Docker Registry avec Minio et Traefik

compose.yaml

services:
  traefik:
    container_name: traefik
    image: traefik:v2.10.4
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik.yml:/traefik.yml
      - ./acme.json:/etc/acme.json
      - ./logs:/etc/logs
    networks:
      - lan
    ports:
      # HTTP
      - target: 80
        published: 80
        protocol: tcp
      # HTTPS
      - target: 443
        published: 443
        protocol: tcp
      # HTTP/3
      - target: 443
        published: 443
        protocol: udp
    environment:
      TZ: ${TZ}
    labels:
      traefik.enable: true
      # Auth middleware
      traefik.http.middlewares.auth.basicauth.users: ${TRAEFIK_USER}:${TRAEFIK_PASSWORD}
      # Dashboard
      traefik.http.routers.traefik-https.entrypoints: https
      traefik.http.routers.traefik-https.rule: Host(`traefik.${DOMAIN_NAME}`)
      traefik.http.routers.traefik-https.service: api@internal
      traefik.http.routers.traefik-https.middlewares: auth
  
  minio:
    image: minio/minio:RELEASE.2024-01-18T22-51-28Z
    container_name: minio
    volumes:
     - ./etc/minio:/data
    networks:
      - lan
    environment:
      MINIO_ROOT_USER: ${MINIO_ROOT_USER}
      MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD}
      # Redirect web browsers to this URL when they hit the API directly.
      MINIO_BROWSER_REDIRECT_URL: https://minio.${DOMAIN_NAME}
      MINIO_SERVER_URL: https://minio-api.${DOMAIN_NAME}
    command: server --console-address ":9001" /data
    labels:
      traefik.enable: true
      traefik.http.services.minio-api.loadbalancer.server.port: 9000
      traefik.http.services.minio.loadbalancer.server.port: 9001
      # SERVER
      traefik.http.routers.minio-api-https.rule: Host(`minio-api.${DOMAIN_NAME}`)
      traefik.http.routers.minio-api-https.entrypoints: https
      traefik.http.routers.minio-api-https.service: minio-api
      # CONSOLE
      traefik.http.routers.minio-http.rule: Host(`minio.${DOMAIN_NAME}`)
      traefik.http.routers.minio-http.entrypoints: https
      traefik.http.routers.minio-http.service: minio

  registry:
    image: registry:2.8.3
    container_name: registry
    volumes:
     - ./config.yml:/etc/docker/registry/config.yml
     - ./.htpasswd:/auth/.htpasswd
     - ./etc/registry/certs:/certs
     - ./etc/registry/registry.log:/etc/registry.log
    networks:
      - lan
    labels:
      traefik.enable: true
      traefik.http.services.registry.loadbalancer.server.port: 5000
      traefik.http.routers.registry-https.rule: Host(`registry.${DOMAIN_NAME}`)
      traefik.http.routers.registry-https.entrypoints: https
      traefik.http.routers.registry-https.service: registry

networks:
  lan:
    external: true

DockerHubPolicy.json

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetBucketLocation",
        "s3:ListBucket",
        "s3:ListBucketMultipartUploads"
      ],
      "Resource": [
        "arn:aws:s3:::docker"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:AbortMultipartUpload",
        "s3:DeleteObject",
        "s3:GetObject",
        "s3:ListMultipartUploadParts"
      ],
      "Resource": [
        "arn:aws:s3:::docker/*"
      ]
    }
  ]
}