Example behind Traefik

2025-04-27 15:39:54 +03:00 · 2018-06-17 15:39:21 +02:00 · 2018-06-17 15:39:21 +02:00 · 637f7635dc
commit 637f7635dc
parent 09b77201be
1 changed files with 72 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -193,3 +193,75 @@ auth:
    realm: basic-realm
    path: /etc/docker/registry/htpasswd
 ```
+
+## Traefik example
+
+Example of docker compose in use behing [traefik](http://traefik.io) with Docker Swarm mode.
+
+To generate a new password for basic auth, run the command: `htpasswd -nb username password`.
+In the sample, credentials are: *admin* with password: *admin*.
+
+```yml
+version: '3.1'
+services:
+    registry:
+        image: registry:2.6.2
+        volumes:
+            - /opt/docker-registry:/var/lib/registry
+        environment:
+            - REGISTRY_HTTP_SECRET=my_registry_secret
+            - REGISTRY_STORAGE_DELETE_ENABLED=true
+        deploy:
+          placement:
+            constraints: [node.role == manager]
+
+    ui:
+        image: joxit/docker-registry-ui:static
+        environment:
+            - DELETE_IMAGES=true
+            - REGISTRY_TITLE=My Private Docker Registry
+            - REGISTRY_URL=http://docker-registry_registry:5000
+        depends_on: ['registry']
+        networks: ['proxy', 'default']
+        deploy:
+          labels:
+            traefik.backend: 'registry.mydomain.com'
+            traefik.frontend.rule: 'Host:registry.mydomain.com'
+            traefik.enable: 'true'
+            traefik.port: 80
+            traefik.docker.network: 'traefik-net'
+            traefik.frontend.auth.basic: 'admin:$apr1$XXrpwZre$ItZSXpoeB6bdPLCGT7eXG0'
+            traefik.frontend.passHostHeader: 'true'
+
+networks:
+    proxy: {external: {name: 'traefik-net'}}
+```
+
+Run Traefik in dedicated network `traefik-net` and start the `docker-registry` stack.
+
+```bash
+docker network create --driver=overlay --attachable traefik-net
+touch "$(pwd)"/acme.json && chmod 600 "$(pwd)"/acme.json
+docker service create --name traefik --detach=false \
+        --constraint=node.role==manager \
+        --mode global \
+        --publish 80:80 \
+        --publish 443:443 \
+        --entrypoints='Name:http Address::80 Redirect.EntryPoint:https' \
+        --entrypoints='Name:https Address::443 TLS' \
+        --defaultentrypoints=http,https \
+        --acme \
+        --acme.storage=/etc/traefik/acme.json \
+        --acme.entryPoint=https \
+        --acme.httpChallenge.entryPoint=http \
+        --acme.email=contact@mydomain.com \
+        --docker \
+        --docker.swarmMode \
+        --docker.domain=mydomain.com \
+        --docker.watch \
+        --mount type=bind,source="$(pwd)"/acme.json,target=/etc/traefik/acme.json \
+        --mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock \
+        --network traefik-net \
+        traefik:1.6.3-alpine
+docker stack deploy --compose-file docker-compose.yml docker-registry
+```