Last updated on April 30, 2023
This bash script will automatically deploy a container image registry accessible via HTTPS in just a few minutes, using Docker and Nginx as reverse proxy doing SSL termination, along with Let’s Encrypt for obtaining SSL certificates.
Copy this code into new txt file, name it for example deploy.sh, and then make it executable with chmod +x deploy.sh. Once done, just start the script with ./deploy.sh, it will check if all prerequisites exist, ask you what domain you want to use for your registry, which email you want to register with on Let’s Encrypt, and then deploy everything acquiring needed certificates automatically on the way.
Before running the script, make sure you added your server’s IP address into your domain’s DNS records, and keep in mind your server needs to be reachable on port 80 while acquiring Let’s Encrypt certificates!
#!/bin/bash # Check if Docker is installed if ! command -v docker &> /dev/null; then echo "Docker is not installed. Please install Docker and try again." exit 1 fi # Check if docker-compose is installed if ! command -v docker-compose &> /dev/null; then echo "docker-compose is not installed. Please install docker-compose and try again." exit 1 fi # Prompt for domain and email read -p "Enter your domain name (e.g., registry.example.com): " DOMAIN read -p "Enter your email address (for Let's Encrypt): " EMAIL # Create necessary directories mkdir -p ~/registry/{data,nginx,certs} # Create docker-compose.yml cat <<EOT > ~/registry/docker-compose.yml version: '3.1' services: registry: image: registry:2 restart: always environment: REGISTRY_HTTP_ADDR: 0.0.0.0:5000 volumes: - ./data:/var/lib/registry networks: - registry nginx: image: nginx:1.19-alpine restart: always ports: - "80:80" - "443:443" volumes: - ./nginx/nginx.conf:/etc/nginx/nginx.conf - ./certs:/etc/letsencrypt networks: - registry certbot: image: certbot/certbot restart: always command: certbot certonly --webroot -w /var/www/certbot --email $EMAIL --agree-tos --no-eff-email --staging -d $DOMAIN volumes: - ./certs:/etc/letsencrypt - ./nginx/html:/var/www/certbot networks: registry: EOT # Create Nginx configuration file cat <<EOT > ~/registry/nginx/nginx.conf worker_processes 1; events { worker_connections 1024; } http { include mime.types; server { listen 80; server_name $DOMAIN; location / { return 301 https://\$host\$request_uri; } location /.well-known/acme-challenge/ { root /var/www/certbot; } } server { listen 443 ssl; server_name $DOMAIN; ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/$DOMAIN/chain.pem; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128
Be First to Comment