infrastructure/ansible/plays/services/registry/docker-compose.yaml

48 lines
1.6 KiB
YAML
Raw Normal View History

---
services:
registry:
container_name: registry
restart: always
labels:
- "traefik.enable=true"
- "traefik.http.routers.registry.rule=Host(`registry.tobiasmanske.de`)"
- "traefik.http.routers.registry.entryPoints=websecure"
- "traefik.http.services.registry.loadbalancer.server.port=5000"
image: 'registry:2'
networks:
2022-06-25 14:38:17 +02:00
- backend
volumes:
- registry_data:/var/lib/registry
2022-06-25 14:38:17 +02:00
- ./config.yaml:/etc/docker/registry/config.yml:ro,z
2023-05-19 11:11:34 +02:00
- ./server.pem:/server.pem:ro,Z
auth:
restart: always
image: 'cesanta/docker_auth:1'
command:
- '--logtostderr'
- '/config/auth_config.yaml'
labels:
- "traefik.enable=true"
- "traefik.http.routers.registry-auth.rule=Host(`registry-auth.tobiasmanske.de`)"
- "traefik.http.routers.registry-auth.entryPoints=websecure"
- "traefik.http.services.registry-auth.loadbalancer.server.port=5001"
2023-06-28 12:18:23 +02:00
- "traefik.http.middlewares.registry-auth-headers.headers.accesscontrolalloworiginlist=https://registry-ui.tobiasmanske.de"
- "traefik.http.middlewares.registry-auth-headers.headers.accesscontrolallowheaders=Authorization,Accept,Cache-Control"
- "traefik.http.middlewares.registry-auth-headers.headers.accesscontrolallowmethods=HEAD,GET,OPTIONS,DELETE"
- "traefik.http.routers.registry-auth.middlewares=registry-auth-headers"
2023-05-19 11:11:34 +02:00
networks:
- backend
volumes:
- ./auth_config.yaml:/config/auth_config.yaml:ro,Z
- ./server.pem:/server.pem:ro,Z
- ./server.key:/server.key:ro,Z
2022-06-25 14:38:17 +02:00
volumes:
registry_data:
networks:
2022-06-25 14:38:17 +02:00
backend:
internal: true
...