diff --git a/.gitignore b/.gitignore index c0394d0..2422077 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,5 @@ -registry/ +# Ignore everything in the volumes/html directory +volumes/* + +# Do not ignore a special file name +!.gitkeep diff --git a/README.md b/README.md index be90223..e69de29 100644 --- a/README.md +++ b/README.md @@ -1,5 +0,0 @@ -# registry.docker.zinomedia.de - -- The Registry is a stateless, highly scalable server side application that stores and lets you distribute Docker images. -- https://git.zinomedia.de/zino/docker-registry-zinomedia.git -- e184399a49b1648d7b06ca35c4be8a1b5bd1060e \ No newline at end of file diff --git a/auth/htpasswd b/auth/htpasswd deleted file mode 100644 index 4fa0536..0000000 --- a/auth/htpasswd +++ /dev/null @@ -1 +0,0 @@ -zino:$apr1$XBzEVqBi$9SNhwAwBS2PJ47coYKoRH/ diff --git a/docker-compose.yml b/docker-compose.yml index 1f0a5dc..b016c54 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,10 +1,8 @@ -version: "3" +version: "3.8" services: - registry: - container_name: registry - restart: always - image: registry:2 - ports: - - 8061:5000 - volumes: - - registry:/var/lib/registry + registry: + container_name: registry + restart: always + image: registry:2 + volumes: + - ./volumes/registry:/var/lib/registry diff --git a/id_rsa b/id_rsa deleted file mode 100644 index fa3d5f1..0000000 --- a/id_rsa +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn -NhAAAAAwEAAQAAAQEAzdlVUjk8K/BQXhqao1lkjkjwEMJwB+S4IfkJF/XAHHXDEcpG32jv -eSsngCTMdgR9H3Z4gD1bVhKseHAeCtauDRSs2QVlRE9zmx8XYcGbsLa0HjC2NlbmTfu79i -+giwaC7TQsP+TrKk6DHpCLZbIx5sUm6FuSvbolMefyAWZS2vh16UDNjovENH2YpCULnuvO -E11hxgNjcSx6WSbYP6SYvH4tqaX9JNLSJagPpAEJ8FJSkSd6GuPETfUmdHLzh/1eVHGsZI -Q3ubnnZ9h+5gjbSJ5fVjlW+RCAjXPnvuRyA089QHibvsXDBExz+gbd/BN/mGOugQf4qukR -FQ3VEJtv+QAAA9C/GIx2vxiMdgAAAAdzc2gtcnNhAAABAQDN2VVSOTwr8FBeGpqjWWSOSP -AQwnAH5Lgh+QkX9cAcdcMRykbfaO95KyeAJMx2BH0fdniAPVtWEqx4cB4K1q4NFKzZBWVE -T3ObHxdhwZuwtrQeMLY2VuZN+7v2L6CLBoLtNCw/5OsqToMekItlsjHmxSboW5K9uiUx5/ -IBZlLa+HXpQM2Oi8Q0fZikJQue684TXWHGA2NxLHpZJtg/pJi8fi2ppf0k0tIlqA+kAQnw -UlKRJ3oa48RN9SZ0cvOH/V5UcaxkhDe5uedn2H7mCNtInl9WOVb5EICNc+e+5HIDTz1AeJ -u+xcMETHP6Bt38E3+YY66BB/iq6REVDdUQm2/5AAAAAwEAAQAAAQAE1xhnf4sHqXXqUIvU -TXTM17A1ZK0HsnwV6GorUw76XFaC45O5CxmeasJaBAN+vupGRB3fPhIYuwWtK025iYS8MA -FEdRkFeyzHt/pvxQKpLBKeJx0RuAdgTAwGZOZMfpGzjCeCNRrGeuQgYtu0P3Vm7LnWeti/ -d1IKk16gY8yM84HZhTYcpSwdDCORXjY4YOGLDm45kWzL89W4hOIIpx0pRV3t3ISTnFxEsr -j4mhePtnoib+wbetsewql1vlsDsHnGIeQwa1XuZdolXHoQXi1y5ygnd2XR0ChVBdQ9wAFO -GrlxlmV8WzRgfFIwlUMflcA0BtFEW513Db5haDTWgZCRAAAAgDAKJQAh3r6t6rD6qzmesM -X7QjogYvs1L15Ickn9lyAEjQrBAWNQWYi2tTLEVDF7eH+OyscRXjuwUxK43QANOL7KE7jI -3Ql/hnf0TiTGGNjqBB/h506NC+qvQfson7oj16AUwrHHb9GIRvRcZdy9tsU9TiAtrcgOOi -qa5SJ/yWIjAAAAgQDz4yRkwFEI80NnSGDsMERHzW/6pcA7SREpEAIbICpgsHRGuYHtIwVF -RsvVkPxe6fFcuMUYso67RdNELvPI/6h+endE4heNodC00mytI7nIva4sbU1TIqAzBsEJhT -1A5d7WNCIehQxbbCi3mdEiN4r47176TZdKuE2xl5Kc0rXbzQAAAIEA2BKPbfq0NacvynE7 -or1hmTjOyfidzQ6Vo/UmTuR6anxAhjcAmt3uIYsiYw2xFGGTUmRAu4wOKnyfcD3itzvVC/ -CgehBf+wp9n7FkmvaZMe1ZrefVX9YcOBDjf8T95oGbq5s7kImEH2GIy1fUGad7b/Ad6ADK -lT/8ppEnHoo/cN0AAAAXYXV0b3R1bm5lbEByYXNwYmVycnlwaTIBAgME ------END OPENSSH PRIVATE KEY----- diff --git a/nginx/registry.docker.zinomedia.de.conf b/nginx/registry.docker.zinomedia.de.conf deleted file mode 100644 index b9e6821..0000000 --- a/nginx/registry.docker.zinomedia.de.conf +++ /dev/null @@ -1,63 +0,0 @@ -## Set a variable to help us decide if we need to add the -## 'Docker-Distribution-Api-Version' header. -## The registry always sets this header. -## In the case of nginx performing auth, the header is unset -## since nginx is auth-ing before proxying. -map $upstream_http_docker_distribution_api_version $docker_distribution_api_version { - '' 'registry/2.0'; -} - -server { - listen 443 ssl; - server_name registry.docker.zinomedia.de; - - # SSL - ssl_certificate /etc/letsencrypt/live/registry.docker.zinomedia.de/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/registry.docker.zinomedia.de/privkey.pem; - - # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html - ssl_protocols TLSv1.1 TLSv1.2; - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; - ssl_prefer_server_ciphers on; - ssl_session_cache shared:SSL:10m; - - # disable any limits to avoid HTTP 413 for large image uploads - client_max_body_size 0; - - # required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486) - chunked_transfer_encoding on; - - location /v2/ { - # Do not allow connections from docker 1.5 and earlier - # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents - if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) { - return 404; - } - - # To add basic authentication to v2 use auth_basic setting. - auth_basic "Registry realm"; - auth_basic_user_file /home/zino/projects/dockers/registry.docker.zinomedia.de/auth/htpasswd; - - ## If $docker_distribution_api_version is empty, the header is not added. - ## See the map directive above where this variable is defined. - add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always; - - proxy_pass http://127.0.0.1:8061; - proxy_set_header Host $http_host; # required for docker client's sake - proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_read_timeout 900; - } -} - -server { - if ($host = registry.docker.zinomedia.de) { - return 301 https://$host$request_uri; - } # managed by Certbot - - listen 80; - listen [::]:80; - server_name registry.docker.zinomedia.de; - return 404; # managed by Certbot -} diff --git a/volumes/.gitkeep b/volumes/.gitkeep new file mode 100644 index 0000000..e69de29