registry.yml

version: '3.3'

services:
  registry:
    image: registry:latest
    networks:
      - traefik-public
    environment:
      REGISTRY_AUTH: htpasswd
      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
      REGISTRY_AUTH_HTPASSWD_REALM: BowmoRealm
      REGISTRY_HTTP_SECRET: /auth/secret
    volumes:
      - /glusterfs/registry:/var/lib/registry
      - /docker/registry/:/auth
    deploy:
      restart_policy:
        condition: any
        delay: 5s
        max_attempts: 3
        window: 120s
      placement:
        constraints: 
          - node.labels.storage==yes
      replicas: 1
      labels:
        - traefik.enable=true
        - "traefik.http.routers.registry.rule=Host(`registry.${BASE_HOST}`)"
        - "traefik.http.routers.registry.entrypoints=websecure"
        - "traefik.http.routers.registry.tls.certresolver=le"
#        - "traefik.http.routers.registry.middlewares=whitelist"
        - "traefik.http.services.registry.loadbalancer.server.port=5000"
        - "traefik.http.services.registry.loadbalancer.server.scheme=http"
        - "traefik.http.middlewares.whitelist.ipwhitelist.sourcerange=192.168.0.0/16"

        # - traefik.enable=true
        # - traefik.docker.network=traefik-public
        # - traefik.frontend.entryPoints=http,https
        # - traefik.frontend.redirect.entryPoint=https
        # - traefik.frontend.rule=Host:registry.${BASE_HOST}
        # - traefik.frontend.whiteList.sourceRange=${ALLOW_LAN}
        # - traefik.port=5000              
networks:
  traefik-public:
    external: true