Docker registry behind Cloudflare with apache2 proxy
Cloudflare 하에서 Docker registry (+apache2 proxy) 구축
(단, Apache2는 기존 서버에 돌리던거라 docker 컨테이너가 아님.)
ref: https://konstantinpavlov.net/blog/2016/09/14/deploying-private-docker-registry-behind-cloudflare/
ref: https://github.com/docker/distribution/tree/master/contrib/apache
아파치 설정
<VirtualHost *:443>
ServerName Docker_Registry_도메인_주소
ServerAlias www.Docker_Registry_도메인_주소
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/인증서.crt
SSLCertificateKeyFile /etc/apache2/ssl/비밀키.key
# Higher Strength SSL Ciphers
SSLProtocol all -SSLv2 -SSLv3 -TLSv1
SSLCipherSuite RC4-SHA:HIGH
SSLHonorCipherOrder on
# Logs
ErrorLog ${APACHE_LOG_DIR}/registry_error_ssl_log
CustomLog ${APACHE_LOG_DIR}/registry_access_ssl_log combined env=!dontlog
Header always set "Docker-Distribution-Api-Version" "registry/2.0"
Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0"
RequestHeader set X-Forwarded-Proto "https"
ProxyRequests off
ProxyPreserveHost on
# no proxy for /error/ (Apache HTTPd errors messages)
ProxyPass /error/ !
#
# Registry v2
#
ProxyPass /v2 http://localhost:5002/v2
ProxyPassReverse /v2 http://localhost:5002/v2
<Location /v2>
Order deny,allow
Allow from all
AuthName "Registry Authentication"
AuthType basic
AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd"
# Read access to authentified users
<Limit GET HEAD>
Require valid-user
</Limit>
# Write access to docker-deployer only
<Limit POST PUT DELETE>
Require user docker-deployer
</Limit>
</Location>
</VirtualHost>
htpasswd -c /etc/apache2/htpasswd/registry-htpasswd 사용자인증_계정명
a2ensite /etc/apache2/sites-available/아파치설정파일.conf
service apache2 reload
Docker registry 실행
docker run --restart=always -d -e SETTINGS_FLAVOR=dev -v /var/lib/docker-registry/storage/v2:/tmp -p 5002:5000 registry:2
Cloudflare 설정
DNS
설정에서 먼저 A, AAAA 항목에 아이피와 도메인을 이어준다.
Page Rules
에서 Create Page Rule
을 눌러 다음과 같이 입력한다.
http://Docker_Registry_도메인_주소/*
Always Use HTTPS
를 선택
확인
https://Docker_Registry_도메인_주소/v2/_catalog 로 이동하여 repositories
를 담고 있는 JSON 데이터가 수신되는지 확인한다.