Skip to content

Instantly share code, notes, and snippets.

@eminkel
Last active September 25, 2023 22:11
Show Gist options
  • Save eminkel/c08c48b800423d0b071618463eca9413 to your computer and use it in GitHub Desktop.
Save eminkel/c08c48b800423d0b071618463eca9413 to your computer and use it in GitHub Desktop.
Docker Registry with Traefik and LetsEncrypt
version: '3'
services:
traefik:
image: traefik
ports:
- "80:80"
- "443:443"
command:
- "--log.level=INFO"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.le.acme.httpchallenge=true"
- "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.le.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.le.acme.email=you@yourdomain.com"
- "--certificatesresolvers.le.acme.storage=acme.json"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./acme.json:/acme.json
networks:
- traefik
registry:
restart: always
image: registry:latest
environment:
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
REGISTRY_AUTH_HTPASSWD_PATH: /auth/registry.password
REGISTRY_STORAGE: s3
REGISTRY_STORAGE_S3_ACCESSKEY: accesskey
REGISTRY_STORAGE_S3_SECRETKEY: secretkey
REGISTRY_STORAGE_S3_BUCKET: bucket-name
REGISTRY_STORAGE_S3_REGION: region-1
REGISTRY_HEALTH_STORAGEDRIVER_ENABLED: false
volumes:
- ./auth:/auth
labels:
- "traefik.enable=true"
- "traefik.http.routers.registry.rule=Host(`yourdomain.com`)"
- "traefik.http.routers.registry.tls=true"
- "traefik.http.routers.registry.tls.certresolver=le"
- "traefik.http.routers.registry.entrypoints=websecure"
# You can remove the line below to make accessible publicly
- "traefik.http.middlewares.private-network.ipwhitelist.sourcerange=comma,delimited,ips,here,to,allow"
# You can remove the line below to make accessible publicly
- "traefik.http.routers.registry.middlewares=private-network@docker"
- "traefik.http.services.registry.loadbalancer.server.port=5000"
networks:
- traefik
networks:
traefik:
external: true
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads"
],
"Resource": "arn:aws:s3:::your-bucket"
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload"
],
"Resource": "arn:aws:s3:::your-bucket/*"
}
]
}
# This will include your BCrypt hash
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment