From cfca328691d198bbda8b46d11202d6cce72ed190 Mon Sep 17 00:00:00 2001 From: ycyin <71380489+ycyin@users.noreply.github.com> Date: Wed, 18 Sep 2024 18:35:38 +0800 Subject: [PATCH 1/4] update traefik to v2.x --- examples/traefik/acme.json | 0 .../traefik/docker-compose-swarm-registry.yml | 59 +++++++++++++++++++ .../traefik/docker-compose-swarm-traefik.yml | 56 ++++++++++++++++++ examples/traefik/docker-compose-swarm.yml | 34 ----------- examples/traefik/htpasswd | 1 + examples/traefik/run-swarm.sh | 35 +---------- 6 files changed, 118 insertions(+), 67 deletions(-) delete mode 100644 examples/traefik/acme.json create mode 100644 examples/traefik/docker-compose-swarm-registry.yml create mode 100644 examples/traefik/docker-compose-swarm-traefik.yml delete mode 100644 examples/traefik/docker-compose-swarm.yml create mode 100644 examples/traefik/htpasswd diff --git a/examples/traefik/acme.json b/examples/traefik/acme.json deleted file mode 100644 index e69de29b..00000000 diff --git a/examples/traefik/docker-compose-swarm-registry.yml b/examples/traefik/docker-compose-swarm-registry.yml new file mode 100644 index 00000000..9aeb1178 --- /dev/null +++ b/examples/traefik/docker-compose-swarm-registry.yml @@ -0,0 +1,59 @@ +version: '3.7' + +services: + registry-ui: + image: joxit/docker-registry-ui:latest + environment: + - SINGLE_REGISTRY=true + - REGISTRY_TITLE=Docker Registry UI + # For deleting images, you need to activate the delete feature in the UI with DELETE_IMAGES=true and in your registry. + - DELETE_IMAGES=true + - SHOW_CONTENT_DIGEST=true + - NGINX_PROXY_PASS_URL=http://registry:5000 + - SHOW_CATALOG_NB_TAGS=true + - CATALOG_MIN_BRANCHES=1 + - CATALOG_MAX_BRANCHES=1 + - TAGLIST_PAGE_SIZE=100 + - REGISTRY_SECURED=true + - CATALOG_ELEMENTS_LIMIT=1000 + networks: + - traefik-net + deploy: + replicas: 1 + restart_policy: + condition: on-failure + labels: + - "traefik.enable=true" + - "traefik.http.routers.registryui.rule=Host(`myregistry.com`)" + - "traefik.http.routers.registryui.entrypoints=web" + - "traefik.http.services.registryui.loadbalancer.server.port=80" + - "traefik.http.routers.registryui.service=registryui" + configs: + - source: ui_nginx_config + target: /etc/nginx/conf.d/default.conf + + registry: + image: registry:2.8.3 + volumes: + - /DATA/docker-registry/images:/var/lib/registry + - /DATA/docker-registry/htpasswd:/auth + environment: + - REGISTRY_AUTH=htpasswd + - REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm + - REGISTRY_AUTH_HTPASSWD_PATH=/auth + - REGISTRY_HTTP_RELATIVEURLS=true + # For deleting images, you need to activate the delete feature in the registry. + - REGISTRY_STORAGE_DELETE_ENABLED=true + deploy: + replicas: 1 + restart_policy: + condition: on-failure + placement: + constraints: + - node.role == manager + networks: + - traefik-net + +networks: + traefik-net: + external: true \ No newline at end of file diff --git a/examples/traefik/docker-compose-swarm-traefik.yml b/examples/traefik/docker-compose-swarm-traefik.yml new file mode 100644 index 00000000..f89fcb32 --- /dev/null +++ b/examples/traefik/docker-compose-swarm-traefik.yml @@ -0,0 +1,56 @@ +version: "3.7" + +services: + traefik: + image: traefik:v2.11.8 + ports: + - "80:80" + command: + - --api.insecure=false # set to 'false' on production + - --api.dashboard=true # see https://docs.traefik.io/v2.11/operations/dashboard/#secure-mode for how to secure the dashboard + - --api.debug=false # enable additional endpoints for debugging and profiling + - --log.level=INFO # debug while we get it working, for more levels/info see https://docs.traefik.io/observability/logs/ + - --log.format=common + - --accesslog=true + - --accesslog.fields.names.StartUTC=drop + - --providers.docker=true + - --providers.docker.swarmMode=true + - --providers.docker.exposedbydefault=false + - --providers.docker.network=public + - --entryPoints.web.address=:80 + - --entryPoints.web.transport.respondingTimeouts.readTimeout=0 # https://doc.traefik.io/traefik/v2.11/routing/entrypoints/#respondingtimeouts + - --entryPoints.web.transport.respondingTimeouts.idleTimeout=0 + - --entryPoints.web.forwardedHeaders.insecure + # - --entryPoints.websecure.address=:443 + environment: + - TZ=Asia/Shanghai + volumes: + - /var/run/docker.sock:/var/run/docker.sock + networks: + - traefik-net + deploy: + resources: + limits: + cpus: '4' + memory: 8g + reservations: + cpus: '1' + memory: 2g + replicas: 1 + restart_policy: + condition: on-failure + placement: + constraints: + - node.role == manager + labels: + - "traefik.enable=true" + - "traefik.http.routers.dashboard.rule=Host(`mytraefik.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))" + - "traefik.http.routers.dashboard.service=api@internal" # Let the dashboard access the traefik api + - "traefik.http.routers.dashboard.entrypoints=web" # Let the dashboard access the traefik api + - "traefik.http.services.traefik.loadbalancer.server.port=9090" + - "traefik.http.middlewares.auth.basicauth.users=admin:$apr1$XXrpwZre$ItZSXpoeB6bdPLCGT7eXG0" + - "traefik.http.routers.dashboard.middlewares=auth" + +networks: + traefik-net: + external: true \ No newline at end of file diff --git a/examples/traefik/docker-compose-swarm.yml b/examples/traefik/docker-compose-swarm.yml deleted file mode 100644 index cbe1da00..00000000 --- a/examples/traefik/docker-compose-swarm.yml +++ /dev/null @@ -1,34 +0,0 @@ -version: '3.1' -services: - registry: - image: registry:2.7 - volumes: - - /opt/docker-registry:/var/lib/registry - environment: - - REGISTRY_HTTP_SECRET=my_registry_secret - - REGISTRY_STORAGE_DELETE_ENABLED=true - deploy: - placement: - constraints: [node.role == manager] - - ui: - image: joxit/docker-registry-ui:latest - environment: - - DELETE_IMAGES=true - - REGISTRY_TITLE=My Private Docker Registry - - NGINX_PROXY_PASS_URL=http://docker-registry_registry:5000 - - SINGLE_REGISTRY=true - depends_on: ['registry'] - networks: ['proxy', 'default'] - deploy: - labels: - traefik.backend: 'registry.mydomain.com' - traefik.frontend.rule: 'Host:registry.mydomain.com' - traefik.enable: 'true' - traefik.port: 80 - traefik.docker.network: 'traefik-net' - traefik.frontend.auth.basic: 'admin:$apr1$XXrpwZre$ItZSXpoeB6bdPLCGT7eXG0' - traefik.frontend.passHostHeader: 'true' - -networks: - proxy: {external: {name: 'traefik-net'}} \ No newline at end of file diff --git a/examples/traefik/htpasswd b/examples/traefik/htpasswd new file mode 100644 index 00000000..35bb742c --- /dev/null +++ b/examples/traefik/htpasswd @@ -0,0 +1 @@ +admin:$apr1$XXrpwZre$ItZSXpoeB6bdPLCGT7eXG0 \ No newline at end of file diff --git a/examples/traefik/run-swarm.sh b/examples/traefik/run-swarm.sh index 66c87239..9f484ae4 100755 --- a/examples/traefik/run-swarm.sh +++ b/examples/traefik/run-swarm.sh @@ -6,37 +6,6 @@ if ! [[ `docker network ls | grep "traefik-net"` ]] &>/dev/null; then fi -if ! [[ `docker service ls | grep "traefik2"` ]] &>/dev/null; then - dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +docker stack deploy --compose-file docker-compose-swarm-traefik.yml docker-traefik - # ensure acme.json wich will contains the letsencrypt certificates - touch "$dir"/acme.json && chmod 600 "$dir"/acme.json - - docker service create --name traefik2 --detach=false \ - --constraint node.role==manager \ - --update-parallelism 1 --update-delay 10s \ - --mode global \ - --publish 80:80 \ - --publish 443:443 \ - --read-only \ - --mount type=bind,source="$(pwd)"/acme.json,target=/etc/traefik/acme.json \ - --mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock \ - --network traefik-net \ - traefik:1.7.4-alpine \ - --entrypoints='Name:http Address::80 Redirect.EntryPoint:https' \ - --entrypoints='Name:https Address::443 TLS' \ - --defaultentrypoints=http,https \ - --acme \ - --acme.storage=/etc/traefik/acme.json \ - --acme.entryPoint=https \ - --acme.httpChallenge.entryPoint=http \ - --acme.email=contact@mydomain.com \ - --docker \ - --docker.swarmMode \ - --docker.domain=mydomain.com \ - --docker.exposedByDefault=false \ - --docker.watch \ - --api -fi - -docker stack deploy --compose-file docker-compose-swarm.yml docker-registry \ No newline at end of file +docker stack deploy --compose-file docker-compose-swarm-registry.yml docker-registry \ No newline at end of file From b2d33cefdfac2642c676977be18a216fa66b29ea Mon Sep 17 00:00:00 2001 From: ycyin <71380489+ycyin@users.noreply.github.com> Date: Wed, 18 Sep 2024 18:44:30 +0800 Subject: [PATCH 2/4] add file of nginx config --- .../traefik/docker-compose-swarm-registry.yml | 4 +- examples/traefik/registry-ui-nginx.conf | 48 +++++++++++++++++++ 2 files changed, 50 insertions(+), 2 deletions(-) create mode 100644 examples/traefik/registry-ui-nginx.conf diff --git a/examples/traefik/docker-compose-swarm-registry.yml b/examples/traefik/docker-compose-swarm-registry.yml index 9aeb1178..14fc30a0 100644 --- a/examples/traefik/docker-compose-swarm-registry.yml +++ b/examples/traefik/docker-compose-swarm-registry.yml @@ -35,8 +35,8 @@ services: registry: image: registry:2.8.3 volumes: - - /DATA/docker-registry/images:/var/lib/registry - - /DATA/docker-registry/htpasswd:/auth + - /images:/var/lib/registry + - /htpasswd:/auth environment: - REGISTRY_AUTH=htpasswd - REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm diff --git a/examples/traefik/registry-ui-nginx.conf b/examples/traefik/registry-ui-nginx.conf new file mode 100644 index 00000000..84a7a9b1 --- /dev/null +++ b/examples/traefik/registry-ui-nginx.conf @@ -0,0 +1,48 @@ + server { + listen 80; + server_name localhost; + # disable any limits to avoid HTTP 413 for large image uploads + client_max_body_size 0; + + # required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486) + chunked_transfer_encoding on; + # required for strict SNI checking: see Issue #70 (https://github.com/Joxit/docker-registry-ui/issues/70) + proxy_ssl_server_name on; + proxy_buffering off; + # Fix push and pull of large images: see Issue #282 (https://github.com/Joxit/docker-registry-ui/issues/282) + proxy_request_buffering off; + proxy_ignore_headers "X-Accel-Buffering"; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + location /v2 { + # Do not allow connections from docker 1.5 and earlier + # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents + if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) { + return 404; + } + proxy_ignore_client_abort on; + client_body_timeout 300; + proxy_read_timeout 300; + proxy_send_timeout 300; + keepalive_timeout 150; + proxy_http_version 1.1; + proxy_set_header Host "$http_host"; + + #r set $registry_server "http://registry:5000"; + #r proxy_pass $registry_server; + proxy_pass http://registry:5000; + } + + # error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + } From 262ea885d96459ec9893f22f7cda5e96827e35d1 Mon Sep 17 00:00:00 2001 From: ycyin <71380489+ycyin@users.noreply.github.com> Date: Mon, 20 Jan 2025 14:40:44 +0800 Subject: [PATCH 3/4] Delete examples/traefik/registry-ui-nginx.conf --- examples/traefik/registry-ui-nginx.conf | 48 ------------------------- 1 file changed, 48 deletions(-) delete mode 100644 examples/traefik/registry-ui-nginx.conf diff --git a/examples/traefik/registry-ui-nginx.conf b/examples/traefik/registry-ui-nginx.conf deleted file mode 100644 index 84a7a9b1..00000000 --- a/examples/traefik/registry-ui-nginx.conf +++ /dev/null @@ -1,48 +0,0 @@ - server { - listen 80; - server_name localhost; - # disable any limits to avoid HTTP 413 for large image uploads - client_max_body_size 0; - - # required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486) - chunked_transfer_encoding on; - # required for strict SNI checking: see Issue #70 (https://github.com/Joxit/docker-registry-ui/issues/70) - proxy_ssl_server_name on; - proxy_buffering off; - # Fix push and pull of large images: see Issue #282 (https://github.com/Joxit/docker-registry-ui/issues/282) - proxy_request_buffering off; - proxy_ignore_headers "X-Accel-Buffering"; - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - - location /v2 { - # Do not allow connections from docker 1.5 and earlier - # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents - if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) { - return 404; - } - proxy_ignore_client_abort on; - client_body_timeout 300; - proxy_read_timeout 300; - proxy_send_timeout 300; - keepalive_timeout 150; - proxy_http_version 1.1; - proxy_set_header Host "$http_host"; - - #r set $registry_server "http://registry:5000"; - #r proxy_pass $registry_server; - proxy_pass http://registry:5000; - } - - # error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - } From 6aa4d311d2846cdfb93d5d32298ac64fe5e171ef Mon Sep 17 00:00:00 2001 From: ycyin <71380489+ycyin@users.noreply.github.com> Date: Fri, 7 Mar 2025 10:03:34 +0800 Subject: [PATCH 4/4] fix(yaml): remove outdated configuration --- examples/traefik/docker-compose-swarm-registry.yml | 10 ++-------- examples/traefik/docker-compose-swarm-traefik.yml | 2 -- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/examples/traefik/docker-compose-swarm-registry.yml b/examples/traefik/docker-compose-swarm-registry.yml index 14fc30a0..a9955507 100644 --- a/examples/traefik/docker-compose-swarm-registry.yml +++ b/examples/traefik/docker-compose-swarm-registry.yml @@ -1,5 +1,3 @@ -version: '3.7' - services: registry-ui: image: joxit/docker-registry-ui:latest @@ -28,15 +26,11 @@ services: - "traefik.http.routers.registryui.entrypoints=web" - "traefik.http.services.registryui.loadbalancer.server.port=80" - "traefik.http.routers.registryui.service=registryui" - configs: - - source: ui_nginx_config - target: /etc/nginx/conf.d/default.conf - registry: image: registry:2.8.3 volumes: - - /images:/var/lib/registry - - /htpasswd:/auth + - ./images:/var/lib/registry + - ./htpasswd:/auth environment: - REGISTRY_AUTH=htpasswd - REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm diff --git a/examples/traefik/docker-compose-swarm-traefik.yml b/examples/traefik/docker-compose-swarm-traefik.yml index f89fcb32..6fee70dd 100644 --- a/examples/traefik/docker-compose-swarm-traefik.yml +++ b/examples/traefik/docker-compose-swarm-traefik.yml @@ -1,5 +1,3 @@ -version: "3.7" - services: traefik: image: traefik:v2.11.8