Registry¶
Registry is a being used as a Docker pull through cache for my network.
Installation¶
Default Port: 5000
Configuration path: /etc/docker
Upgrade¶
Warning
The below commands purge any unused Docker images! Use at your own risk!
homelab/docker/registry
Config¶
Server¶
homelab/docker/registry/compose.yaml
cat << EOF > ./docker/registry/compose.yaml
---
services:
registry:
container_name: registry
image: library/registry:3.0.0
environment:
- REGISTRY_STORAGE_DELETE_ENABLED=true
- REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry
- REGISTRY_PROXY_REMOTEURL="https://registry-1.docker.io"
- REGISTRY_PROXY_USERNAME=$DOCKER_USER
- REGISTRY_PROXY_PASSWORD=$DOCKER_TOKEN
env_file:
- .env
ports:
- '5000:5000'
volumes:
- ${REGISTRY_DIR:-/var/lib/registry}:/var/lib/registry
restart: always
EOF
---
services:
registry:
container_name: registry
image: library/registry:3.0.0
environment:
- REGISTRY_STORAGE_DELETE_ENABLED=true
- REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry
- REGISTRY_PROXY_REMOTEURL="https://registry-1.docker.io"
- REGISTRY_PROXY_USERNAME=$DOCKER_USER
- REGISTRY_PROXY_PASSWORD=$DOCKER_TOKEN
env_file:
- .env
ports:
- '5000:5000'
volumes:
- ${REGISTRY_DIR:-/var/lib/registry}:/var/lib/registry
restart: always
Client¶
Tip
registry-mirrors must start with http or https else an error will be thrown when trying to restart the docker service.
/etc/docker/daemon.json
Restart the Docker service
Traefik¶
homelab/pve/traefik/conf.d/registry.yaml
---
http:
#region routers
routers:
registry:
entryPoints:
- "websecure"
rule: "Host(`registry.l.nicholaswilde.io`)"
middlewares:
- default-headers@file
- https-redirectscheme@file
tls: {}
service: registry
#endregion
#region services
services:
registry:
loadBalancer:
servers:
- url: "http://192.168.2.81:5000"
passHostHeader: true
#endregion
middlewares:
https-redirectscheme:
redirectScheme:
scheme: https
permanent: true
default-headers:
headers:
frameDeny: true
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 15552000
customFrameOptionsValue: SAMEORIGIN
customRequestHeaders:
X-Forwarded-Proto: https
default-whitelist:
ipAllowList:
sourceRange:
- "10.0.0.0/8"
- "192.168.0.0/16"
- "172.16.0.0/12"
secured:
chain:
middlewares:
- default-whitelist
- default-headers
Usage¶
Client¶
WIP
Upgrade¶
Warning
The below commands purge any unused Docker images! Use at your own risk!
homelab/docker/registry
Task List¶
task: Available tasks for this project:
* decrypt: Decrypt sensitive configuration files using SOPS.
* default: List all available tasks.
* encrypt: Encrypt sensitive configuration files using SOPS.
* export: Export the task list to `task-list.txt`.
* init: Initialize the application's environment and configuration files.
* mklinks: Create symbolic links for configuration files.
* restart: Restart the application's Docker containers.
* status: Check the status of the application's service or Docker containers.
* stop: Stop the application's Docker containers.
* up: Run Docker Compose in the foreground.
* up-d: Run Docker Compose in the background.
* update: Update the application or its running containers.
* upgrade: Upgrade the application by pulling the latest changes and updating.
* watch: Watch the application's Docker container logs.
Troubleshooting¶
Watch the logs on the server during a pull to ensure that the image is being pulled through the local registry.
References