利用Caddy部署私有Docker Registry

水文一篇,以便记载吧。

CaddyServer

不多介绍,基于Go开发的Web服务软件。

docker.loveyun.net {
    gzip
    prometheus
    log / /var/log/caddy/docker_image.pt.log "{remote} {when} {method} {uri} {proto} {status} {size} {>User-Agent} {latency}" {
   	rotate_size 50
	rotate_age  90
	rotate_keep 20
	rotate_compress
    }
    ipfilter / {
        rule allow
        ip 47.90.79.231 149.129.68.43 107.172.207.215 149.129.99.122 47.91.246.237 59.110.220.53 148.70.49.123 123.207.5.142 150.95.152.98 104.243.23.118 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 127.0.0.1
    }
	errors {
        * /tmp/404.html
    }
    tls root@ysicing.net
    header / {
    	Strict-Transport-Security "max-age=31536000;includeSubDomains;preload"
	    -Server
	}
    proxy /v2 10.20.20.2:5000 {
        header_upstream Docker-Distribution-Api-Version "registry/2.0"
        transparent
    }
}

其中关于ipfilter这部分可以省略,进行访问权限限制的。

部署

version: '2.1'
services:
  caddy:
    image: spanda/caddy
    container_name: caddy
    volumes:
    - ./ssl:/root/.caddy
    - /var/log/caddy:/var/log/caddy
    - ./Caddyfile:/etc/Caddyfile
    network_mode: host
    restart: always
  hub:
    image: registry
    container_name: hub
    volumes:
    - /kun/docker/registry:/var/lib/registry
    network_mode: host
    restart: always

特别说明

spanda/caddy 镜像源码可以参考 ysicing/dockerfiles
docker.loveyun.net 源码地址可以参考 kun/kun-docker-hub

推荐阅读