eminkel/acme.json

## acme.json
{}

## docker-compose.yml
version: '3'

services:
  traefik:
    image: traefik
    ports:
    - "80:80"
    - "443:443"
    command:
     - "--log.level=INFO"
     - "--providers.docker=true"
     - "--providers.docker.exposedbydefault=false"
     - "--entrypoints.web.address=:80"
     - "--entrypoints.websecure.address=:443"
     - "--certificatesresolvers.le.acme.httpchallenge=true"
     - "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"
     - "--certificatesresolvers.le.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
     - "--certificatesresolvers.le.acme.email=you@yourdomain.com"
     - "--certificatesresolvers.le.acme.storage=acme.json"
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock
    - ./acme.json:/acme.json
    networks:
     - traefik
  registry:
    restart: always
    image: registry:latest
    environment:
      REGISTRY_AUTH: htpasswd
      REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
      REGISTRY_AUTH_HTPASSWD_PATH: /auth/registry.password
      REGISTRY_STORAGE: s3
      REGISTRY_STORAGE_S3_ACCESSKEY: accesskey
      REGISTRY_STORAGE_S3_SECRETKEY: secretkey
      REGISTRY_STORAGE_S3_BUCKET: bucket-name
      REGISTRY_STORAGE_S3_REGION: region-1
      REGISTRY_HEALTH_STORAGEDRIVER_ENABLED: false
    volumes:
      - ./auth:/auth
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.registry.rule=Host(`yourdomain.com`)"
      - "traefik.http.routers.registry.tls=true"
      - "traefik.http.routers.registry.tls.certresolver=le"
      - "traefik.http.routers.registry.entrypoints=websecure"
      # You can remove the line below to make accessible publicly
      - "traefik.http.middlewares.private-network.ipwhitelist.sourcerange=comma,delimited,ips,here,to,allow"
      # You can remove the line below to make accessible publicly
      - "traefik.http.routers.registry.middlewares=private-network@docker"
      - "traefik.http.services.registry.loadbalancer.server.port=5000"
    networks:
     - traefik

networks:
  traefik:
    external: true

## iams-user-config.json
{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Effect": "Allow",
			"Action": [
				"s3:ListAllMyBuckets"
			],
			"Resource": "arn:aws:s3:::*"
		},
		{
			"Effect": "Allow",
			"Action": [
				"s3:ListBucket",
				"s3:GetBucketLocation",
				"s3:ListBucketMultipartUploads"
			],
			"Resource": "arn:aws:s3:::your-bucket"
		},
		{
			"Effect": "Allow",
			"Action": [
				"s3:PutObject",
				"s3:GetObject",
				"s3:DeleteObject",
				"s3:ListMultipartUploadParts",
				"s3:AbortMultipartUpload"
			],
			"Resource": "arn:aws:s3:::your-bucket/*"
		}
	]
}

## registry.password
# This will include your BCrypt hash
	version: '3'

	services:
	traefik:
	image: traefik
	ports:
	- "80:80"
	- "443:443"
	command:
	- "--log.level=INFO"
	- "--providers.docker=true"
	- "--providers.docker.exposedbydefault=false"
	- "--entrypoints.web.address=:80"
	- "--entrypoints.websecure.address=:443"
	- "--certificatesresolvers.le.acme.httpchallenge=true"
	- "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"
	- "--certificatesresolvers.le.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
	- "--certificatesresolvers.le.acme.email=you@yourdomain.com"
	- "--certificatesresolvers.le.acme.storage=acme.json"
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock
	- ./acme.json:/acme.json
	networks:
	- traefik
	registry:
	restart: always
	image: registry:latest
	environment:
	REGISTRY_AUTH: htpasswd
	REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
	REGISTRY_AUTH_HTPASSWD_PATH: /auth/registry.password
	REGISTRY_STORAGE: s3
	REGISTRY_STORAGE_S3_ACCESSKEY: accesskey
	REGISTRY_STORAGE_S3_SECRETKEY: secretkey
	REGISTRY_STORAGE_S3_BUCKET: bucket-name
	REGISTRY_STORAGE_S3_REGION: region-1
	REGISTRY_HEALTH_STORAGEDRIVER_ENABLED: false
	volumes:
	- ./auth:/auth
	labels:
	- "traefik.enable=true"
	- "traefik.http.routers.registry.rule=Host(`yourdomain.com`)"
	- "traefik.http.routers.registry.tls=true"
	- "traefik.http.routers.registry.tls.certresolver=le"
	- "traefik.http.routers.registry.entrypoints=websecure"
	# You can remove the line below to make accessible publicly
	- "traefik.http.middlewares.private-network.ipwhitelist.sourcerange=comma,delimited,ips,here,to,allow"
	# You can remove the line below to make accessible publicly
	- "traefik.http.routers.registry.middlewares=private-network@docker"
	- "traefik.http.services.registry.loadbalancer.server.port=5000"
	networks:
	- traefik

	networks:
	traefik:
	external: true
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Effect": "Allow",
	"Action": [
	"s3:ListAllMyBuckets"
	],
	"Resource": "arn:aws:s3:::*"
	},
	{
	"Effect": "Allow",
	"Action": [
	"s3:ListBucket",
	"s3:GetBucketLocation",
	"s3:ListBucketMultipartUploads"
	],
	"Resource": "arn:aws:s3:::your-bucket"
	},
	{
	"Effect": "Allow",
	"Action": [
	"s3:PutObject",
	"s3:GetObject",
	"s3:DeleteObject",
	"s3:ListMultipartUploadParts",
	"s3:AbortMultipartUpload"
	],
	"Resource": "arn:aws:s3:::your-bucket/*"
	}
	]
	}