jeffersonsouza/docker-compose.yml

## docker-compose.yml
version: '2'

services:
    nginx:
        image: nginx
        restart: always
        hostname: loadbalancer
        ports:
            - "80:80"
            - "443:443"
        volumes:
            - ~/http/conf.d:/etc/nginx/conf.d:ro
            - ~/ci/http/certs:/etc/nginx/certs:ro
        networks:
            - core
    registry:
        image: registry:2
        restart: always
        expose:
            - "5000"
        labels:
            com.jeffersonsouza.description: "Private Docker Registry"
        volumes:
            - /home/ubuntu/data/registry:/var/lib/registry
        env_file:
            - registry.env
        networks:
            - core
networks:
    core:
        driver: bridge

## registry.conf
upstream registry {
    server registry:5000;
}

server {
        listen 80;
        listen [::]:80;
        server_name hub.jeffersonsouza.com.br;
        return 301 https://$host$request_uri;
}

server {
    listen 443;
    server_name  hub.jeffersonsouza.com.br;
    root /web/registry;

    # SSL

    ssl on;
    ssl_certificate certs/your.domain.com.pem;
    ssl_certificate_key certs/your.domain.com.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers YOUR-CIPHER;
    ssl_session_cache shared:SSL:10m;

   add_header Strict-Transport-Security max-age=31536000;
    client_max_body_size 0;

    location / {
        auth_basic              "Restricted";
        auth_basic_user_file    conf.d/docker-registry.htpasswd;
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_connect_timeout       7200;
        proxy_send_timeout          7200;
        proxy_read_timeout          7200;
        send_timeout                7200;
        client_max_body_size 0;

        proxy_pass http://registry;
    }

    location /_ping {
        auth_basic off;
    }

    location /v1/_ping {
       auth_basic off;
    }
}

## registry.env
REGISTRY_STORAGE=s3
REGISTRY_STORAGE_S3_ACCESSKEY=XXXXXXXXXXXXXXXX
REGISTRY_STORAGE_S3_SECRETKEY=XXxxXXXXXxxxXxXXxxXxxxXXXXxxxXXx
REGISTRY_STORAGE_S3_REGION=us-west-2
REGISTRY_STORAGE_S3_BUCKET=your-bucket
REGISTRY_STORAGE_S3_ROOTDIRECTORY=/registry
REGISTRY_STORAGE_S3_SECURE=true
REGISTRY_HTTP_SECRET=your-secret
REGISTRY_HTTP_HOST=your.domain.com
	version: '2'

	services:
	nginx:
	image: nginx
	restart: always
	hostname: loadbalancer
	ports:
	- "80:80"
	- "443:443"
	volumes:
	- ~/http/conf.d:/etc/nginx/conf.d:ro
	- ~/ci/http/certs:/etc/nginx/certs:ro
	networks:
	- core
	registry:
	image: registry:2
	restart: always
	expose:
	- "5000"
	labels:
	com.jeffersonsouza.description: "Private Docker Registry"
	volumes:
	- /home/ubuntu/data/registry:/var/lib/registry
	env_file:
	- registry.env
	networks:
	- core
	networks:
	core:
	driver: bridge
	upstream registry {
	server registry:5000;
	}

	server {
	listen 80;
	listen [::]:80;
	server_name hub.jeffersonsouza.com.br;
	return 301 https://$host$request_uri;
	}

	server {
	listen 443;
	server_name hub.jeffersonsouza.com.br;
	root /web/registry;

	# SSL

	ssl on;
	ssl_certificate certs/your.domain.com.pem;
	ssl_certificate_key certs/your.domain.com.key;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ciphers YOUR-CIPHER;
	ssl_session_cache shared:SSL:10m;

	add_header Strict-Transport-Security max-age=31536000;
	client_max_body_size 0;

	location / {
	auth_basic "Restricted";
	auth_basic_user_file conf.d/docker-registry.htpasswd;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_connect_timeout 7200;
	proxy_send_timeout 7200;
	proxy_read_timeout 7200;
	send_timeout 7200;
	client_max_body_size 0;

	proxy_pass http://registry;
	}

	location /_ping {
	auth_basic off;
	}

	location /v1/_ping {
	auth_basic off;
	}
	}
	REGISTRY_STORAGE=s3
	REGISTRY_STORAGE_S3_ACCESSKEY=XXXXXXXXXXXXXXXX
	REGISTRY_STORAGE_S3_SECRETKEY=XXxxXXXXXxxxXxXXxxXxxxXXXXxxxXXx
	REGISTRY_STORAGE_S3_REGION=us-west-2
	REGISTRY_STORAGE_S3_BUCKET=your-bucket
	REGISTRY_STORAGE_S3_ROOTDIRECTORY=/registry
	REGISTRY_STORAGE_S3_SECURE=true
	REGISTRY_HTTP_SECRET=your-secret
	REGISTRY_HTTP_HOST=your.domain.com