niedziela, 19 stycznia 2020

Traefik v2 - private docker repository

It's time to migrate from Traefik v1 to Traefik v2.

Sample project based on docker-compose service definition: priavate docker registry.

Quick setup
curl -sf automatus.cf/private-registry | bash

Or step by step.

  • Install docker & docker-compose
  • Create required directories 
    mkdir registry
cd registry
mkdir {auth,default}
  • Create docker-compose.yml file: 
    version: '3'

services:
  gateway:
    image: traefik:2.1
    restart: always
    command: 
      - "--providers.docker"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.http.address=:80"
      - "--entrypoints.https.address=:443"
      - "--certificatesResolvers.le.acme.httpchallenge=true"
      - "--certificatesResolvers.le.acme.httpchallenge.entryPoint=http"
      - "--certificatesResolvers.le.acme.storage=/acme/acme.json"
     #- "--api.insecure=true"
     #- "--certificatesResolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory"
    ports:
      - 80:80
      - 443:443
      # API
      #- 8080:8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - acme:/acme
      - ./auth:/auth

  registry:
    restart: always
    image: registry:2
    environment:
      REGISTRY_HTTP_SECRET: change-me
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.http.rule=Host(`hostname-change-me`)" 
      - "traefik.http.routers.http.entrypoints=http"
      - "traefik.http.routers.https.rule=Host(`hostname-change-me`)" 
      - "traefik.http.routers.https.entrypoints=https"
      - "traefik.http.routers.https.tls=true"
      - "traefik.http.routers.https.tls.certresolver=le"
      - "traefik.http.middlewares.server-header.headers.customresponseheaders.server=docker-registry"
      - "traefik.http.middlewares.redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.auth.basicauth.usersFile=/auth/passwd"
      - "traefik.http.middlewares.auth.basicauth.realm=REGISTRY"
      - "traefik.http.routers.http.middlewares=redirect,server-header"
      - "traefik.http.routers.https.middlewares=server-header,auth"
    volumes:
      - registry:/var/lib/registry

  # Catch-all default vhost
  default:
    image: nginx:stable
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.default.rule=HostRegexp(`{default:.*}`)" 
      - "traefik.http.routers.default.entrypoints=http"
      - "traefik.http.routers.default.priority=1"
      - "traefik.http.routers.default.middlewares=server-header"
    volumes:
      - ./default/default.conf:/etc/nginx/conf.d/default.conf

volumes:
  acme:
  registry:

# vim: set tabstop=2 shiftwidth=2 expandtab autoindent indentexpr= nosmartindent :
  • Create default/default.conf file: 
    server { 
   listen 80 default_server; 
   return 204;
}
  • Create user and passwrd for registry access: 
    htpasswd -c auth/passwd username >auth/passwd
#or
docker run --rm -it httpd:alpine htpasswd >auth/passwd
  • Start project 
    docker-compose up -d
    • Autor: o

    Brak komentarzy:

    Prześlij komentarz

    Subskrybuj: Komentarze do posta (Atom)