Since Registry consumes a lot of data and may be rate limited in the future , you might run your own proxy , but you should secure it properly..
Example docker-compose.yml
version: '3'
services:
dockerproxy:
build: .
container_name: ${APP_URL}
hostname: ${APP_URL}
restart: unless-stopped
networks:
- default
- dockerproxy
volumes:
- ./apache-block.conf:/etc/apache2/conf.d/apache-block.conf
# - ./store.php:/var/www/html/store.php:consistent
# - ./wiki/:/var/www/html:consistent
ports:
- 5000:80
environment:
- LETSENCRYPT_EMAIL=${MAIL_ADMINISTRATOR}
- LETSENCRYPT_HOST=${APP_URL}
- VIRTUAL_HOST=${APP_URL}
- VIRTUAL_PORT=80
- VIRTUAL_PROTO=http
dockerproxyregistry:
image: registry:2.6.2
##UNCOMMENT THE ABOVE WHEN NO CLIENT SENDS /v1/ anymore
# image: registry:2
# build:
# context: ./build
# dockerfile: Dockerfile-tiddlywiki-php7-nginx-alpine
container_name: dockerregistryproxy
hostname: dockerregistryproxy
restart: unless-stopped
networks:
- dockerproxy
volumes:
- /storage_global/machine.hq.mydomain.systems/dockerproxy:/var/lib/registry
environment:
- GITURL
- GITNAME
- GITEMAIL
- BASICUSER
- BASICPASS
- REGISTRY_PROXY_REMOTEURL=https://registry-1.docker.io
- REGISTRY_PROXY_USERNAME=${UPSTREAM_USER}
- REGISTRY_PROXY_PASSWORD=${UPSTREAM_PASS}
# - REGISTRY_HTTP_SECRET=${HTTPSECRET}
networks:
dockerproxy:
default:
external:
name: nginx-proxy
Example Dockerfile:
FROM alpine
RUN apk add apache2 apache2-proxy bash
RUN sed 's/#LoadModule remoteip_module/LoadModule remoteip_module/g' /etc/apache2/httpd.conf -i
EXPOSE 80
CMD /usr/sbin/httpd -DFOREGROUND
#cmd /bin/bash -c "which apachectl ;which apache ;which apache2 ;sleep 6000"
Example Apache-block.conf
<VirtualHost *:80 >
ServerName _default
ServerAlias "*"
#RemoteIPHeader X-Forwarded-For
#RemoteIPHeader X-Client-IP
RemoteIPHeader X-Real-IP
#RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 172.0.0.0 192.168.178.52
ErrorDocument 403 "You are not in my Friend list 403"
ErrorDocument 401 "Unauthorized 401"
ErrorDocument 404 "Not Found 404"
<Location />
Require ip 127.0.0.0/8 192.168.0.0/16 10.12.13.14 10.1.2.1
Require local
Require host .mydomain.eu .yourdomain.de .yourdomain.systems .uptimerobot.com nginx.nginx-proxy
Require forward-dns myhosta.mydomain.eu myhostb.mydomain.eu
</Location>
<Directory />
<Limit GET POST PUT HEAD>
Order deny,allow
Deny from all
Allow from localhost
Allow from 24.134.39.209
Allow from 37.120.175.232
Allow from *.mydomain.eu
Allow from *.yourdomain.de
Allow from *.yourdomain.systems
Allow from 192.168.*.*
Allow from 172.15.*.*
Allow from 172.16.*.*
Allow from 172.17.*.*
Allow from 172.18.*.*
Allow from 172.19.*.*
Allow from 172.2*.*.*
Allow from 127.*.*.*
</Limit>
</Directory>
ErrorLog /dev/stderr
CustomLog /dev/stdout common
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" proxy
SetEnvIf X-Forwarded-For "^.*..*..*..*" forwarded
CustomLog "logs/access_log" combined env=!forwarded
CustomLog "logs/access_log" proxy env=forwarded
Header set Host "dockerproxy.hq.kosmoskosmos.systems"
Header set "Docker-Distribution-Api-Version" "registry/2.0"
RequestHeader set X-Forwarded-Proto "https"
ProxyRequests off
ProxyPreserveHost on
ProxyPass / http://dockerregistryproxy:5000/
ProxyPassReverse / http://dockerregistryproxy:5000/
# <Location /registry>
# Order deny,allow
# Allow from all
# AuthName "Registry Authentication"
# AuthType basic
# AuthUserFile "/auth/htpasswd"
# Require valid-user
# </Location>
</VirtualHost>