# MainHomePage on Docker


### 1. Install Docker & Docker Compose
　　[ _公式ページ_ ](https://docs.docker.com)等を参考にして頑張る．

　　インストールされているか確認

　　docker:
```bash
$ docker -v
Docker version 20.10.3, build ...
```

　　docker-compose:
```bash
$ docker-compose -v
docker-compose version 1.28.2, build ...
```


### 2. Create Docker Compose File
```bash
$ vi docker-compose.yml
# Reference
## https://ivhani.medium.com/setting-up-a-docker-registry-with-https-letsencrypt-and-basic-authentication-htpasswd-3ea1961a4144
## https://docs.docker.jp/registry/deploying.html
## https://56kcloud.github.io/Training/Docker/additional-ressources/windows/registry/part-4.html
## https://medium.com/@ifeanyiigili/how-to-setup-a-private-docker-registry-with-a-self-sign-certificate-43a7407a1613

## https://github.com/kwk/docker-registry-frontend/tree/v2/example-setup
## https://stackoverflow.com/questions/50389883/generate-crt-key-ssl-files-from-lets-encrypt-from-scratch

version: "3.8"
services:
  docker-registry:
    image: registry:2.7.1
    restart: always
    stdin_open: true
    tty: true
    container_name: docker-registry
    volumes:
      - ./registry:/var/lib/registry
      - ./auth:/auth
      - ./letsencrypt:/etc/letsencrypt
    environment:
      REGISTRY_STORAGE_DELETE_ENABLED: 'true'
      REGISTRY_AUTH: htpasswd
      REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
      REGISTRY_HTTP_TLS_CERTIFICATE: /etc/letsencrypt/live/kobe-kosen-robotics.org/fullchain.pem  # 公開鍵(csr)の保存先
      REGISTRY_HTTP_TLS_KEY: /etc/letsencrypt/live/kobe-kosen-robotics.org/privkey.pem            # 秘密鍵(key)の保存先
    ports:
      - "5000:5000"
    networks:
      registry-net:
        ipv4_address: 192.168.123.2
  
  docker-registry-frontend:
    depends_on:
      - docker-registry
    image: konradkleine/docker-registry-frontend:v2
    restart: always
    stdin_open: true
    tty: true
    container_name: docker-registry-frontend
    environment:
      #- ENV_DOCKER_REGISTRY_HOST=docker-registry
      #ENV_DOCKER_REGISTRY_HOST: "docker-registry"
      ENV_DOCKER_REGISTRY_HOST: 192.168.123.2
      ENV_DOCKER_REGISTRY_PORT: 5000
      ENV_REGISTRY_PROXY_FQDN: kobe-kosen-robotics.org    # webで表示する pull linkのip address部分
      ENV_REGISTRY_PROXY_PORT: 5000
      ENV_USE_SSL: 1
      # The registry is SSL protected as well
      ENV_DOCKER_REGISTRY_USE_SSL: 1
    volumes:
      - ./letsencrypt/live/kobe-kosen-robotics.org/fullchain.pem:/etc/apache2/server.crt:ro  # 公開鍵(csr)のマウント
      - ./letsencrypt/live/kobe-kosen-robotics.org/privkey.pem:/etc/apache2/server.key:ro    # 秘密鍵(key)のマウント
    ports:
      - "8080:443"
    networks:
      registry-net:
        ipv4_address: 192.168.123.3

networks:
  registry-net:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 192.168.123.0/24

# コンテナ間で通信をするため，仮想ネットワーク(192.168.123.0)を作成.
# 各コンテナにip addressを割り振ることで, host-firewallを経由することなく，直接通信ができる
# ref:https://knowledge.sakura.ad.jp/26522/
# ref(option):https://sleepless-se.net/2019/09/15/multi-docker-compose-network-setting/
```


### 3. FireWall(Ubuntu)
Ubuntu以外を使用している場合は, 各OSのFireWall設定に従う．
1. FireWallのstatusを確認
    ```bash
    $ sudo ufw status
    ```
1. port: 443 の使用を許可する．
    ```bash
    $ sudo ufw allow 443
    ```
1. もう一度1. FireWallのstatusの確認を行い，許可したポートが追加されていることを確認する．


### 4. SSL証明書の発行
- 使用証明局(CA): Let's Encrypt
- Redmine用に発行されたものを利用
  - Docker File Path<br>
    Path: /etc/letsencrypt
- ファイル名
  - 公開鍵(csr)：fullchain.pem
  - 秘密鍵(key)：privkey.pem


### 5. Nginx設定ファイル
```bash
$ mkdir conf.d
$ cd conf.d
$ vi default.conf
## self certificatin
#server {
#    listen              443                 ssl;
#    server_name      kcctserver; # 自分で取得したホスト名に変更
#    ssl_certificate     /etc/nginx/certs/server.crt;
#    ssl_certificate_key /etc/nginx/certs/server.key;

#    location / {
#        root   /usr/share/nginx/html;
#    }
#}

# ref_URL: https://www.magata.net/memo/index.php?docker%A4%CEnginx%A4%CESSL%BE%DA%CC%C0%BD%F1%A4%CE%BC%AB%C6%B0%B9%B9%BF%B7#k2609f78
#        : 
# https
server{
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name  kobe-kosen-robotics.org;
    ssl_certificate     /etc/letsencrypt/live/kobe-kosen-robotics.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/kobe-kosen-robotics.org/privkey.pem;
    location / {
        #proxy_pass http://backend;
        root   /usr/share/nginx/html;
    }
}
```


### 6. HTMLファイルの配置
```bash
$ mkdir html
$ cd html
$ vi index.html
HogeHoge
```


### 7. Directory Layout
```
├── docker-compose.yml
├── conf.d
│   └── default.conf
├── html
│   └── index.html
├── letsencrypt
│   └──live
│       └── kobe-kosen-robotics.org
│           ├── cert.pem
│           ├── chain.pem
│           ├── fullchain.pem
│           └── privkey.pem
└── REAME.md
```


### 8. Creates, Starts and Attachs to Container
- コンテナの作成，起動＆コンテナに入る:
  ```bash
  $ docker-compose up
  ```

- コンテナに入る必要がない(起動するだけ)の場合, detach optionを追加:
  ```bash
  $ docker-compose up -d
  ```


### 9. アクセス
- ここにアクセス
  [https://localhost](https://localhost)  or  [https://kobe-kosen-robotics.org](https://kobe-kosen-robotics.org)