Pre-built Docker Images for MCP Gateway Registry¶
When using the --prebuilt option with build_and_run.sh, the following pre-built Docker images are pulled from GitHub Container Registry (GHCR). These images are published to ghcr.io/jrmatherly.
Core MCP Gateway Images¶
| Service | Image | Default Tag | Description | Port |
|---|---|---|---|---|
| Registry | ghcr.io/jrmatherly/mcp-registry:latest | latest | Main registry service with nginx, SSL, FAISS, and models | 80, 443, 7860 |
| Auth Server | ghcr.io/jrmatherly/mcp-auth-server:latest | latest | Authentication service supporting Cognito, GitHub, Google, and Keycloak | 8888 |
| Metrics Service | ghcr.io/jrmatherly/mcp-metrics-service:latest | latest | Metrics collection service with SQLite storage and OTEL support | 8890, 9465 |
MCP Server Images¶
| Service | Image | Default Tag | Description | Port |
|---|---|---|---|---|
| CurrentTime Server | ghcr.io/jrmatherly/mcp-currenttime-server:latest | latest | MCP server providing current time functionality | 8000 |
| FinInfo Server | ghcr.io/jrmatherly/mcp-fininfo-server:latest | latest | MCP server for financial information | 8001 |
| MCPGW Server | ghcr.io/jrmatherly/mcp-mcpgw-server:latest | latest | MCP Gateway server for service management | 8003 |
| RealServerFakeTools | ghcr.io/jrmatherly/mcp-realserverfaketools-server:latest | latest | Example MCP server with mock tools | 8002 |
External Images¶
The following external images are pulled from their original sources:
| Service | Image | Source | Description | Port |
|---|---|---|---|---|
| Alpine Linux | alpine:latest | Docker Hub Official | Lightweight Linux for metrics database initialization | N/A |
| Prometheus | prom/prometheus:latest | Docker Hub Official | Metrics collection and time-series database | 9090 |
| Grafana | grafana/grafana:latest | Docker Hub Official | Metrics visualization and dashboards | 3000 |
| PostgreSQL | postgres:17 | Docker Hub Official | Database for Keycloak | 5432 (internal) |
| Keycloak | quay.io/keycloak/keycloak:26.5 | Quay.io | Identity and access management service | 8080 |
| MongoDB CE | mongo:8 | Docker Hub Official | MongoDB Community Edition 8 with replica set support for local development | 27017 (internal) |
Manual Download Commands¶
To manually pull these images for Kubernetes deployment or offline use:
# Core MCP Gateway images from GitHub Container Registry
docker pull ghcr.io/jrmatherly/mcp-registry:latest
docker pull ghcr.io/jrmatherly/mcp-auth-server:latest
docker pull ghcr.io/jrmatherly/mcp-metrics-service:latest
# MCP Server images from GitHub Container Registry
docker pull ghcr.io/jrmatherly/mcp-currenttime-server:latest
docker pull ghcr.io/jrmatherly/mcp-fininfo-server:latest
docker pull ghcr.io/jrmatherly/mcp-mcpgw-server:latest
docker pull ghcr.io/jrmatherly/mcp-realserverfaketools-server:latest
# External images
docker pull alpine:latest
docker pull prom/prometheus:latest
docker pull grafana/grafana:latest
docker pull postgres:17
docker pull quay.io/keycloak/keycloak:26.5
docker pull mongo:8
HTTPS Configuration¶
By default, pre-built images run on HTTP (port 80) only. To enable HTTPS (port 443):
Option 1: Let's Encrypt Certificates¶
# Install certbot
sudo apt-get update && sudo apt-get install -y certbot
# Obtain certificate (requires domain and port 80)
sudo certbot certonly --standalone -d your-domain.com
# Certificate files will be at:
# - /etc/letsencrypt/live/your-domain/fullchain.pem
# - /etc/letsencrypt/live/your-domain/privkey.pem
Option 2: Commercial CA Certificates¶
Purchase SSL certificates from a trusted Certificate Authority.
Copy Certificates to Expected Location¶
# Create the ssl directory structure
mkdir -p ${HOME}/mcp-gateway/ssl/certs
mkdir -p ${HOME}/mcp-gateway/ssl/private
# Copy your certificate files
# Replace paths below with your actual certificate locations
cp /etc/letsencrypt/live/your-domain/fullchain.pem ${HOME}/mcp-gateway/ssl/certs/fullchain.pem
cp /etc/letsencrypt/live/your-domain/privkey.pem ${HOME}/mcp-gateway/ssl/private/privkey.pem
# Set proper permissions
chmod 644 ${HOME}/mcp-gateway/ssl/certs/fullchain.pem
chmod 600 ${HOME}/mcp-gateway/ssl/private/privkey.pem
Note: If SSL certificates are not present at ${HOME}/mcp-gateway/ssl/certs/fullchain.pem and ${HOME}/mcp-gateway/ssl/private/privkey.pem, the MCP Gateway will automatically run in HTTP-only mode.
Then restart:
The registry container will detect the certificates and enable HTTPS automatically. Check logs: