Portyard/docker-compose.prod.yml at master · cainydev/Portyard · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
services:
  registry:
    container_name: portyard-registry
    image: registry:2
    restart: unless-stopped
    ports:
      - "5000:5000"
    environment:
      # --- Authentication & General Config ---
      REGISTRY_AUTH: token
      REGISTRY_AUTH_TOKEN_ISSUER: '${DOCKHAND_AUTHORITY_NAME}'
      REGISTRY_AUTH_TOKEN_SERVICE: '${DOCKHAND_REGISTRY_NAME}'
      REGISTRY_AUTH_TOKEN_REALM: 'https://${APP_DOMAIN}/auth/token'
      REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE: /etc/docker/registry/auth.pem

      # --- Notifications (single YAML block — individual _0_ env vars don't support headers) ---
      REGISTRY_NOTIFICATIONS_ENDPOINTS: >-
        - name: portyard
          url: https://${APP_DOMAIN}${DOCKHAND_NOTIFICATIONS_ROUTE}
          headers:
            Authorization: ["Bearer ${DOCKHAND_NOTIFICATIONS_TOKEN}"]
          timeout: 500ms
          threshold: 5
          backoff: 1s

      REGISTRY_HTTP_SECRET: '${APP_KEY}'

      # --- S3 Storage Configuration (Hetzner) ---
      REGISTRY_STORAGE: s3
      REGISTRY_STORAGE_S3_ACCESSKEY: '${HETZNER_S3_ACCESS_KEY}'
      REGISTRY_STORAGE_S3_SECRETKEY: '${HETZNER_S3_SECRET_KEY}'
      REGISTRY_STORAGE_S3_REGION: '${HETZNER_S3_REGION}'
      REGISTRY_STORAGE_S3_BUCKET: '${HETZNER_S3_BUCKET}'
      REGISTRY_STORAGE_S3_REGIONENDPOINT: '${HETZNER_S3_ENDPOINT}'
      REGISTRY_STORAGE_DELETE_ENABLED: 'true'

    volumes:
      # Note: With S3 enabled, this volume is no longer the primary storage
      # but is still used for buffering multipart uploads.
      - portyard-registry:/var/lib/registry
      - ./registry.yml:/etc/docker/registry/config.yml
      - ./certs/auth.crt:/etc/docker/registry/auth.pem:ro


volumes:
  portyard-registry:
    driver: local