Move documentation about traefik as a full runnable example

README.md

@@ -193,75 +193,3 @@ auth:
     realm: basic-realm
     path: /etc/docker/registry/htpasswd
 ```
-
-## Traefik example
-
-Example of docker compose in use behing [traefik](http://traefik.io) with Docker Swarm mode.
-
-To generate a new password for basic auth, run the command: `htpasswd -nb username password`.
-In the sample, credentials are: *admin* with password: *admin*.
-
-```yml
-version: '3.1'
-services:
-    registry:
-        image: registry:2.6.2
-        volumes:
-            - /opt/docker-registry:/var/lib/registry
-        environment:
-            - REGISTRY_HTTP_SECRET=my_registry_secret
-            - REGISTRY_STORAGE_DELETE_ENABLED=true
-        deploy:
-          placement:
-            constraints: [node.role == manager]
-
-    ui:
-        image: joxit/docker-registry-ui:static
-        environment:
-            - DELETE_IMAGES=true
-            - REGISTRY_TITLE=My Private Docker Registry
-            - REGISTRY_URL=http://docker-registry_registry:5000
-        depends_on: ['registry']
-        networks: ['proxy', 'default']
-        deploy:
-          labels:
-            traefik.backend: 'registry.mydomain.com'
-            traefik.frontend.rule: 'Host:registry.mydomain.com'
-            traefik.enable: 'true'
-            traefik.port: 80
-            traefik.docker.network: 'traefik-net'
-            traefik.frontend.auth.basic: 'admin:$apr1$XXrpwZre$ItZSXpoeB6bdPLCGT7eXG0'
-            traefik.frontend.passHostHeader: 'true'
-
-networks:
-    proxy: {external: {name: 'traefik-net'}}
-```
-
-Run Traefik in dedicated network `traefik-net` and start the `docker-registry` stack.
-
-```bash
-docker network create --driver=overlay --attachable traefik-net
-touch "$(pwd)"/acme.json && chmod 600 "$(pwd)"/acme.json
-docker service create --name traefik --detach=false \
-        --constraint=node.role==manager \
-        --mode global \
-        --publish 80:80 \
-        --publish 443:443 \
-        --entrypoints='Name:http Address::80 Redirect.EntryPoint:https' \
-        --entrypoints='Name:https Address::443 TLS' \
-        --defaultentrypoints=http,https \
-        --acme \
-        --acme.storage=/etc/traefik/acme.json \
-        --acme.entryPoint=https \
-        --acme.httpChallenge.entryPoint=http \
-        --acme.email=contact@mydomain.com \
-        --docker \
-        --docker.swarmMode \
-        --docker.domain=mydomain.com \
-        --docker.watch \
-        --mount type=bind,source="$(pwd)"/acme.json,target=/etc/traefik/acme.json \
-        --mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock \
-        --network traefik-net \
-        traefik:1.6.3-alpine
-docker stack deploy --compose-file docker-compose.yml docker-registry
-```

examples/traefik/README.md

@@ -0,0 +1,18 @@
+# Traefik example
+
+Host the docker registry ui behind [traefik](http://traefik.io) with Docker Swarm mode.
+
+## How to run
+
+Open a terminal console and type
+
+```bash
+bash run-swarm.sh
+```
+
+## Authentication
+
+The registry is protected via __Basic authentication__ but feel free to use wathever you like.
+In this sample, credentials are: **admin / admin**.
+
+To generate a new password for basic auth, run the command: `htpasswd -nb username password`.

examples/traefik/docker-compose-swarm.yml

@@ -0,0 +1,33 @@
+version: '3.1'
+services:
+    registry:
+        image: registry:2.6.2
+        volumes:
+            - /opt/docker-registry:/var/lib/registry
+        environment:
+            - REGISTRY_HTTP_SECRET=my_registry_secret
+            - REGISTRY_STORAGE_DELETE_ENABLED=true
+        deploy:
+          placement:
+            constraints: [node.role == manager]
+
+    ui:
+        image: joxit/docker-registry-ui:static
+        environment:
+            - DELETE_IMAGES=true
+            - REGISTRY_TITLE=My Private Docker Registry
+            - REGISTRY_URL=http://docker-registry_registry:5000
+        depends_on: ['registry']
+        networks: ['proxy', 'default']
+        deploy:
+          labels:
+            traefik.backend: 'registry.mydomain.com'
+            traefik.frontend.rule: 'Host:registry.mydomain.com'
+            traefik.enable: 'true'
+            traefik.port: 80
+            traefik.docker.network: 'traefik-net'
+            traefik.frontend.auth.basic: 'admin:$apr1$XXrpwZre$ItZSXpoeB6bdPLCGT7eXG0'
+            traefik.frontend.passHostHeader: 'true'
+
+networks:
+    proxy: {external: {name: 'traefik-net'}}

examples/traefik/run-swarm.sh

@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+
+if ! [[ `docker network ls | grep "traefik-net"` ]] &>/dev/null; then
+    echo "Setup traefik network"
+    docker network create --driver=overlay --attachable traefik-net
+fi
+
+
+if ! [[ `docker service ls | grep "traefik2"` ]] &>/dev/null; then
+    dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+    # ensure acme.json wich will contains the letsencrypt certificates
+    touch "$dir"/acme.json && chmod 600 "$dir"/acme.json
+
+    docker service create --name traefik2 --detach=false \
+        --constraint node.role==manager \
+        --update-parallelism 1 --update-delay 10s \
+        --mode global \
+        --publish 80:80 \
+        --publish 443:443 \
+        --read-only \
+        --mount type=bind,source="$(pwd)"/acme.json,target=/etc/traefik/acme.json \
+        --mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock \
+        --network traefik-net \
+        traefik:1.7.4-alpine \
+        --entrypoints='Name:http Address::80 Redirect.EntryPoint:https' \
+        --entrypoints='Name:https Address::443 TLS' \
+        --defaultentrypoints=http,https \
+        --acme \
+        --acme.storage=/etc/traefik/acme.json \
+        --acme.entryPoint=https \
+        --acme.httpChallenge.entryPoint=http \
+        --acme.email=contact@mydomain.com \
+        --docker \
+        --docker.swarmMode \
+        --docker.domain=mydomain.com \
+        --docker.exposedByDefault=false \
+        --docker.watch \
+        --api
+fi
+
+docker stack deploy --compose-file docker-compose-swarm.yml docker-registry