reworked letsencrypt to use docker containers instead of certbot on the host.

dockerfiles/services/dkregistry/docker-compose.yml

@@ -0,0 +1,41 @@
+---
+# docker-compose file for logstash
+# - see https://www.elastic.co/guide/en/logstash/current/_pulling_the_image.html
+#
+# DOCKER_HOST=dkhost03:2376 docker-compose up -d
+# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml services
+
+version: '3'
+services:
+
+  registry:
+    image: registry:2
+    ports:
+      - 5000:5000
+    environment:
+      REGISTRY_HTTP_SECRET: aabuioqlwlcpp2
+      REGISTRY_HTTP_TLS_CERTIFICATE: /certs/live/dkregistry.xai-corp.net/fullchain.pem
+      REGISTRY_HTTP_TLS_KEY: /certs/live/dkregistry.xai-corp.net/privkey.pem
+#      REGISTRY_HTTP_LETSENCRYPT_CACHEFILE: /var/run/letsencrypt.cache
+#      REGISTRY_HTTP_LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
+      REGISTRY_HTTP_HOST: https://dkregistry.xai-corp.net:5000
+#      REGISTRY_HTTP_ADDR: dkregistry.xai-corp.net:5000
+      REGISTRY_AUTH: htpasswd
+      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
+      REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
+    volumes:
+      - /opt/shared/dkregistry/data:/var/lib/registry
+      - /etc/letsencrypt:/certs
+      - /opt/shared/dkregistry/auth:/auth
+
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+        delay: "1s"
+        max_attempts: 15
+      resources:
+        limits:
+          cpus: '0.1'
+          memory: 256M