MainHomePage on Docker#
1. Install Docker & Docker Compose#
公式ページ 等を参考にして頑張る.
インストールされているか確認
docker:
$ docker -v
Docker version 20.10.3, build ...
docker-compose:
$ docker-compose -v
docker-compose version 1.28.2, build ...
2. Create Docker Compose File#
$ vi docker-compose.yml
# Reference
## https://ivhani.medium.com/setting-up-a-docker-registry-with-https-letsencrypt-and-basic-authentication-htpasswd-3ea1961a4144
## https://docs.docker.jp/registry/deploying.html
## https://56kcloud.github.io/Training/Docker/additional-ressources/windows/registry/part-4.html
## https://medium.com/@ifeanyiigili/how-to-setup-a-private-docker-registry-with-a-self-sign-certificate-43a7407a1613
## https://github.com/kwk/docker-registry-frontend/tree/v2/example-setup
## https://stackoverflow.com/questions/50389883/generate-crt-key-ssl-files-from-lets-encrypt-from-scratch
version: "3.8"
services:
docker-registry:
image: registry:2.7.1
restart: always
stdin_open: true
tty: true
container_name: docker-registry
volumes:
- ./registry:/var/lib/registry
- ./auth:/auth
- ./letsencrypt:/etc/letsencrypt
environment:
REGISTRY_STORAGE_DELETE_ENABLED: 'true'
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_HTTP_TLS_CERTIFICATE: /etc/letsencrypt/live/kobe-kosen-robotics.org/fullchain.pem # 公開鍵(csr)の保存先
REGISTRY_HTTP_TLS_KEY: /etc/letsencrypt/live/kobe-kosen-robotics.org/privkey.pem # 秘密鍵(key)の保存先
ports:
- "5000:5000"
networks:
registry-net:
ipv4_address: 192.168.123.2
docker-registry-frontend:
depends_on:
- docker-registry
image: konradkleine/docker-registry-frontend:v2
restart: always
stdin_open: true
tty: true
container_name: docker-registry-frontend
environment:
#- ENV_DOCKER_REGISTRY_HOST=docker-registry
#ENV_DOCKER_REGISTRY_HOST: "docker-registry"
ENV_DOCKER_REGISTRY_HOST: 192.168.123.2
ENV_DOCKER_REGISTRY_PORT: 5000
ENV_REGISTRY_PROXY_FQDN: kobe-kosen-robotics.org # webで表示する pull linkのip address部分
ENV_REGISTRY_PROXY_PORT: 5000
ENV_USE_SSL: 1
# The registry is SSL protected as well
ENV_DOCKER_REGISTRY_USE_SSL: 1
volumes:
- ./letsencrypt/live/kobe-kosen-robotics.org/fullchain.pem:/etc/apache2/server.crt:ro # 公開鍵(csr)のマウント
- ./letsencrypt/live/kobe-kosen-robotics.org/privkey.pem:/etc/apache2/server.key:ro # 秘密鍵(key)のマウント
ports:
- "8080:443"
networks:
registry-net:
ipv4_address: 192.168.123.3
networks:
registry-net:
driver: bridge
ipam:
driver: default
config:
- subnet: 192.168.123.0/24
# コンテナ間で通信をするため,仮想ネットワーク(192.168.123.0)を作成.
# 各コンテナにip addressを割り振ることで, host-firewallを経由することなく,直接通信ができる
# ref:https://knowledge.sakura.ad.jp/26522/
# ref(option):https://sleepless-se.net/2019/09/15/multi-docker-compose-network-setting/
3. FireWall(Ubuntu)#
Ubuntu以外を使用している場合は, 各OSのFireWall設定に従う.
FireWallのstatusを確認
$ sudo ufw status
port: 443 の使用を許可する.
$ sudo ufw allow 443
もう一度1. FireWallのstatusの確認を行い,許可したポートが追加されていることを確認する.
4. SSL証明書の発行#
使用証明局(CA): Let’s Encrypt
Redmine用に発行されたものを利用
Docker File Path
Path: /etc/letsencrypt
ファイル名
公開鍵(csr):fullchain.pem
秘密鍵(key):privkey.pem
5. Nginx設定ファイル#
$ mkdir conf.d
$ cd conf.d
$ vi default.conf
## self certificatin
#server {
# listen 443 ssl;
# server_name kcctserver; # 自分で取得したホスト名に変更
# ssl_certificate /etc/nginx/certs/server.crt;
# ssl_certificate_key /etc/nginx/certs/server.key;
# location / {
# root /usr/share/nginx/html;
# }
#}
# ref_URL: https://www.magata.net/memo/index.php?docker%A4%CEnginx%A4%CESSL%BE%DA%CC%C0%BD%F1%A4%CE%BC%AB%C6%B0%B9%B9%BF%B7#k2609f78
# :
# https
server{
listen 443 ssl;
listen [::]:443 ssl;
server_name kobe-kosen-robotics.org;
ssl_certificate /etc/letsencrypt/live/kobe-kosen-robotics.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/kobe-kosen-robotics.org/privkey.pem;
location / {
#proxy_pass http://backend;
root /usr/share/nginx/html;
}
}
6. HTMLファイルの配置#
$ mkdir html
$ cd html
$ vi index.html
HogeHoge
7. Directory Layout#
├── docker-compose.yml
├── conf.d
│ └── default.conf
├── html
│ └── index.html
├── letsencrypt
│ └──live
│ └── kobe-kosen-robotics.org
│ ├── cert.pem
│ ├── chain.pem
│ ├── fullchain.pem
│ └── privkey.pem
└── REAME.md
8. Creates, Starts and Attachs to Container#
コンテナの作成,起動&コンテナに入る:
$ docker-compose up
コンテナに入る必要がない(起動するだけ)の場合, detach optionを追加:
$ docker-compose up -d
9. アクセス#
ここにアクセス https://localhost or https://kobe-kosen-robotics.org