Browse Source

Use nginx to let only pulls from the local registry

master
meskio 3 years ago
parent
commit
bbb64119b4
Signed by: meskio
GPG Key ID: 52B8F5AC97A2DA86
  1. 7
      docker-config.json
  2. 24
      nginx-registry
  3. 43
      playbook.yml
  4. 2
      vars.yml

7
docker-config.json

@ -1,7 +0,0 @@
{
"auths": {
"{{ registry }}": {
"auth": "{{ registry_auth }}"
}
}
}

24
nginx-registry

@ -0,0 +1,24 @@
upstream docker-registry {
server {{ registry }};
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
# required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486)
chunked_transfer_encoding on;
location /v2/ {
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
if ($request_method ~* "^(GET|HEAD)$") {
proxy_pass http://docker-registry;
}
}
}

43
playbook.yml

@ -4,6 +4,7 @@
- vars.yml
vars:
laminar_home: "/var/lib/laminar/"
registry: "localhost:5000"
become: yes
pre_tasks:
@ -17,6 +18,12 @@
- name: restart webhook
service: name=webhook state=restarted
- name: restart docker registry
service: name=docker-registry state=restarted
- name: restart nginx
service: name=nginx state=restarted
- name: delete keyring
file: dest="{{ laminar_home }}/.gnupg" state=absent
- name: import openpgp keys
@ -41,15 +48,39 @@
- libboost-filesystem1.62.0
- zlib1g
- docker.io
- docker-registry
- nginx
state: latest
- name: docker config
- name: config docker registry
lineinfile:
dest: /etc/docker/registry/config.yml
regexp: ' addr'
line: ' addr: 127.0.0.1:5000'
notify: restart docker registry
- name: enable docker registry
service: name=docker-registry state=started enabled=yes
- name: config nginx registry site
template:
src: docker-config.json
dest: "{{ laminar_home }}/.docker/config.json"
owner: laminar
group: laminar
mode: u=rwx
src: nginx-registry
dest: /etc/nginx/sites-available/registry
notify: restart nginx
- name: delete nginx default site
file: dest="/etc/nginx/sites-enabled/default" state=absent
notify: restart nginx
- name: activate nginx regitry site
file:
src: /etc/nginx/sites-available/registry
dest: /etc/nginx/sites-enabled/registry
state: link
notify: restart nginx
- name: enable nginx
service: name=nginx state=started enabled=yes
- name: install laminar
apt:

2
vars.yml

@ -1,5 +1,3 @@
---
secret: "secret"
repos_url: "https://git.sindominio.net/estibadores"
registry: "localhost:5000"
registry_auth: "dXNlcjpwYXNz"

Loading…
Cancel
Save