Cloudflare 하에서 Docker registry (+apache2 proxy) 구축

(단, Apache2는 기존 서버에 돌리던거라 docker 컨테이너가 아님.)

ref: https://konstantinpavlov.net/blog/2016/09/14/deploying-private-docker-registry-behind-cloudflare/
ref: https://github.com/docker/distribution/tree/master/contrib/apache

아파치 설정

<VirtualHost *:443>

  ServerName Docker_Registry_도메인_주소
  ServerAlias www.Docker_Registry_도메인_주소

  SSLEngine on
  SSLCertificateFile /etc/apache2/ssl/인증서.crt
  SSLCertificateKeyFile /etc/apache2/ssl/비밀키.key

  # Higher Strength SSL Ciphers
  SSLProtocol all -SSLv2 -SSLv3 -TLSv1 
  SSLCipherSuite RC4-SHA:HIGH
  SSLHonorCipherOrder on

  # Logs
  ErrorLog ${APACHE_LOG_DIR}/registry_error_ssl_log
  CustomLog ${APACHE_LOG_DIR}/registry_access_ssl_log combined env=!dontlog

  Header always set "Docker-Distribution-Api-Version" "registry/2.0"
  Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0"
  RequestHeader set X-Forwarded-Proto "https"

  ProxyRequests     off
  ProxyPreserveHost on

  # no proxy for /error/ (Apache HTTPd errors messages)
  ProxyPass /error/ !

  #
  # Registry v2
  #

  ProxyPass        /v2 http://localhost:5002/v2
  ProxyPassReverse /v2 http://localhost:5002/v2

  <Location /v2>
    Order deny,allow
    Allow from all
    AuthName "Registry Authentication"
    AuthType basic
    AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd"

    # Read access to authentified users
    <Limit GET HEAD>
      Require valid-user
    </Limit>

    # Write access to docker-deployer only
    <Limit POST PUT DELETE>
      Require user docker-deployer
    </Limit>
  </Location>
</VirtualHost>

htpasswd -c /etc/apache2/htpasswd/registry-htpasswd 사용자인증_계정명
a2ensite /etc/apache2/sites-available/아파치설정파일.conf
service apache2 reload

Docker registry 실행

docker run --restart=always -d -e SETTINGS_FLAVOR=dev -v /var/lib/docker-registry/storage/v2:/tmp -p 5002:5000 registry:2

Cloudflare 설정

DNS 설정에서 먼저 A, AAAA 항목에 아이피와 도메인을 이어준다.

Page Rules에서 Create Page Rule을 눌러 다음과 같이 입력한다.
http://Docker_Registry_도메인_주소/*
Always Use HTTPS를 선택

확인

https://Docker_Registry_도메인_주소/v2/_catalog 로 이동하여 repositories를 담고 있는 JSON 데이터가 수신되는지 확인한다.