homeserver/docker-compose/registry/docker-compose.yml.j2

108 lines
4.6 KiB
Text
Raw Normal View History

version: '3.3'
services:
oci-registry:
restart: always
container_name: oci-registry
chore(deps): pin dependencies (#660) This PR contains the following updates: | Package | Update | Change | |---|---|---| | adamboutcher/statping-ng | pinDigest | -> `e32bd2e` | | docker.io/mongo | pinDigest | -> `656781d` | | httpd | pinDigest | -> `5201524` | | joxit/docker-registry-ui | pinDigest | -> `1cf12d4` | | [lscr.io/linuxserver/unifi-network-application](https://github.com/linuxserver/docker-unifi-network-application/packages) ([source](https://github.com/linuxserver/docker-unifi-network-application)) | pinDigest | -> `e673a61` | | mariadb | pinDigest | -> `e22328f` | | nextcloud | pinDigest | -> `4fdf4ee` | | nosduco/nforwardauth | pinDigest | -> `08fdb71` | | [photoprism/photoprism](https://github.com/photoprism/photoprism) | pinDigest | -> `cf45026` | | redis | pinDigest | -> `5372f30` | | [registry](https://github.com/distribution/distribution) | pinDigest | -> `bcece5d` | | registry.mgrote.net/nextcloud-cronjob | pinDigest | -> `9836e31` | | registry.mgrote.net/postfix | pinDigest | -> `8e0b6d8` | | registry.mgrote.net/python-api-server | pinDigest | -> `524c567` | | [traefik](https://github.com/containous/traefik) | pinDigest | -> `c5181dd` | | [woodpeckerci/woodpecker-agent](https://github.com/woodpecker-ci/woodpecker) | pinDigest | -> `b21c89a` | | [woodpeckerci/woodpecker-server](https://github.com/woodpecker-ci/woodpecker) | pinDigest | -> `4717456` | --- > ⚠ **Warning** > > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTIuMSIsInVwZGF0ZWRJblZlciI6IjM3LjE1Mi4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=--> Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/660 Co-authored-by: Renovate Bot <renovate@mgrote.net> Co-committed-by: Renovate Bot <renovate@mgrote.net>
2024-01-26 22:38:41 +01:00
image: "registry:2.8.2@sha256:bcece5dd3d4b6189e13e7ac71b2ccbc2aae649365f0c589852d687efeba6b290"
volumes:
- oci:/var/lib/registry
- ./htpasswd:/auth/htpasswd
networks:
- traefik
- intern
depends_on:
- oci-registry-ui
- oci-registry-redis
environment:
TZ: Europe/Berlin
REGISTRY_AUTH: none
REGISTRY_REDIS_ADDR: oci-registry-redis:6379
REGISTRY_REDIS_PASSWORD: "{{ lookup('keepass', 'oci-registry-redis-pw', 'password') }}"
REGISTRY_STORAGE_DELETE_ENABLED: true
REGISTRY_CATALOG_MAXENTRIES: 100000 # https://github.com/Joxit/docker-registry-ui/issues/306
# https://joxit.dev/docker-registry-ui/#using-cors
REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin: '[https://registry.mgrote.net/ui/]'
REGISTRY_HTTP_HEADERS_Access-Control-Allow-Methods: '[HEAD,GET,OPTIONS,DELETE]'
REGISTRY_HTTP_HEADERS_Access-Control-Allow-Credentials: '[true]'
REGISTRY_HTTP_HEADERS_Access-Control-Allow-Headers: '[Authorization,Accept,Cache-Control]'
REGISTRY_HTTP_HEADERS_Access-Control-Expose-Headers: '[Docker-Content-Digest]'
labels:
traefik.http.routers.registry.rule: Host(`registry.mgrote.net`)
traefik.enable: true
traefik.http.routers.registry.tls: true
traefik.http.routers.registry.tls.certresolver: resolver_letsencrypt
traefik.http.routers.registry.entrypoints: entry_https
traefik.http.services.registry.loadbalancer.server.port: 5000
traefik.http.routers.registry.middlewares: registry-ipwhitelist
traefik.http.middlewares.registry-ipwhitelist.ipwhitelist.sourcerange: 192.168.2.0/24,10.25.25.0/24,192.168.48.0/24,172.18.0.0/16 # .48. ist Docker
traefik.http.middlewares.registry-ipwhitelist.ipwhitelist.ipstrategy.depth: 0 # https://doc.traefik.io/traefik/middlewares/http/ipwhitelist/#ipstrategydepth
com.centurylinklabs.watchtower.depends-on: oci-registry-redis
com.centurylinklabs.watchtower.enable: true
# registry aufräumen: docker exec -it oci-registry /bin/registry garbage-collect --delete-untagged=true /etc/docker/registry/config.yml
# testen mit:
# docker pull ubuntu
# docker image tag ubuntu registry.mgrote.net/myfirstimage
# docker push registry.mgrote.net/myfirstimage
# docker pull registry.mgrote.net/myfirstimage
oci-registry-redis:
chore(deps): pin dependencies (#660) This PR contains the following updates: | Package | Update | Change | |---|---|---| | adamboutcher/statping-ng | pinDigest | -> `e32bd2e` | | docker.io/mongo | pinDigest | -> `656781d` | | httpd | pinDigest | -> `5201524` | | joxit/docker-registry-ui | pinDigest | -> `1cf12d4` | | [lscr.io/linuxserver/unifi-network-application](https://github.com/linuxserver/docker-unifi-network-application/packages) ([source](https://github.com/linuxserver/docker-unifi-network-application)) | pinDigest | -> `e673a61` | | mariadb | pinDigest | -> `e22328f` | | nextcloud | pinDigest | -> `4fdf4ee` | | nosduco/nforwardauth | pinDigest | -> `08fdb71` | | [photoprism/photoprism](https://github.com/photoprism/photoprism) | pinDigest | -> `cf45026` | | redis | pinDigest | -> `5372f30` | | [registry](https://github.com/distribution/distribution) | pinDigest | -> `bcece5d` | | registry.mgrote.net/nextcloud-cronjob | pinDigest | -> `9836e31` | | registry.mgrote.net/postfix | pinDigest | -> `8e0b6d8` | | registry.mgrote.net/python-api-server | pinDigest | -> `524c567` | | [traefik](https://github.com/containous/traefik) | pinDigest | -> `c5181dd` | | [woodpeckerci/woodpecker-agent](https://github.com/woodpecker-ci/woodpecker) | pinDigest | -> `b21c89a` | | [woodpeckerci/woodpecker-server](https://github.com/woodpecker-ci/woodpecker) | pinDigest | -> `4717456` | --- > ⚠ **Warning** > > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTIuMSIsInVwZGF0ZWRJblZlciI6IjM3LjE1Mi4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=--> Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/660 Co-authored-by: Renovate Bot <renovate@mgrote.net> Co-committed-by: Renovate Bot <renovate@mgrote.net>
2024-01-26 22:38:41 +01:00
image: "redis:7.0.15@sha256:5372f3076d8e9822ce6ab55f3336b3b0f05c2d6ea927522669b83e10e91d9205"
container_name: oci-registry-redis
networks:
- intern
restart: always
environment:
REDIS_PASSWORD: "{{ lookup('keepass', 'oci-registry-redis-pw', 'password') }}"
MAXMEMORY POLICY: allkeys-lru
labels:
com.centurylinklabs.watchtower.enable: true
oci-registry-ui:
restart: always
# url: registry.mgrote.net/ui/index.html
chore(deps): pin dependencies (#660) This PR contains the following updates: | Package | Update | Change | |---|---|---| | adamboutcher/statping-ng | pinDigest | -> `e32bd2e` | | docker.io/mongo | pinDigest | -> `656781d` | | httpd | pinDigest | -> `5201524` | | joxit/docker-registry-ui | pinDigest | -> `1cf12d4` | | [lscr.io/linuxserver/unifi-network-application](https://github.com/linuxserver/docker-unifi-network-application/packages) ([source](https://github.com/linuxserver/docker-unifi-network-application)) | pinDigest | -> `e673a61` | | mariadb | pinDigest | -> `e22328f` | | nextcloud | pinDigest | -> `4fdf4ee` | | nosduco/nforwardauth | pinDigest | -> `08fdb71` | | [photoprism/photoprism](https://github.com/photoprism/photoprism) | pinDigest | -> `cf45026` | | redis | pinDigest | -> `5372f30` | | [registry](https://github.com/distribution/distribution) | pinDigest | -> `bcece5d` | | registry.mgrote.net/nextcloud-cronjob | pinDigest | -> `9836e31` | | registry.mgrote.net/postfix | pinDigest | -> `8e0b6d8` | | registry.mgrote.net/python-api-server | pinDigest | -> `524c567` | | [traefik](https://github.com/containous/traefik) | pinDigest | -> `c5181dd` | | [woodpeckerci/woodpecker-agent](https://github.com/woodpecker-ci/woodpecker) | pinDigest | -> `b21c89a` | | [woodpeckerci/woodpecker-server](https://github.com/woodpecker-ci/woodpecker) | pinDigest | -> `4717456` | --- > ⚠ **Warning** > > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTIuMSIsInVwZGF0ZWRJblZlciI6IjM3LjE1Mi4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=--> Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/660 Co-authored-by: Renovate Bot <renovate@mgrote.net> Co-committed-by: Renovate Bot <renovate@mgrote.net>
2024-01-26 22:38:41 +01:00
image: "joxit/docker-registry-ui:2.5.5@sha256:1cf12d4b2d647f0a3860b6e4ccf1fccbf73e219e217ab580d8a4d3891d3f1e28"
container_name: oci-registry-ui
environment:
DELETE_IMAGES: true
SINGLE_REGISTRY: true
NGINX_PROXY_PASS_URL: http://oci-registry:5000
SHOW_CONTENT_DIGEST: true # https://github.com/Joxit/docker-registry-ui/issues/297
SHOW_CATALOG_NB_TAGS: true
PULL_URL: registry.mgrote.net
networks:
- traefik
- intern
labels:
traefik.http.routers.registry-ui.rule: Host(`registry.mgrote.net`)&&PathPrefix(`/ui`) # mache unter /ui erreichbar, damit wird demPfad dieser Prefix hinzugefügt, die Anwendung "hört" dort abrer nicht
traefik.http.routers.registry-ui.middlewares: registry-ui-strip-prefix,registry-ui-ipwhitelist # also entferne den Prefix danach wieder
traefik.http.middlewares.registry-ui-strip-prefix.stripprefix.prefixes: /ui # hier ist die Middleware definiert
traefik.enable: true
traefik.http.routers.registry-ui.tls: true
traefik.http.routers.registry-ui.tls.certresolver: resolver_letsencrypt
traefik.http.routers.registry-ui.entrypoints: entry_https
traefik.http.services.registry-ui.loadbalancer.server.port: 80
traefik.http.middlewares.registry-ui-ipwhitelist.ipwhitelist.sourcerange: 192.168.2.0/24,10.25.25.0/24 # .48. ist Docker
traefik.http.middlewares.registry-ui-ipwhitelist.ipwhitelist.ipstrategy.depth: 0 # https://doc.traefik.io/traefik/middlewares/http/ipwhitelist/#ipstrategydepth
com.centurylinklabs.watchtower.depends-on: oci-registry-redis,oci-registry
com.centurylinklabs.watchtower.enable: true
######## Networks ########
networks:
traefik:
external: true
intern:
######## Volumes ########
volumes:
oci: