Created
January 6, 2014 20:08
-
-
Save aluedeke/8289007 to your computer and use it in GitHub Desktop.
docker basic auth
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
build) | |
packer build -var 'build_target=$BUILD_TARGET' packer.json | |
;; | |
import) | |
docker import - $DOCKER_REGISTRY_HOST:5000/$DOCKER_REPOSITORY < $BUILD_TARGET | |
;; | |
run) | |
docker run -i -t -p $DOCKER_REGISTRY_PORT:443 -p 5050:5000 -e SETTINGS_FLAVOR=prod -e AWS_KEY=$AWS_KEY -e AWS_SECRET=$AWS_SECRET -e AWS_BUCKET=$AWS_BUCKET $DOCKER_REGISTRY_HOST:5000/$DOCKER_REPOSITORY:latest supervisord -n | |
;; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Set env vars for AWS_* when launching - this config will refer to them. | |
# To specify prod flavor, set the environment variable SETTINGS_FLAVOR=prod | |
# example launching with this config, in a docker image: | |
# docker run -p 5000:5000 -e SETTINGS_FLAVOR=prod -e AWS_KEY=X -e AWS_SECRET=Y -e AWS_BUCKET=images registry-image | |
prod: | |
storage: s3 | |
boto_bucket: _env:AWS_BUCKET | |
s3_access_key: _env:AWS_KEY | |
s3_secret_key: _env:AWS_SECRET | |
s3_bucket: _env:AWS_BUCKET | |
s3_encrypt: true | |
s3_secure: true | |
secret_key: REPLACEME | |
s3_encrypt: true | |
s3_secure: true | |
storage_path: /images | |
standalone: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 443; | |
server_name localhost; | |
ssl on; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS; | |
ssl_prefer_server_ciphers on; | |
ssl_certificate /docker-registry/server.crt; | |
ssl_certificate_key /docker-registry/server.key; | |
proxy_set_header Host $http_host; # required for docker client's sake | |
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP | |
client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads | |
# required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486) | |
# chunkin on; | |
# error_page 411 = @my_411_error; | |
# location @my_411_error { | |
# chunkin_resume; | |
# } | |
location / { | |
# Basic authentication | |
# Basic authentication | |
auth_basic "Restricted"; | |
auth_basic_user_file /docker-registry/.htpasswd; | |
proxy_pass http://127.0.0.1:5000; | |
proxy_read_timeout 900; | |
} | |
location /_ping { | |
auth_basic off; | |
proxy_pass http://127.0.0.1:5000; | |
proxy_read_timeout 900; | |
} | |
location /v1/_ping { | |
auth_basic off; | |
proxy_pass http://127.0.0.1:5000; | |
proxy_read_timeout 900; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
touch /etc/apt/sources.list.d/nginx.list | |
echo "deb http://ppa.launchpad.net/nginx/stable/ubuntu raring main" >> /etc/apt/sources.list.d/nginx.list | |
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 8B3981E7A6852F782CC4951600A6F0A3C300EE8C | |
apt-get update | |
apt-get -y install supervisor nginx-extras | |
mkdir -p /var/log/supervisor | |
rm /etc/nginx/sites-enabled/default | |
echo "daemon off;" >> /etc/nginx/nginx.conf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[supervisord] | |
nodaemon=true | |
[program:docker-registry] | |
command=sh -c "cd /docker-registry && ./setup-configs.sh && ./run.sh" | |
stdout_logfile=/var/log/supervisor/docker-registry.log | |
stderr_logfile=/var/log/supervisor/docker-registry.log | |
autorestart=true | |
[program:nginx] | |
command=nginx | |
stdout_logfile=/var/log/supervisor/nginx.log | |
stderr_logfile=/var/log/supervisor/nginx.log | |
autorestart=true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment