooh this made me discover uncloud. Sounds like exactly what I was looking for. I wanted something like dokku but beefier for a sideproject server setup.
psviderski · 2h ago
I'm glad the idea of uncloud resonated with you. Feel free to join our Discord if you have questions or need help
vhodges · 5h ago
There is also https://skateco.github.io/ which (at quick glance) seems similar
nodesocket · 6h ago
A recommendation for Portainer if you haven't used or considered it. I'm running two EC2 instances on AWS using portainer community edition and portainer agent and works really well. The stack feature (which is just docker compose) is also super nice. One EC2 instance; running Portainer agent runs Caddy in a container which acts as the load balancer and reverse proxy.
layoric · 4h ago
I'm so glad there are tools like this and swing back to selfhosted solutions, especially leveraging SSH tooling. Well done and thanks for sharing, will definitely be giving it a spin.
fellatio · 4h ago
Neat idea. This probably has the disadvantage of coupling deployment to a service. For example how do you scale up or red/green (you'd need the thing that does this to be aware of the push).

Edit: that thing exists it is uncloud. Just found out!

That said it's a tradeoff. If you are small, have one Hetzner VM and are happy with simplicity (and don't mind building images locally) it is great.

psviderski · 2h ago
For sure, it's always a tradeoff and it's great to have options so you can choose the best tool for every job.
bradly · 6h ago
As a long ago fan of chef-solo, this is really cool.

Currently, I need to use a docker registry for my Kamal deployments. Are you familiar with it and if this removes the 3rd party dependency?

psviderski · 2h ago
Yep, I'm familiar with Kamal and it actually inspired me to build Uncloud using similar principles but with more cluster-like capabilities.

I built Unregistry for Uncloud but I belive Kamal could also benefit from using it.

mountainriver · 3h ago
I’ve wanted unregistry for a long time, thanks so much for the awesome work!
psviderski · 2h ago
Met too, you're welcome! Please create an issue on github if you find any bugs
esafak · 6h ago
You can do these image acrobatics with the dagger shell too, but I don't have enough experience with it to give you the incantation: https://docs.dagger.io/features/shell/
throwaway314155 · 6h ago
I assume you can do these "image acrobatics" in any shell.
MotiBanana · 1h ago
I've been using ttl.sh for a long time, but only for public, temporary code. This is a really cool idea!
koakuma-chan · 7h ago
This is really cool. Do you support or plan to support docker compose?
psviderski · 7h ago
Thank you! Can you please clarify what kind of support you mean for docker compose?
jillesvangurp · 33m ago
Right now, I use ssh to trigger a docker compose restart that pulls all the latest images on some of my servers (we have a few dedicated hosting/on premise setups). That then needs to reach out to our registry to pull images. So, it's this weird mix of push pull that ends up needing a central registry.

What would be nicer instead is some variation of docker compose pussh that pushes the latest versions of local images to the remote host based on the remote docker-compose.yml file. The alternative would be docker pusshing the affected containers one by by one and then triggering a docker compose restart. Automating that would be useful and probably not that hard.

fardo · 6h ago
I assume that he means "rather than pushing up each individual container for a project, it could take something like a compose file over a list of underlying containers, and push them all up to the endpoint."
koakuma-chan · 6h ago
Yes, pushing all containers one by one would not be very convenient.
baobun · 6h ago
The right yq|xargs invocation on your compose file should get you to a oneshot.
koakuma-chan · 6h ago
I would prefer docker compose pussh or whatever
psviderski · 2h ago
That's an interesting idea. I don't think you can create a subcommand/plugin for compose but creating a 'docker composepussh' command that parses the compose file and runs 'docker pussh' should be possible.

My plan is to integrate Unregistry in Uncloud as the next step to make the build/deploy flow super simple and smooth. Check out Uncloud (link in the original post), it uses Compose as well.

peyloride · 34m ago
This is awesome, thanks!
actinium226 · 6h ago
This is excellent. I've been doing the save/load and it works fine for me, but I like the idea that this only transfers missing layers.

FWIW I've been saving then using mscp to transfer the file. It basically does multiple scp connections to speed it up and it works great.

yjftsjthsd-h · 6h ago
What is the container for / what does this do that `docker save some:img | ssh wherever docker load` doesn't? More efficient handling of layers or something?
pragmatick · 11m ago
Relatively early on the page it says:

"docker save | ssh | docker load transfers the entire image, even if 90% already exists on the server"

psviderski · 5h ago
Yeah exactly, which is crucial for large images if you change only a few last layers.

The unregistry container provides a standard registry API you can pull images from as well. This could be useful in a cluster environment where you upload an image over ssh to one node and then pull it from there to other nodes.

This is what I’m planning to implement for Uncloud. Unregistry is so lightweight so we can embed it in every machine daemon. This will allow machines in the cluster to pull images from each other.

cultureulterior · 2h ago
This is super slick. I really wish there was something that did the same, but using torrent protocol, so all your servers shared it.
nothrabannosir · 7h ago
What’s the difference between this and skopeo? Is it the ssh support ? I’m not super familiar with skopeo forgive my ignorance

https://github.com/containers/skopeo

yibers · 6h ago
"skopeo" seems to related to managing registeries, very different from this.
NewJazz · 6h ago
Skopeo manages images, copies them and stuff.
remram · 6h ago
Does it start a unregistry container on the remote/receiving end or the local/sending end? I think that runs remotely. I wonder if you could go the other way instead?
selcuka · 5h ago
You mean ssh'ing into the remote server, then pulling image from local? That would require your local host to be accessible from the remote host, or setting up some kind of ssh tunneling.
mdaniel · 4h ago
`ssh -R` and `ssh -L` are amazing, and I just learned that -L and -R both support unix sockets on either end and also unix socket to tcp socket https://manpages.ubuntu.com/manpages/noble/man1/ssh.1.html#:...

I would presume it's something akin to $(ssh -L /var/run/docker.sock:/tmp/d.sock sh -c 'docker -H unix:///tmp/d.sock save | docker load') type deal

armx40 · 6h ago
How about using docker context. I use that a lot and works nicely.
Snawoot · 6h ago
How do docker contexts help with the transfer of image between hosts?
czhu12 · 2h ago
Does this work with Kubernetes image pulls?
psviderski · 1h ago
I guess you're asking about the registry part (not 'pussh' command). It exposes the containerd image store as standard registry API so you can use any tools that work with regular registry to pull/push images to it.

You should be able to run unregistry as a standalone service on one of the nodes. Kubernetes uses containerd for storing images on nodes. So unregistry will expose the node's images as a registry. Then you should be able to run k8s deployments using 'unregistry.NAMESPACE:5000/image-name:tag' image. kubelets on other nodes will be pulling the image from unregistry.

You may want to take a look at https://spegel.dev/ which works similarly but was created specifically for Kubernetes.

dzonga · 6h ago
this is nice, hopefully DHH and the folks working on Kamal adopt this.

the whole reason I didn't end up using kamal was the 'need' a docker registry thing. when I can easily push a dockerfile / compose to my vps build an image there and restart to deploy via a make command

psviderski · 2h ago
I don't see a reason to not adopt this in Kamal. I'm also building Uncloud that took a lot of inspiration from Kamal, please check it out. I will integrate unregistry into uncloud soon to make the build/deploy process a breeze.
rudasn · 6h ago
Build the image on the deployment server? Why not build somewhere else once and save time during deployments?

I'm most familiar with on-prem deployments and quickly realised that it's much faster to build once, push to registry (eg github) and docker compose pull during deployments.

jokethrowaway · 3h ago
Very nice! I used to run a private registry on the same server to achieve this - then I moved to building the image on the server itself.

Both approaches are inferior to yours because of the load on the server (one way or another).

Personally, I feel like we need to go one step further and just build locally, merge all layers, ship a tar of the entire (micro) distro + app and run it with lxc. Get rid of docker entirely.

The size of my images are tiny, the extra complexity is unwarranted.

Then of course I'm not a 1000 people company with 1GB docker images.

s1mplicissimus · 6h ago
very cool. now lets integrate this such that we can do `docker/podman push localimage:localtag ssh://hostname:port/remoteimage:remotetag` without extra software installed :)
brirec · 1h ago
I was informed that Podman at least has a `podman image scp` function for doing just this...
isaacvando · 5h ago
Love it!
quantadev · 3h ago
I always just use "docker save" to generate a TAR file, then copy the TAR file to the server, and then run "docker load" (on the server) to install the TAR file on the target machine.
jlhawn · 7h ago
A quick and dirty version:

    docker -H host1 image save IMAGE | docker -H host2 image load
note: this isn't efficient at all (no compression or layer caching)!
alisonatwork · 4h ago
On podman this is built in as native command podman-image-scp[0], which perhaps could be more efficient with SSH compression.

[0] https://docs.podman.io/en/stable/markdown/podman-image-scp.1...

psviderski · 1h ago
Ah neat I didn't know that podman has 'image scp'. Thank you for sharing. Do you think it was more straightforward to implement this in podman because you can easily access its images and metadata as files on the file system without having to coordinate with any daemon?

Docker and containerd also store their images using a specific file system layout and a boltdb for metadata but I was afraid to access them directly. The owners and coordinators are still Docker/containerd so proper locks should be handled through them. As a result we become limited by the API that docker/containerd daemons provide.

For example, Docker daemon API doesn't provide a way to get or upload a particular image layer. That's why unregistry uses the containerd image store, not the classic Docker image store.

travisgriggs · 2h ago
So with Podman, this exists already, but for docker, this has to be created by the community.

I am a bystander to these technologies. I’ve built and debug’ed the rare image, and I use docker desktop on my Mac to isolate db images.

When I see things like these, I’m always curious why docker, which seems so much more beaurecratic/convoluted, prevails over podman. I totally admit this is a naive impression.

password4321 · 1h ago
> why docker, which seems so much more beaurecratic/convoluted, prevails over podman

First mover advantage and ongoing VC-funded marketing/DevRel

selcuka · 5h ago
That method is actually mentioned in their README:

> Save/Load - `docker save | ssh | docker load` transfers the entire image, even if 90% already exists on the server

rgrau · 6h ago
I use a variant with ssh and some compression:

    docker save $image | bzip2 | ssh "$host" 'bunzip2 | docker load'
selcuka · 5h ago
If you are happy with bzip2-level compression, you could also use `ssh -C` to enable automatic gzip compression.