At the time I’m writing this message, there is not yet enough of the implementation included in the master branch for you to try this out yet. We’ll publish beta releases containing this functionality once it’s ready for testing, and we’d love to hear feedback at that point.
On the subject of a registry server implementation: as with the module registry, we intend to publish documentation on the protocol that Terraform is expecting so that others can implement compatible servers. For a simple private registry it should be sufficient to just deploy a static website somewhere with JSON index files so that Terraform can find the providers, rather than needing a custom server implementation necessarily.
The other detail here is that, due to the new namespace scheme for providers coming in Terraform 0.13, running your own registry host will create a separate namespace of providers, rather than behaving as a “mirror” for registry.terraform.io. Therefore it won’t be possible to use that protocol to create an internal mirror of an official provier like registry.terraform.io/hashicorp/aws, because publishing it at a different registry would give it a new identity from Terraform’s perspective. The private registry mechanism is therefore intended for serving up your own internal providers (you.example.com/your-org/your-system), rather than for creating local mirrors of existing providers.
However, we are planning to include a separate mechanism for using filesystem-based and network-based “mirrors” that can serve as a secondary source for an upstream provider, thus allowing registry.terraform.io/hashicorp/aws to be served from somewhere other than registry.terraform.io while retaining the hostname part of the address. This distinction may seem opaque right now because you can’t see how the new heirarchical namespacing is working, but I think it will be come clearer once we have the beta out. The support for a network-based (rather than filesystem-based) mirror may not arrive in 0.13.0 (to reduce scope) but will at least appear in a minor release shortly after.
Having a private registry acting as a mirror for official providers would be really great for those of us in environments where we can’t or shouldn’t be pulling from the internet. Looking forward to seeing more news on it.
As I suspected above the “network mirrors” client didn’t quite make it into the Terraform 0.13.0 scope because we ended up needing some more time to complete other changes that wouldn’t have been possible to add in a minor release. The network mirrors functionality is still planned though, and should appear in a 0.13.x minor release once the team has finished addressing the early feedback on the new 0.13.0 features.
In the meantime, the local filesystem mirrors functionality is present, so if you are able to place provider binaries in your local filesystem you can customize the provider instalation settings. (This is also where the network mirror support will show up in a later release, as an additional network_mirror block type.)
For a simple private registry like @apparentlymart say is possible you just need deploy a static website somewhere with JSON index files so that Terraform can find the providers,
rather than build a custom server.
In private company , with custom providers you can’t or shouldn’t pusblish on the internet / public for security reason/copyrigth or intellectual property
For my client i make a python script to build the private registry because then you have only 1 custom providers is easy and fast but when you need to build 10 providers or more and the code source golang for your custom providers
is hosted on differents repo github it become nightmare to do it.
This repo can automatically build JSON index files and version for your custom providers hosted on github.
You just need to use Gorelease to sign you providers with gpg in order to perform the setup providers with terraform init…
I deliberately deactivate the S3 push part of the github action for the publication of providers because we can host the providers on S3 or google storage …
With Google You can use Cloud Storage put your providers on it, create a Global HTTPS load balancer and define your bucket as backend. For AWS use CloudFront with waf or Nginx and reverse proxy