2023-04-20 14:38:30 +02:00
|
|
|
services:
|
|
|
|
oci-registry:
|
2024-10-23 18:21:54 +02:00
|
|
|
restart: unless-stopped
|
2024-10-23 18:20:04 +02:00
|
|
|
pull_policy: missing
|
2023-04-20 14:38:30 +02:00
|
|
|
container_name: oci-registry
|
2024-02-06 20:46:14 +01:00
|
|
|
image: "registry:2.8.3"
|
2023-04-20 14:38:30 +02:00
|
|
|
volumes:
|
2023-06-15 12:31:17 +02:00
|
|
|
- oci:/var/lib/registry
|
2023-04-20 14:38:30 +02:00
|
|
|
- ./htpasswd:/auth/htpasswd
|
|
|
|
networks:
|
|
|
|
- traefik
|
|
|
|
- intern
|
2023-04-20 21:10:10 +02:00
|
|
|
depends_on:
|
|
|
|
- oci-registry-redis
|
2024-02-01 21:23:44 +01:00
|
|
|
healthcheck:
|
|
|
|
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:5000/v2/"]
|
|
|
|
interval: 30s
|
|
|
|
timeout: 10s
|
|
|
|
retries: 3
|
2023-04-20 14:38:30 +02:00
|
|
|
environment:
|
|
|
|
TZ: Europe/Berlin
|
|
|
|
REGISTRY_AUTH: none
|
|
|
|
REGISTRY_REDIS_ADDR: oci-registry-redis:6379
|
2024-07-09 17:35:56 +02:00
|
|
|
REGISTRY_REDIS_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'oci-registry-redis-pw', 'password') }}"
|
2023-04-20 14:38:30 +02:00
|
|
|
REGISTRY_STORAGE_DELETE_ENABLED: true
|
2023-06-09 11:29:15 +02:00
|
|
|
REGISTRY_CATALOG_MAXENTRIES: 100000 # https://github.com/Joxit/docker-registry-ui/issues/306
|
2023-12-20 12:30:22 +01:00
|
|
|
# https://joxit.dev/docker-registry-ui/#using-cors
|
|
|
|
REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin: '[https://registry.mgrote.net/ui/]'
|
|
|
|
REGISTRY_HTTP_HEADERS_Access-Control-Allow-Methods: '[HEAD,GET,OPTIONS,DELETE]'
|
|
|
|
REGISTRY_HTTP_HEADERS_Access-Control-Allow-Credentials: '[true]'
|
|
|
|
REGISTRY_HTTP_HEADERS_Access-Control-Allow-Headers: '[Authorization,Accept,Cache-Control]'
|
|
|
|
REGISTRY_HTTP_HEADERS_Access-Control-Expose-Headers: '[Docker-Content-Digest]'
|
2023-04-20 14:38:30 +02:00
|
|
|
labels:
|
|
|
|
traefik.http.routers.registry.rule: Host(`registry.mgrote.net`)
|
|
|
|
traefik.enable: true
|
|
|
|
traefik.http.routers.registry.tls: true
|
|
|
|
traefik.http.routers.registry.tls.certresolver: resolver_letsencrypt
|
|
|
|
traefik.http.routers.registry.entrypoints: entry_https
|
|
|
|
traefik.http.services.registry.loadbalancer.server.port: 5000
|
|
|
|
|
2024-11-10 17:38:36 +01:00
|
|
|
traefik.http.routers.registry.middlewares: registry-ipallowlist,ratelimit40,allowlist_localnet
|
2023-04-20 21:01:58 +02:00
|
|
|
|
2024-08-12 23:54:00 +02:00
|
|
|
# registry aufräumen: docker exec -it oci-registry /bin/registry garbage-collect /etc/docker/registry/config.yml
|
2023-05-12 08:18:45 +02:00
|
|
|
|
2023-04-20 14:38:30 +02:00
|
|
|
# testen mit:
|
|
|
|
# docker pull ubuntu
|
|
|
|
# docker image tag ubuntu registry.mgrote.net/myfirstimage
|
|
|
|
# docker push registry.mgrote.net/myfirstimage
|
|
|
|
# docker pull registry.mgrote.net/myfirstimage
|
|
|
|
|
|
|
|
oci-registry-redis:
|
2024-10-08 00:05:50 +02:00
|
|
|
image: "redis:7.4.1"
|
2023-04-20 14:38:30 +02:00
|
|
|
container_name: oci-registry-redis
|
|
|
|
networks:
|
|
|
|
- intern
|
2024-10-23 18:21:54 +02:00
|
|
|
restart: unless-stopped
|
2024-10-23 18:20:04 +02:00
|
|
|
pull_policy: missing
|
2023-04-20 14:38:30 +02:00
|
|
|
environment:
|
2024-07-09 17:35:56 +02:00
|
|
|
REDIS_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'oci-registry-redis-pw', 'password') }}"
|
2023-04-20 14:38:30 +02:00
|
|
|
MAXMEMORY POLICY: allkeys-lru
|
2024-02-01 21:23:44 +01:00
|
|
|
healthcheck:
|
|
|
|
test: ["CMD", "redis-cli", "ping"]
|
|
|
|
interval: 30s
|
|
|
|
timeout: 10s
|
|
|
|
retries: 3
|
2023-04-20 14:38:30 +02:00
|
|
|
|
|
|
|
oci-registry-ui:
|
2024-10-23 18:21:54 +02:00
|
|
|
restart: unless-stopped
|
2024-10-23 18:20:04 +02:00
|
|
|
pull_policy: missing
|
2023-04-20 14:38:30 +02:00
|
|
|
# url: registry.mgrote.net/ui/index.html
|
2024-02-08 08:33:58 +01:00
|
|
|
image: "joxit/docker-registry-ui:2.5.7"
|
2023-04-20 14:38:30 +02:00
|
|
|
container_name: oci-registry-ui
|
|
|
|
environment:
|
|
|
|
DELETE_IMAGES: true
|
|
|
|
SINGLE_REGISTRY: true
|
|
|
|
NGINX_PROXY_PASS_URL: http://oci-registry:5000
|
2023-05-12 08:18:45 +02:00
|
|
|
SHOW_CONTENT_DIGEST: true # https://github.com/Joxit/docker-registry-ui/issues/297
|
2023-06-09 11:29:15 +02:00
|
|
|
SHOW_CATALOG_NB_TAGS: true
|
2023-12-04 19:13:44 +01:00
|
|
|
PULL_URL: registry.mgrote.net
|
2024-03-20 09:34:58 +01:00
|
|
|
depends_on:
|
|
|
|
- oci-registry
|
2023-04-20 14:38:30 +02:00
|
|
|
networks:
|
|
|
|
- traefik
|
|
|
|
- intern
|
2024-02-01 21:23:44 +01:00
|
|
|
healthcheck:
|
2024-05-07 01:18:01 +02:00
|
|
|
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://127.0.0.1"]
|
2024-02-01 21:23:44 +01:00
|
|
|
interval: 30s
|
|
|
|
timeout: 10s
|
|
|
|
retries: 3
|
2023-04-20 14:38:30 +02:00
|
|
|
labels:
|
2024-11-10 17:29:04 +01:00
|
|
|
traefik.http.routers.registry-ui.rule: Host(`rui.mgrote.net`)
|
2024-11-10 17:38:36 +01:00
|
|
|
traefik.http.routers.registry-ui.middlewares: authelia,allowlist_localnet,ratelimit40
|
2023-04-20 14:38:30 +02:00
|
|
|
traefik.enable: true
|
|
|
|
traefik.http.routers.registry-ui.tls: true
|
|
|
|
traefik.http.routers.registry-ui.tls.certresolver: resolver_letsencrypt
|
|
|
|
traefik.http.routers.registry-ui.entrypoints: entry_https
|
|
|
|
traefik.http.services.registry-ui.loadbalancer.server.port: 80
|
|
|
|
|
|
|
|
######## Networks ########
|
|
|
|
networks:
|
|
|
|
traefik:
|
|
|
|
external: true
|
|
|
|
intern:
|
2023-06-15 12:31:17 +02:00
|
|
|
|
|
|
|
######## Volumes ########
|
|
|
|
volumes:
|
|
|
|
oci:
|