diff --git a/README.md b/README.md index 967b83c..ed76ad4 100644 --- a/README.md +++ b/README.md @@ -193,75 +193,3 @@ auth: realm: basic-realm path: /etc/docker/registry/htpasswd ``` - -## Traefik example - -Example of docker compose in use behing [traefik](http://traefik.io) with Docker Swarm mode. - -To generate a new password for basic auth, run the command: `htpasswd -nb username password`. -In the sample, credentials are: *admin* with password: *admin*. - -```yml -version: '3.1' -services: - registry: - image: registry:2.6.2 - volumes: - - /opt/docker-registry:/var/lib/registry - environment: - - REGISTRY_HTTP_SECRET=my_registry_secret - - REGISTRY_STORAGE_DELETE_ENABLED=true - deploy: - placement: - constraints: [node.role == manager] - - ui: - image: joxit/docker-registry-ui:static - environment: - - DELETE_IMAGES=true - - REGISTRY_TITLE=My Private Docker Registry - - REGISTRY_URL=http://docker-registry_registry:5000 - depends_on: ['registry'] - networks: ['proxy', 'default'] - deploy: - labels: - traefik.backend: 'registry.mydomain.com' - traefik.frontend.rule: 'Host:registry.mydomain.com' - traefik.enable: 'true' - traefik.port: 80 - traefik.docker.network: 'traefik-net' - traefik.frontend.auth.basic: 'admin:$apr1$XXrpwZre$ItZSXpoeB6bdPLCGT7eXG0' - traefik.frontend.passHostHeader: 'true' - -networks: - proxy: {external: {name: 'traefik-net'}} -``` - -Run Traefik in dedicated network `traefik-net` and start the `docker-registry` stack. - -```bash -docker network create --driver=overlay --attachable traefik-net -touch "$(pwd)"/acme.json && chmod 600 "$(pwd)"/acme.json -docker service create --name traefik --detach=false \ - --constraint=node.role==manager \ - --mode global \ - --publish 80:80 \ - --publish 443:443 \ - --entrypoints='Name:http Address::80 Redirect.EntryPoint:https' \ - --entrypoints='Name:https Address::443 TLS' \ - --defaultentrypoints=http,https \ - --acme \ - --acme.storage=/etc/traefik/acme.json \ - --acme.entryPoint=https \ - --acme.httpChallenge.entryPoint=http \ - --acme.email=contact@mydomain.com \ - --docker \ - --docker.swarmMode \ - --docker.domain=mydomain.com \ - --docker.watch \ - --mount type=bind,source="$(pwd)"/acme.json,target=/etc/traefik/acme.json \ - --mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock \ - --network traefik-net \ - traefik:1.6.3-alpine -docker stack deploy --compose-file docker-compose.yml docker-registry -``` diff --git a/examples/traefik/README.md b/examples/traefik/README.md new file mode 100644 index 0000000..307bf92 --- /dev/null +++ b/examples/traefik/README.md @@ -0,0 +1,18 @@ +# Traefik example + +Host the docker registry ui behind [traefik](http://traefik.io) with Docker Swarm mode. + +## How to run + +Open a terminal console and type + +```bash +bash run-swarm.sh +``` + +## Authentication + +The registry is protected via __Basic authentication__ but feel free to use wathever you like. +In this sample, credentials are: **admin / admin**. + +To generate a new password for basic auth, run the command: `htpasswd -nb username password`. diff --git a/examples/traefik/acme.json b/examples/traefik/acme.json new file mode 100644 index 0000000..e69de29 diff --git a/examples/traefik/docker-compose-swarm.yml b/examples/traefik/docker-compose-swarm.yml new file mode 100644 index 0000000..b1c0bed --- /dev/null +++ b/examples/traefik/docker-compose-swarm.yml @@ -0,0 +1,33 @@ +version: '3.1' +services: + registry: + image: registry:2.6.2 + volumes: + - /opt/docker-registry:/var/lib/registry + environment: + - REGISTRY_HTTP_SECRET=my_registry_secret + - REGISTRY_STORAGE_DELETE_ENABLED=true + deploy: + placement: + constraints: [node.role == manager] + + ui: + image: joxit/docker-registry-ui:static + environment: + - DELETE_IMAGES=true + - REGISTRY_TITLE=My Private Docker Registry + - REGISTRY_URL=http://docker-registry_registry:5000 + depends_on: ['registry'] + networks: ['proxy', 'default'] + deploy: + labels: + traefik.backend: 'registry.mydomain.com' + traefik.frontend.rule: 'Host:registry.mydomain.com' + traefik.enable: 'true' + traefik.port: 80 + traefik.docker.network: 'traefik-net' + traefik.frontend.auth.basic: 'admin:$apr1$XXrpwZre$ItZSXpoeB6bdPLCGT7eXG0' + traefik.frontend.passHostHeader: 'true' + +networks: + proxy: {external: {name: 'traefik-net'}} \ No newline at end of file diff --git a/examples/traefik/run-swarm.sh b/examples/traefik/run-swarm.sh new file mode 100755 index 0000000..66c8723 --- /dev/null +++ b/examples/traefik/run-swarm.sh @@ -0,0 +1,42 @@ +#!/usr/bin/env bash + +if ! [[ `docker network ls | grep "traefik-net"` ]] &>/dev/null; then + echo "Setup traefik network" + docker network create --driver=overlay --attachable traefik-net +fi + + +if ! [[ `docker service ls | grep "traefik2"` ]] &>/dev/null; then + dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + + # ensure acme.json wich will contains the letsencrypt certificates + touch "$dir"/acme.json && chmod 600 "$dir"/acme.json + + docker service create --name traefik2 --detach=false \ + --constraint node.role==manager \ + --update-parallelism 1 --update-delay 10s \ + --mode global \ + --publish 80:80 \ + --publish 443:443 \ + --read-only \ + --mount type=bind,source="$(pwd)"/acme.json,target=/etc/traefik/acme.json \ + --mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock \ + --network traefik-net \ + traefik:1.7.4-alpine \ + --entrypoints='Name:http Address::80 Redirect.EntryPoint:https' \ + --entrypoints='Name:https Address::443 TLS' \ + --defaultentrypoints=http,https \ + --acme \ + --acme.storage=/etc/traefik/acme.json \ + --acme.entryPoint=https \ + --acme.httpChallenge.entryPoint=http \ + --acme.email=contact@mydomain.com \ + --docker \ + --docker.swarmMode \ + --docker.domain=mydomain.com \ + --docker.exposedByDefault=false \ + --docker.watch \ + --api +fi + +docker stack deploy --compose-file docker-compose-swarm.yml docker-registry \ No newline at end of file