Installs and configures the official Docker registry container.
You will need to configure a reverse proxy for HTTPS with basic auth.
# Directory for storing pushed images on registry host.
docker_registry_data_directory: /var/www/docker-registry
# Port to expose to host machine, for use in reverse proxy.
docker_registry_expose_port: 5000
- Docker container support (e.g. marklee77.docker)
- HTTPS reverse proxy (e.g. jdauphant.nginx)
# Configure only local Docker container.
# Does not handle HTTPS reverse proxy.
- name: Configure Docker registry.
hosts: docker-registry
roles:
- role: freedomofpress.docker-registry
# Configure HTTPS reverse proxy via Nginx.
- name: Configure Docker registry.
hosts: docker-registry
vars:
docker_registry_expose_port: 9000
roles:
- role: freedomofpress.docker-registry
- role: jdauphant.nginx
nginx_sites:
docker_registry:
- listen 443
- server_name {{ letsencrypt_fqdn }}
- ssl on
- ssl_certificate {{ letsencrypt_cert_chain_fullpath }}
- ssl_certificate_key {{ letsencrypt_cert_privkey_fullpath }}
- root {{ docker_registry_data_directory }}
- client_max_body_size 0
- chunked_transfer_encoding on
- |-
location /v2/ {
proxy_pass http://127.0.0.1:5000;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
This role uses Molecule and [Testinfra] for testing. To test:
pip install -r requirements.txt
MIT