Use a dedicated domain for the registry

2018-12-10 22:11:20 +00:00 · 2018-12-10 22:11:20 +00:00 · 602b85f5a5
commit 602b85f5a5
parent ed7b8b0b2b
6 changed files with 47 additions and 16 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -7,5 +7,5 @@ build:
  tags:
    - docker
  script:
-    - docker login -u $USERNAME -p $PASSWORD gitlab.wojciechkozlowski.eu:8443
+    - docker login -u $USERNAME -p $PASSWORD registry.wojciechkozlowski.eu
    - make all
--- a/2
+++ b/2
@ -16,7 +16,7 @@ uninstall:
 # The container registry to use.
 # -----------------------------------------------------------------------------

-DOCKER_REGISTRY = gitlab.wojciechkozlowski.eu:8443/wojtek/loki
+DOCKER_REGISTRY = registry.wojciechkozlowski.eu/wojtek/loki

 # -----------------------------------------------------------------------------
 # Default target.
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -34,7 +34,7 @@ services:
  wiki:
    container_name: wiki
    build: dokuwiki
-    image: gitlab.wojciechkozlowski.eu:8443/wojtek/loki/wiki
+    image: registry.wojciechkozlowski.eu/wojtek/loki/wiki
    volumes:
      - wiki:/var/dokuwiki-storage
    restart: always
@ -67,7 +67,7 @@ services:
  nextcloud-cron:
    container_name: nextcloud-cron
    build: nextcloud/cron
-    image: gitlab.wojciechkozlowski.eu:8443/wojtek/loki/nextcloud-cron
+    image: registry.wojciechkozlowski.eu/wojtek/loki/nextcloud-cron
    volumes_from:
      - nextcloud-app
    restart: always
@ -95,18 +95,16 @@ services:
        external_url 'https://gitlab.wojciechkozlowski.eu'
        nginx['listen_port'] = 80
        nginx['listen_https'] = false
-        registry_external_url 'https://gitlab.wojciechkozlowski.eu:8443'
-        registry_nginx['ssl_certificate'] = "/etc/letsencrypt/live/wojciechkozlowski.eu/fullchain.pem"
-        registry_nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/wojciechkozlowski.eu/privkey.pem"
+        registry_external_url 'https://registry.wojciechkozlowski.eu'
+        registry_nginx['listen_port'] = 80
+        registry_nginx['listen_https'] = false
        # Add any other gitlab.rb configuration here, each on its own line
    ports:
      - '2770:22'
-      - '8443:8443'
    volumes:
      - gitlab_config:/etc/gitlab
      - gitlab_logs:/var/log/gitlab
      - gitlab_data:/var/opt/gitlab
-      - letsencrypt:/etc/letsencrypt
      - ./gitlab/ssh_config:/etc/ssh/ssh_config
    restart: always

@ -117,7 +115,7 @@ services:
  proxy:
    container_name: proxy
    build: proxy
-    image: gitlab.wojciechkozlowski.eu:8443/wojtek/loki/proxy
+    image: registry.wojciechkozlowski.eu/wojtek/loki/proxy
    ports:
      - 80:80
      - 443:443
@ -140,7 +138,7 @@ services:
  certbot:
    container_name: certbot
    build: certbot
-    image: gitlab.wojciechkozlowski.eu:8443/wojtek/loki/certbot
+    image: registry.wojciechkozlowski.eu/wojtek/loki/certbot
    volumes:
      - letsencrypt:/etc/letsencrypt
      - letsencrypt_html:/var/www/html
@ -153,7 +151,7 @@ services:
  runner-main:
    container_name: runner-main
    build: runner/main
-    image: gitlab.wojciechkozlowski.eu:8443/wojtek/loki/runner-main
+    image: registry.wojciechkozlowski.eu/wojtek/loki/runner-main
    volumes:
      - runner_main_etc:/etc/gitlab-runner
      - runner_main_home:/home/gitlab-runner
@ -162,7 +160,7 @@ services:

  docker-dind:
    container_name: docker-dind
-    image: docker:18.03.1-dind
+    image: docker:dind
    volumes:
      - ./runner/docker/hosts:/etc/hosts
    privileged: true
@ -171,7 +169,7 @@ services:
  runner-docker:
    container_name: runner-docker
    build: runner/docker
-    image: gitlab.wojciechkozlowski.eu:8443/wojtek/loki/runner-docker
+    image: registry.wojciechkozlowski.eu/wojtek/loki/runner-docker
    links:
      - docker-dind:docker
    volumes:
--- a/proxy/nginx-conf.d/registry.wojciechkozlowski.eu.conf
+++ b/proxy/nginx-conf.d/registry.wojciechkozlowski.eu.conf
@ -0,0 +1,33 @@
+server {
+    listen       80;
+    server_name  registry.wojciechkozlowski.eu;
+
+    location ^~ /.well-known {
+        allow all;
+        root /var/www/html;
+    }
+
+    location / {
+        return 301 https://$server_name$request_uri;
+    }
+}
+
+server {
+    listen       443 ssl;
+    server_name  registry.wojciechkozlowski.eu;
+
+    client_max_body_size 10G; # 0=unlimited - set max upload size
+
+    location / {
+        proxy_set_header X-Real-IP  $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header Host $host;
+        proxy_pass http://gitlab;
+    }
+
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+
+}
--- a/runner/docker/Dockerfile
+++ b/runner/docker/Dockerfile
@ -1,4 +1,4 @@
-FROM gitlab.wojciechkozlowski.eu:8443/wojtek/loki/runner-base
+FROM registry.wojciechkozlowski.eu/wojtek/loki/runner-base

 RUN apt install -y apt-transport-https \
                   ca-certificates \
--- a/runner/main/Dockerfile
+++ b/runner/main/Dockerfile
@ -1,4 +1,4 @@
-FROM gitlab.wojciechkozlowski.eu:8443/wojtek/loki/runner-base
+FROM registry.wojciechkozlowski.eu/wojtek/loki/runner-base

 RUN apt install -y build-essential \
                   python3 \