Raja Sekhar Modu rajamodu

Enable TCP port 2375 for external connection to Docker

See this issue.
Docker best practise to Control and configure Docker with systemd.

Create daemon.json file in /etc/docker:

 {"hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]}

Docker registry with basic auth and SSL certificate

Docker registry does not have authentication nor certificate mechanism so in case you have docker registry on the internet, you need something that support those in front of the registry. You can find examples using Nginx for it on the web and this is yet another one.

The architecture

Client talks to Nginx. Nginx proxies the request to the docker registry. The nginx is on the host OS - not as a container.

+-----------+     +--------------------------------------------------------+
|           |     |  Server                              Docker container  |

How to install and configure Caddy, a modern web server, running as a service on CentOS 6.8. You will also obtain a free SSL-Certificate for a website automatically.

This is in-depth guide how to install a modern web server named Caddy as service, that running from regular unprivileged user. You will also obtain a Free SSL-Certificate for a Website automatically.

Why Caddy?

Apache and Nginx are the two most common web servers in the world. Apache is a classical solution, but due to it's memory consumption (because to it's nature of creating a new process for each request) we will leave it for another occasion. Nginx is very fast and the RAM consumption is very-very low, if we need to serve static pages. But Nginx's configuration is not to easy read and understand, this is why we will try more flexible and clear solution, which is more intended for newbies.

Caddy is written is Go, open-source and pretty fast web server. If you're looking for low-memory solution the Cadd

setup Minio somewhere

Minio is an object storage server compatible with the S3 protocol. Head to https://minio.io/ to learn more.

Hint: You might want to use MINIO_WORM=on to pretect against accidental or malicious deletion of your backups.

seperate users with iam policies

Since RELEASE.2018-10-18T00-28-58Z minio supports seperate users with attached IAM policies. Instead of (or additionally to) using MINIO_WORM=on you could create a new user and attach a writeonly policy:

	#!/bin/bash
	# This script will help you setup Docker for TLS authentication.
	# Run it passing in the arguement for the FQDN of your docker server
	#
	# For example:
	# ./create-docker-tls.sh myhost.docker.com
	#
	# The script will also create a profile.d (if it exists) entry
	# which configures your docker client to use TLS
	#

	{
	"api-cors-header": "",
	"authorization-plugins": [],
	"bip": "",
	"bridge": "",
	"cgroup-parent": "",
	"cluster-store": "",
	"cluster-store-opts": {},
	"cluster-advertise": "",
	"debug": true,

	#1. Create a volume directory for nexus-data. I used /nexus-data directory which is mount point of the second disk
	# mkdir /nexus-data
	# chown -R 200 /nexus-data #nexus user id 200 in dockerfile
	#Create a letsencrypt directory to store traefik acme.json file which keeps SSL certs
	# mkdir -p /docker/letsencrypt

	#Change NEXUS.mydomain.com with your domain name.
	#Change acme.email=MYEMAIL@gmail.com

	# cat docker-compose.yml

	## Setting up the middleware for redirect to https ##
	http:
	middlewares:
	redirect:
	redirectScheme:
	scheme: https


	version: "3.3"

	services:
	################################################
	#### Traefik Proxy Setup #####
	###############################################
	traefik:
	image: traefik:v2.0
	restart: always

	# Crontab
	# once per week backup, move to "/backup" gzip it, delete everything but the latest 5 files
	0 4 * * 1 /opt/gitlab/bin/gitlab-ci-rake gitlab:backup:create CRON=1 && mv /var/opt/gitlab/backups/* /backup/ && cd /backup && gzip *.tar && rm `ls -t \| awk 'NR>5'`