2023-04-20 14:38:30 +02:00
version: '3.3'
services:
oci-registry:
restart: always
container_name: oci-registry
2024-02-01 16:11:33 +01:00
image: "registry:2.8.3@sha256:f4e1b878d4bc40a1f65532d68c94dcfbab56aa8cba1f00e355a206e7f6cc9111"
2023-04-20 14:38:30 +02:00
volumes:
2023-06-15 12:31:17 +02:00
- oci:/var/lib/registry
2023-04-20 14:38:30 +02:00
- ./htpasswd:/auth/htpasswd
networks:
- traefik
- intern
2023-04-20 21:10:10 +02:00
depends_on:
- oci-registry-ui
- oci-registry-redis
2024-02-01 21:23:44 +01:00
healthcheck:
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:5000/v2/"]
interval: 30s
timeout: 10s
retries: 3
2023-04-20 14:38:30 +02:00
environment:
TZ: Europe/Berlin
REGISTRY_AUTH: none
REGISTRY_REDIS_ADDR: oci-registry-redis:6379
2024-01-26 22:37:25 +01:00
REGISTRY_REDIS_PASSWORD: "{{ lookup('keepass', 'oci-registry-redis-pw', 'password') }}"
2023-04-20 14:38:30 +02:00
REGISTRY_STORAGE_DELETE_ENABLED: true
2023-06-09 11:29:15 +02:00
REGISTRY_CATALOG_MAXENTRIES: 100000 # https://github.com/Joxit/docker-registry-ui/issues/306
2023-12-20 12:30:22 +01:00
# https://joxit.dev/docker-registry-ui/#using-cors
REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin: '[https://registry.mgrote.net/ui/]'
REGISTRY_HTTP_HEADERS_Access-Control-Allow-Methods: '[HEAD,GET,OPTIONS,DELETE]'
REGISTRY_HTTP_HEADERS_Access-Control-Allow-Credentials: '[true]'
REGISTRY_HTTP_HEADERS_Access-Control-Allow-Headers: '[Authorization,Accept,Cache-Control]'
REGISTRY_HTTP_HEADERS_Access-Control-Expose-Headers: '[Docker-Content-Digest]'
2023-04-20 14:38:30 +02:00
labels:
traefik.http.routers.registry.rule: Host(`registry.mgrote.net`)
traefik.enable: true
traefik.http.routers.registry.tls: true
traefik.http.routers.registry.tls.certresolver: resolver_letsencrypt
traefik.http.routers.registry.entrypoints: entry_https
traefik.http.services.registry.loadbalancer.server.port: 5000
2024-02-01 21:29:29 +01:00
traefik.http.routers.registry.middlewares: registry-ipallowlist
2023-04-20 14:38:30 +02:00
2024-02-01 21:29:29 +01:00
traefik.http.middlewares.registry-ipallowlist.ipallowlist.sourcerange: 192.168.2.0/24,10.25.25.0/24,192.168.48.0/24,172.18.0.0/16 # .48. ist Docker
traefik.http.middlewares.registry-ipallowlist.ipallowlist.ipstrategy.depth: 0 # https://doc.traefik.io/traefik/middlewares/http/ipallowlist/#ipstrategydepth
2023-04-20 21:01:58 +02:00
2023-04-20 14:38:30 +02:00
com.centurylinklabs.watchtower.depends-on: oci-registry-redis
com.centurylinklabs.watchtower.enable: true
2023-11-09 17:33:26 +01:00
# registry aufräumen: docker exec -it oci-registry /bin/registry garbage-collect --delete-untagged=true /etc/docker/registry/config.yml
2023-05-12 08:18:45 +02:00
2023-04-20 14:38:30 +02:00
# testen mit:
# docker pull ubuntu
# docker image tag ubuntu registry.mgrote.net/myfirstimage
# docker push registry.mgrote.net/myfirstimage
# docker pull registry.mgrote.net/myfirstimage
oci-registry-redis:
2024-02-02 12:55:51 +01:00
image: "redis:7.2.4@sha256:5799ed6f60e1a501204a51e3b1b95b1648fe570562b883b69234f11e9816994b"
2023-04-20 14:38:30 +02:00
container_name: oci-registry-redis
networks:
- intern
restart: always
environment:
2024-01-26 22:37:25 +01:00
REDIS_PASSWORD: "{{ lookup('keepass', 'oci-registry-redis-pw', 'password') }}"
2023-04-20 14:38:30 +02:00
MAXMEMORY POLICY: allkeys-lru
labels:
com.centurylinklabs.watchtower.enable: true
2024-02-01 21:23:44 +01:00
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 30s
timeout: 10s
retries: 3
2023-04-20 14:38:30 +02:00
oci-registry-ui:
restart: always
# url: registry.mgrote.net/ui/index.html
2024-01-26 23:06:24 +01:00
image: "joxit/docker-registry-ui:2.5.6@sha256:ccb4b40737938050b2617b8c61d4287b1078c424ddafe0fcb81b5ce82a3a7198"
2023-04-20 14:38:30 +02:00
container_name: oci-registry-ui
environment:
DELETE_IMAGES: true
SINGLE_REGISTRY: true
NGINX_PROXY_PASS_URL: http://oci-registry:5000
2023-05-12 08:18:45 +02:00
SHOW_CONTENT_DIGEST: true # https://github.com/Joxit/docker-registry-ui/issues/297
2023-06-09 11:29:15 +02:00
SHOW_CATALOG_NB_TAGS: true
2023-12-04 19:13:44 +01:00
PULL_URL: registry.mgrote.net
2023-04-20 14:38:30 +02:00
networks:
- traefik
- intern
2024-02-01 21:23:44 +01:00
healthcheck:
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost"]
interval: 30s
timeout: 10s
retries: 3
2023-04-20 14:38:30 +02:00
labels:
traefik.http.routers.registry-ui.rule: Host(`registry.mgrote.net`)&&PathPrefix(`/ui`) # mache unter /ui erreichbar, damit wird demPfad dieser Prefix hinzugefügt, die Anwendung "hört" dort abrer nicht
2024-02-01 21:29:29 +01:00
traefik.http.routers.registry-ui.middlewares: registry-ui-strip-prefix,registry-ui-ipallowlist # also entferne den Prefix danach wieder
2023-04-20 14:38:30 +02:00
traefik.http.middlewares.registry-ui-strip-prefix.stripprefix.prefixes: /ui # hier ist die Middleware definiert
traefik.enable: true
traefik.http.routers.registry-ui.tls: true
traefik.http.routers.registry-ui.tls.certresolver: resolver_letsencrypt
traefik.http.routers.registry-ui.entrypoints: entry_https
traefik.http.services.registry-ui.loadbalancer.server.port: 80
2024-02-01 21:29:29 +01:00
traefik.http.middlewares.registry-ui-ipallowlist.ipallowlist.sourcerange: 192.168.2.0/24,10.25.25.0/24 # .48. ist Docker
traefik.http.middlewares.registry-ui-ipallowlist.ipallowlist.ipstrategy.depth: 0 # https://doc.traefik.io/traefik/middlewares/http/ipallowlist/#ipstrategydepth
2023-06-09 11:29:15 +02:00
2023-04-20 14:38:30 +02:00
com.centurylinklabs.watchtower.depends-on: oci-registry-redis,oci-registry
com.centurylinklabs.watchtower.enable: true
######## Networks ########
networks:
traefik:
external: true
intern:
2023-06-15 12:31:17 +02:00
######## Volumes ########
volumes:
oci: