Improve configuration

.gitignore

@@ -1,2 +1,3 @@
 auth/
+conf/
 .env

compose.yml

@@ -2,22 +2,10 @@ services:
   registry:
     image: registry:2
     container_name: registry
-    env_file:
-      - .env
-    environment:
-      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
-      REGISTRY_STORAGE_DELETE_ENABLED: 'true'
-      REGISTRY_AUTH: htpasswd
-      REGISTRY_AUTH_HTPASSWD_REALM: Registry
-      REGISTRY_AUTH_HTPASSWD_PATH: /auth/registry.password
-      REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin: "[$REGISTRY_URL]"
-      REGISTRY_HTTP_HEADERS_Access-Control-Allow-Methods: '[HEAD,GET,OPTIONS,DELETE]'
-      REGISTRY_HTTP_HEADERS_Access-Control-Allow-Credentials: '[true]'
-      REGISTRY_HTTP_HEADERS_Access-Control-Allow-Headers: '[Authorization,Accept,Cache-Control]'
-      REGISTRY_HTTP_HEADERS_Access-Control-Expose-Headers: '[Docker-Content-Digest]'
     volumes:
       - /mnt/raid/registry/data:/data
       - ./auth:/auth
+      - ./conf/config.yml:/etc/docker/registry/config.yml
     networks:
       - nginx_proxy
 

config.yml.template

@@ -0,0 +1,34 @@
+version: 0.1
+log:
+  fields:
+    service: registry
+
+storage:
+  delete:
+    enabled: true
+  cache:
+    blobdescriptor: inmemory
+  filesystem:
+    rootdirectory: /data
+
+auth:
+  htpasswd:
+    realm: Registry
+    path: /auth/registry.password
+
+http:
+  addr: :5000
+  headers:
+    X-Content-Type-Options: [nosniff]
+    Access-Control-Allow-Origin: [https://registry.example.org]
+    Access-Control-Allow-Methods: [HEAD,GET,OPTIONS,DELETE]
+    Access-Control-Allow-Credentials: [true]
+    Access-Control-Allow-Headers: [Authorization,Accept,Cache-Control]
+    Access-Control-Expose-Headers: [Docker-Content-Digest]
+
+health:
+  storagedriver:
+    enabled: true
+    interval: 10s
+    threshold: 3
+