A docker-compose service which will boot up PCB's private docker registry and an nginx container to proxy requests to it. Provided that you have an SSL certificate (or a self-signed certificate), this service will also work locally.
- Create a htpasswd file named
registry.passwordand place it in thekeys/authenticationdirectory. You'll also need a username and password inside it. - Place SSL certificates inside
keys/certs. The nginx container expects a file calleddomain.crtanddomain.key. These can be generated using Let's Encrypt. - Run
docker-compose up -dto boot up the service.
-
CLI:
curl https://USERNAME:PASSWORD@192.168.99.100:5043/v2/
If you can see{}, it's working. -
Browser:
https//192.168.99.100:5043/v2/
You should be greeted with an authentication prompt for a username and password. If you can see{}, it's working.
When pushing a docker image, rather than logging into Docker Hub, use the registry's address: docker login https://192.168.99.100:5043
It can and it's probably preferable to. However, on PCB we have multiple services running - some of which have their own nginx container. Only one nginx container can listen to port 443 so instead we send requests here via an nginx reverse proxy.
We have sensitive data baked into our images, so naturally we need a private location to store them.
Assuming you used Let's Encrypt...
- If you have a file called privkey.pem rename that to domain.key.
- If you have a file called cert.pem rename that to domain.crt