Docker Registry trough Traefik

Here is the setup I am using to self-host a docker registry. This asumes you have letsencrypt configured in /etc/traefik/traefik.yml. This setup does not require any other services, but auth is quite limited. Users are hard configured in the traefik labels.

version: '3'

services:
  traefik:
    image: traefik:v2.9
    networks:
      proxy:
    ports:
      # The HTTP port
      - '80:80'
      - '443:443'
      # The Web UI (enabled by --api.insecure=true)
      - '8080:8080'
      # Metrics
      - '3880:3880'
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik:/etc/traefik/

  registry:
    image: registry:2
    networks:
      proxy:
    restart: always
    ports:
      - 5000:5000
    volumes:
      - ./registry:/var/lib/registry
    environment:
      REGISTRY_HTTP_ADDR: '0.0.0.0:5000'
    labels:
      - traefik.http.routers.registry.rule=Host(`registry.example.com`)
      - traefik.http.routers.registry.tls=true
      - traefik.http.routers.registry.tls.certresolver=letsencrypt
      - traefik.http.routers.registry.tls.domains[0].main=registry.example.com
      - traefik.http.middlewares.dockerHeader.headers.customResponseHeaders.Docker-Distribution-Api-Version=registry/2.0
      - traefik.http.middlewares.dockerAuth.basicAuth.users=corne:********************
      - traefik.http.routers.registry.middlewares=dockerHeader,dockerAuth

networks:
  proxy: