version: '3.3' services: oci-registry: restart: always container_name: oci-registry image: registry:2 volumes: - /mnt/oci-registry:/var/lib/registry - ./htpasswd:/auth/htpasswd networks: - traefik - intern depends_on: - oci-registry-ui - oci-registry-redis environment: TZ: Europe/Berlin REGISTRY_AUTH: none REGISTRY_REDIS_ADDR: oci-registry-redis:6379 REGISTRY_REDIS_PASSWORD: {{ lookup('keepass', 'oci-registry-redis-pw', 'password') }} REGISTRY_STORAGE_DELETE_ENABLED: true REGISTRY_CATALOG_MAXENTRIES: 100000 # https://github.com/Joxit/docker-registry-ui/issues/306 labels: traefik.http.routers.registry.rule: Host(`registry.mgrote.net`) traefik.enable: true traefik.http.routers.registry.tls: true traefik.http.routers.registry.tls.certresolver: resolver_letsencrypt traefik.http.routers.registry.entrypoints: entry_https traefik.http.services.registry.loadbalancer.server.port: 5000 traefik.http.routers.registry.middlewares: error-pages-middleware,registry-ipwhitelist traefik.http.middlewares.registry-ipwhitelist.ipwhitelist.sourcerange: 192.168.2.0/24,10.25.25.0/24,192.168.48.0/24 # .48. ist Docker traefik.http.middlewares.registry-ipwhitelist.ipwhitelist.ipstrategy.depth: 0 # https://doc.traefik.io/traefik/middlewares/http/ipwhitelist/#ipstrategydepth com.centurylinklabs.watchtower.depends-on: oci-registry-redis com.centurylinklabs.watchtower.enable: true # registry aufräumen: docker exec -it oci-registry /bin/registry garbage-collect [--dry-run] --delete-untagged=true /etc/docker/registry/config.yml # testen mit: # docker pull ubuntu # docker image tag ubuntu registry.mgrote.net/myfirstimage # docker push registry.mgrote.net/myfirstimage # docker pull registry.mgrote.net/myfirstimage oci-registry-redis: image: redis:7 container_name: oci-registry-redis networks: - intern restart: always environment: REDIS_PASSWORD: {{ lookup('keepass', 'oci-registry-redis-pw', 'password') }} MAXMEMORY POLICY: allkeys-lru labels: com.centurylinklabs.watchtower.enable: true oci-registry-ui: restart: always # url: registry.mgrote.net/ui/index.html image: joxit/docker-registry-ui:latest container_name: oci-registry-ui environment: DELETE_IMAGES: true SINGLE_REGISTRY: true NGINX_PROXY_PASS_URL: http://oci-registry:5000 SHOW_CONTENT_DIGEST: true # https://github.com/Joxit/docker-registry-ui/issues/297 SHOW_CATALOG_NB_TAGS: true networks: - traefik - intern labels: traefik.http.routers.registry-ui.rule: Host(`registry.mgrote.net`)&&PathPrefix(`/ui`) # mache unter /ui erreichbar, damit wird demPfad dieser Prefix hinzugefügt, die Anwendung "hört" dort abrer nicht traefik.http.routers.registry-ui.middlewares: registry-ui-strip-prefix,registry-ui-ipwhitelist # also entferne den Prefix danach wieder traefik.http.middlewares.registry-ui-strip-prefix.stripprefix.prefixes: /ui # hier ist die Middleware definiert traefik.enable: true traefik.http.routers.registry-ui.tls: true traefik.http.routers.registry-ui.tls.certresolver: resolver_letsencrypt traefik.http.routers.registry-ui.entrypoints: entry_https traefik.http.services.registry-ui.loadbalancer.server.port: 80 traefik.http.middlewares.registry-ui-ipwhitelist.ipwhitelist.sourcerange: 192.168.2.0/24,10.25.25.0/24,192.168.48.0/24 # .48. ist Docker traefik.http.middlewares.registry-ui-ipwhitelist.ipwhitelist.ipstrategy.depth: 0 # https://doc.traefik.io/traefik/middlewares/http/ipwhitelist/#ipstrategydepth com.centurylinklabs.watchtower.depends-on: oci-registry-redis,oci-registry com.centurylinklabs.watchtower.enable: true ######## Networks ######## networks: traefik: external: true intern: