registry

registry/README.md

@@ -1,2 +1,6 @@
 - https://docs.docker.com/registry/deploying/
-- https://docs.docker.com/registry/configuration/
+- https://docs.docker.com/registry/configuration/
+
+```sh
+sudo htpasswd -cB /etc/.htpasswd username
+```

registry/config.yml

@@ -12,12 +12,6 @@ storage:
     maxthreads: 100
   delete:
     enabled: true
-  #token:
-  #  autoredirect: true
-  #  realm: token-realm
-  #  service: token-service
-  #  issuer: registry-token-issuer
-  #  rootcertbundle: /root/certs/bundle
 http:
   addr: 0.0.0.0:5000
   draintimeout: 60s

registry/run.sh

@@ -2,12 +2,31 @@
 
 SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 
+if [ "$STAGE" = "localhost" ] ;
+then
+    echo "INFO Running on localhost"
+    CERT_VOLUME=""
+else
+    echo "INFO Running on prod"
+    CERT_VOLUME="\
+        -v=/etc/letsencrypt:/etc/letsencrypt \
+        -v=/etc/htpasswd:/htpasswd \
+        -e=REGISTRY_HTTP_TLS_CERTIFICATE=/etc/letsencrypt/live/nilstrieb.dev/fullchain.pem \
+        -e=REGISTRY_HTTP_TLS_KEY=/etc/letsencrypt/live/nilstrieb.dev/privkey.pem \
+        -e=REGISTRY_AUTH=htpasswd \
+        -e=REGISTRY_AUTH_HTPASSWD_REALM=Realm \
+        -e=REGISTRY_AUTH_HTPASSWD_PATH=/htpasswd \
+    "
+fi
+
 if docker container inspect registry > /dev/null 2>&1 ;
 then
-    echo "Registry container exists already..."
+    echo "INFO Registry container exists already..."
 else
     docker run -d -p 5000:5000 --restart=always --name registry \
         -v "$SCRIPT_DIR/config.yml:/etc/docker/registry/config.yml" \
+        -v "/var/lib/docker/registry:/var/lib/registry" \
+        $CERT_VOLUME \
         --net internal \
         registry:2
 fi