docker/registry-docker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
registry-docker/README.md
Gilles Mouchet 19325013fd config for gmotech.net
2024-12-12 19:55:29 +01:00

107 lines
3.2 KiB
Markdown
Raw Permalink Blame History

# Registry
## Description
This docker compose run registry on docker
## Install
```bash
mkdir -p /home/docker/certs
mkdir -p /home/docker/registry/auth
mkdir -p /home/docker/registry/data
```
## Certificats
Copy crt and key files on `/home/docker/certs/`
## Run
```bash
docker compose up -d
```
## Set password
```bash
cd /home/docker/registry/auth
htpasswd -Bc registry.password gilles
```
## Apache
### http-registry-docker.conf
```
<VirtualHost *:80>
ServerName registry-docker.gmotech.net
ServerAlias registry-docker
CustomLog logs/registry-docker_access_log common
ErrorLog logs/registry-docker_error_log
# redirect to https
RewriteEngine on
RewriteCond %{SERVER_NAME} =registry-docker [OR]
RewriteCond %{SERVER_NAME} =registry-docker.gmotech.net
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
```
### https-registry-docker.conf
```
##
## SSL Virtual Host Context
##
# General setup for the virtual host
<VirtualHost *:443>
ServerName registry-docker.gmotech.net
ServerAlias registry-docker
CustomLog logs/registry-docker_access_log common
ErrorLog logs/registry-docker_error_log
# SSL
SSLEngine on
SSLHonorCipherOrder on
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder on
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4
# Enable HTTP/2, if available
Protocols h2 http/1.1
# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
Header always set Strict-Transport-Security "max-age=63072000"
# certificats
SSLCertificateFile "/etc/httpd/auth/cert/gmotech.net.crt"
SSLCertificateKeyFile "/etc/httpd/auth/cert/gmotech.net.key"
SSLCertificateChainFile "/etc/httpd/auth/cert/gmotechCA.crt"
# proxy
SSLProxyEngine On
ProxyPreserveHost On
ProxyRequests off
ProxyPass "/v2" "https://127.0.0.1:5000/v2"
ProxyPassReverse "/v2" "https://127.0.0.1:5000/v2"
</VirtualHost>
```
## Tests
### Tag and push
```bash
docker pull ubuntu
docker tag ubuntu registry-docker.gmotech.net/ubuntu
docker login registry-docker.gmotech.net
docker push registry-docker.gmotech.net/ubuntu
```
### Delete
ToDo
## Set registry in Portainer
* on portainer goto on **Registries** menu and click on **+ Add registry**
* click on **Custom registry**
* type a registry name in field **Name**
* type the registry's ip address and port (xxx.xxx.xxx.xxx:5000) in field **Registry URL**
* active **Authentication** and fill the **Username** and **Password** with username/password (cf Set password)
* click on **Add registry**
## Sources
https://distribution.github.io/distribution/about/deploying/
https://medium.com/@cnadeau_/private-docker-registry-part-4-lets-secure-the-registry-250c3cef237
https://betterprogramming.pub/cleanup-your-docker-registry-ef0527673e3a
https://teplyheng.medium.com/how-to-completely-remove-docker-images-from-a-docker-registry-v2-76d8a26847ff
## Changelog
### v1.0 - 2024-11-15
#### Added
- initial version by [GMo](mailto:gilles.mouchet@gmail.com)
Reference in New Issue View Git Blame Copy Permalink