05/07/2020
docker registry with traefik

create a docker registry with traefik

the registry can be called from everywhere on https://registry.raphaelpiccolo.com/
basic auth & https

the registry can be called from the host itself on http://${vmip}:5000
no auth.

the registry can be called from the other containers on http://registry:5000
no auth.

the registry explorer will be accessible from here : https://webregistry.raphaelpiccolo.com/
basic auth & https

the docker compose file

registry:
    restart: always
    container_name: registry
    image: registry:2
    volumes:
      - ./registry/data:/var/lib/registry
    environment:
      - REGISTRY_STORAGE_DELETE_ENABLED=true
    labels:
        - traefik.enable=true
        - traefik.http.routers.registry.rule=Host(`registry.${DOMAIN}`)
        - traefik.http.services.registry.loadbalancer.server.port=5000
        - traefik.http.routers.registry.tls.certresolver=le
        - traefik.http.routers.registry.entrypoints=websecure
        - traefik.http.routers.registry.middlewares=securityheaders,admin

webregistry:
    restart: always
    container_name: webregistry
    image: klausmeyer/docker-registry-browser
    environment: 
        - DOCKER_REGISTRY_URL=https://registry.${DOMAIN}
        - BASIC_AUTH_USER=admin
        - BASIC_AUTH_PASSWORD=${PASSWORD}
    labels:
        - traefik.enable=true
        - traefik.http.routers.webregistry.rule=Host(`webregistry.${DOMAIN}`)
        - traefik.http.services.webregistry.loadbalancer.server.port=8080
        - traefik.http.routers.webregistry.tls.certresolver=le
        - traefik.http.routers.webregistry.entrypoints=websecure
        - traefik.http.routers.webregistry.middlewares=securityheaders,admin

start all

docker-compose up -d

test working

apt install gnupg2 pass
docker login -u admin -p ${PASSWORD} https://registry.raphaelpiccolo.com

docker pull ubuntu:16.04
docker tag ubuntu:16.04 registry.raphaelpiccolo.com/my-ubuntu
docker push registry.raphaelpiccolo.com/my-ubuntu
docker image remove ubuntu:16.04
docker image remove registry.raphaelpiccolo.com/my-ubuntu
docker pull registry.raphaelpiccolo.com/my-ubuntu

call the registry directly

https://registry.raphaelpiccolo.com/v2/_catalog
https://registry.raphaelpiccolo.com/v2/my-ubuntu/tags/list

clean registry

--dry-run makes it do nothing

docker exec -it registry bin/registry garbage-collect --dry-run /etc/docker/registry/config.yml

delete repo in registry

REGISTRY_STORAGE_DELETE_ENABLED=true

get image id

curl -v -H 'Accept: application/vnd.docker.distribution.manifest.v2+json' http://registry.raphaelpiccolo.com/v2/my-ubuntu/manifests/latest

In response headers, you have docker-content-digest: sha256:xxx
now delete it

curl -v -XDELETE http://registry.raphaelpiccolo.com/v2/my-ubuntu/manifests/sha256:d0c7239b63de7b92dc1b2bec3e790088c8541f33cd0a71504b4fdeb624087879

run garbage collector

docker exec -it registry bin/registry garbage-collect /etc/docker/registry/config.yml

remove the repo for real (the only way to remove it from the list of repos)

rm -rf ../registry/data/docker/registry/v2/repositories/