{"id":27004205,"url":"https://github.com/jean1084/project-devops-v1","last_synced_at":"2026-04-11T14:33:21.184Z","repository":{"id":284243019,"uuid":"954244205","full_name":"Jean1084/project-devops-v1","owner":"Jean1084","description":null,"archived":false,"fork":false,"pushed_at":"2025-04-01T10:34:41.000Z","size":1330,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-01T11:31:37.671Z","etag":null,"topics":["automation","bash-script","docker","docker-compose","shell-script","vagrant","vagrant-box","virtualbox"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Jean1084.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-24T19:28:45.000Z","updated_at":"2025-04-01T10:34:45.000Z","dependencies_parsed_at":null,"dependency_job_id":"145e4136-91e3-4468-968a-e61480954552","html_url":"https://github.com/Jean1084/project-devops-v1","commit_stats":null,"previous_names":["jean1084/project-devops-v1"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Jean1084%2Fproject-devops-v1","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Jean1084%2Fproject-devops-v1/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Jean1084%2Fproject-devops-v1/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Jean1084%2Fproject-devops-v1/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Jean1084","download_url":"https://codeload.github.com/Jean1084/project-devops-v1/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247128753,"owners_count":20888235,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","bash-script","docker","docker-compose","shell-script","vagrant","vagrant-box","virtualbox"],"created_at":"2025-04-04T06:15:21.033Z","updated_at":"2025-12-30T22:51:44.400Z","avatar_url":"https://github.com/Jean1084.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"Project DevOps V1 | Docker \u0026 Docker-Compose | Secure Docker Registry\n====================================================================\n\nEnvironment Setup\n-----------------\n\n-   **Vagrant**: 2.4.1\n\n-   **VirtualBox**: 7.0.16\n\n-   **Ubuntu**: focal64 (Vagrant Box)\n\n* * * * *\n\nInfrastructure Automation\n-------------------------\n\u003cimg src=\"images/tools-use.PNG\" width=\"210\" height=\"390\"\u003e\n\n![Infrastructure of project](images/infrastructure.PNG)\n\n\nCreating the `.env` File\n------------------------\n\n```\nDOCKER_USER=XXXXXXXXXXXXX\nDOCKER_PASS=XXXXXXXXXXXXX\nGITHUB_USER=Jean1084\nGITHUB_TOKEN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n```\n\n* * * * *\n\nDeployment with `vagrant up`\n----------------------------\n\nWith a single command, the following steps are automated:\n\n-   **Create a VM (Ubuntu/focal64)**\n\n-   **Install Docker**\n\n-   **Install Docker-Compose**\n\n-   **Add SSH key to GitHub account**\n\n-   **Authenticate with GitHub**\n\n-   **Clone the project repository**\n\n-   **Build a Docker image**\n\n-   **Authenticate with Docker Hub**\n\n-   **Push the Docker image to Docker Hub**\n\n-   **Run** `**docker-compose**`\n\n* * * * *\n\nAPI Testing via Command Line\n----------------------------\n\n```\ncurl -u jean:agree -X GET http://127.0.0.1:4000/simple-jean/api/v1.0/get_student_ages\ncurl -u jean:agree -X GET http://localhost:4000/simple-jean/api/v1.0/get_student_ages\n```\n\n### Expected Output:\n\n```\n{\n  \"student_ages\": {\n    \"alice\": \"12\",\n    \"bob\": \"13\"\n  }\n}\n```\n\n* * * * *\n\nAPI Testing via Web Browser\n---------------------------\n\n-   Navigate to `\u003cip_vm\u003e:8082` (Initially, data access is restricted)\n\n-   Run `docker-compose ps` inside the VM to retrieve the container name\n\n-   Update the `index.php` file:\n\n    -   **Before**: `http://\u003cname_container_simple-api-jean:port\u003e/simple-jean/api/v1.0/get_student_ages`\n\n    -   **After**: `http://workspace-service-simple-api-jean-1:5000/simple-jean/api/v1.0/get_student_ages`\n\n-   Retry accessing `\u003cip_vm\u003e:8082` to confirm data availability\n\n* * * * *\n\nAdvanced: Secure Docker Registry Setup [GitHub Pages](https://registry-jean.github.io) - [GitHub Repo](https://github.com/registry-jean/registry-jean.github.io)\n--------------------------------------\n\nCreating a **secure Docker registry** for **high-security enterprises** (e.g., banking, healthcare, defense) requires strong security measures. Below is a step-by-step guide:\n\n### 1️⃣ Prerequisites\n\nEnsure you have: ✅ A server (on-premise/cloud) with Linux (Ubuntu, CentOS, etc.)\\\n✅ Docker \u0026 Docker Compose installed\\\n✅ A domain or subdomain (`https://registry-jean.github.io/`)\\\n✅ SSL/TLS certificate (Let's Encrypt or enterprise CA)\\\n✅ Secure storage (S3, MinIO, NAS)\\\n✅ Secure authentication (LDAP, OAuth, Keycloak, etc.)\n\n### 2️⃣ Install and Configure Docker Registry\n\n#### **Deploy Docker Registry**\n\n```\nmkdir -p /opt/docker-registry/{data,auth,certs}\ncd /opt/docker-registry\n```\n\nCreate `docker-compose.yml`:\n\n```\nversion: '3'\nservices:\n  registry:\n    image: registry:2\n    container_name: docker-registry\n    restart: always\n    ports:\n      - \"5000:5000\"\n    environment:\n      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /var/lib/registry\n      REGISTRY_HTTP_TLS_CERTIFICATE: /certs/registry.crt\n      REGISTRY_HTTP_TLS_KEY: /certs/registry.key\n      REGISTRY_AUTH: htpasswd\n      REGISTRY_AUTH_HTPASSWD_REALM: \"Registry Realm\"\n      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd\n    volumes:\n      - ./data:/var/lib/registry\n      - ./auth:/auth\n      - ./certs:/certs\n```\n\n#### **Configure Authentication**\n\n```\ndocker run --rm --entrypoint htpasswd httpd:2 -Bbn admin SecurePass123 \u003e /opt/docker-registry/auth/htpasswd\n```\n\n#### **Enable SSL/TLS**\n\nIf using Let's Encrypt:\n\n```\nsudo apt install certbot\ncertbot certonly --standalone -d registry-jean.github.io\n```\n\nCopy certificates to `/opt/docker-registry/certs/` and update `docker-compose.yml`.\n\n#### **Launch the Registry**\n\n```\ndocker-compose up -d\ndocker ps\n```\n\n* * * * *\n\n3️⃣ Secure the Infrastructure\n-----------------------------\n\n#### **Enable Firewall**\n\n```\nsudo ufw allow from 192.168.1.0/24 to any port 5000\n```\n\n#### **Enable Fail2Ban**\n\n```\nsudo apt install fail2ban\n```\n\n#### **Secure Access with Nginx Reverse Proxy**\n\n```\nserver {\n    listen 443 ssl;\n    server_name registry-jean.github.io;\n\n    ssl_certificate /etc/letsencrypt/live/registry-jean.github.io//fullchain.pem;\n    ssl_certificate_key /etc/letsencrypt/live/registry-jean.github.io/privkey.pem;\n\n    location / {\n        proxy_pass http://localhost:5000/;\n        proxy_set_header Host $host;\n        proxy_set_header X-Real-IP $remote_addr;\n        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n        proxy_set_header X-Forwarded-Proto $scheme;\n        auth_basic \"Docker Registry Authentication\";\n        auth_basic_user_file /opt/docker-registry/auth/htpasswd;\n    }\n}\n```\n\nRestart Nginx:\n\n```\nsudo systemctl restart nginx\n```\n\n* * * * *\n\n4️⃣ Testing and Using the Registry\n----------------------------------\n\n#### **Login to Registry**\n\n```\ndocker login registry-jean.github.io\n```\n\n#### **Push an Image**\n\n```\ndocker tag nginx registry-jean.github.io/nginx:v1\ndocker push registry-jean.github.io/nginx:v1\n```\n\n#### **Pull an Image**\n\n```\ndocker pull registry-jean.github.io/nginx:v1\n```\n\n* * * * *\n\n5️⃣ Security Best Practices\n---------------------------\n\n✅ **Backup \u0026 High Availability**: Use MinIO/S3 and multi-region replication\\\n✅ **Advanced Authentication**: Use Keycloak, LDAP, or OAuth\\\n✅ **Monitoring**: Enable Prometheus \u0026 Grafana\\\n✅ **Docker Image Signing**: Implement Notary for integrity verification\n\n* * * * *\n\nConclusion\n----------\n\nFollowing this guide, you now have a **secure Docker Registry**, suitable for **high-risk environments**. You can further integrate it with **Kubernetes or GitLab CI/CD** for a robust DevOps pipeline.\n\nWould you like assistance with Kubernetes or CI/CD integration?","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjean1084%2Fproject-devops-v1","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjean1084%2Fproject-devops-v1","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjean1084%2Fproject-devops-v1/lists"}