50 lines
1.7 KiB
YAML
50 lines
1.7 KiB
YAML
---
|
|
services:
|
|
registry:
|
|
container_name: registry
|
|
restart: always
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
|
|
- "traefik.http.routers.registry.rule=Host(`registry.tobiasmanske.de`)"
|
|
- "traefik.http.routers.registry.entryPoints=websecure"
|
|
- "traefik.http.services.registry.loadbalancer.server.port=5000"
|
|
image: 'registry:2'
|
|
networks:
|
|
- backend
|
|
volumes:
|
|
- registry_data:/var/lib/registry
|
|
- ./config.yaml:/etc/docker/registry/config.yml:ro,z
|
|
- ./server.pem:/server.pem:ro,Z
|
|
|
|
auth:
|
|
restart: always
|
|
image: 'cesanta/docker_auth:1'
|
|
command:
|
|
- '--logtostderr'
|
|
- '/config/auth_config.yaml'
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
|
|
- "traefik.http.routers.registry-auth.rule=Host(`registry-auth.tobiasmanske.de`)"
|
|
- "traefik.http.routers.registry-auth.entryPoints=websecure"
|
|
- "traefik.http.services.registry-auth.loadbalancer.server.port=5001"
|
|
- "traefik.http.middlewares.registry-auth-headers.headers.accesscontrolalloworiginlist=https://registry-ui.tobiasmanske.de"
|
|
- "traefik.http.middlewares.registry-auth-headers.headers.accesscontrolallowheaders=Authorization,Accept,Cache-Control"
|
|
- "traefik.http.middlewares.registry-auth-headers.headers.accesscontrolallowmethods=HEAD,GET,OPTIONS,DELETE"
|
|
- "traefik.http.routers.registry-auth.middlewares=registry-auth-headers"
|
|
networks:
|
|
- backend
|
|
volumes:
|
|
- ./auth_config.yaml:/config/auth_config.yaml:ro,Z
|
|
- ./server.pem:/server.pem:ro,Z
|
|
- ./server.key:/server.key:ro,Z
|
|
|
|
volumes:
|
|
registry_data:
|
|
|
|
networks:
|
|
backend:
|
|
internal: true
|
|
...
|