devteam/sharenet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update to use HTTPS on both the registry API and UI
Some checks are pending
CI/CD Pipeline / Test Backend (push) Waiting to run
Details
CI/CD Pipeline / Test Frontend (push) Waiting to run
Details
CI/CD Pipeline / Build and Push Docker Images (push) Blocked by required conditions
Details
CI/CD Pipeline / Deploy to Production (push) Blocked by required conditions
Details

Browse source
This commit is contained in:
continuist 2025-06-28 16:21:22 -04:00
parent 859f9393fe
commit 71e8168821
1 changed files with 77 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

91
CI_CD_PIPELINE_SETUP_GUIDE.md
View file

@ -558,8 +558,8 @@ services:
registry-ui: registry-ui:
image: joxit/docker-registry-ui:latest image: joxit/docker-registry-ui:latest
ports: expose:
- "8080:80" - "80"
environment: environment:
- REGISTRY_TITLE=APP_NAME Registry - REGISTRY_TITLE=APP_NAME Registry
- REGISTRY_URL=https://YOUR_CI_CD_IP:5000 - REGISTRY_URL=https://YOUR_CI_CD_IP:5000
@ -569,6 +569,19 @@ services:
networks: networks:
- registry_network - registry_network
nginx:
image: nginx:alpine
ports:
- "8080:443"
volumes:
- ./ssl:/etc/nginx/ssl:ro
- ./nginx.conf:/etc/nginx/nginx.conf:ro
depends_on:
- registry-ui
restart: unless-stopped
networks:
- registry_network
volumes: volumes:
registry_data: registry_data:
@ -583,7 +596,49 @@ exit
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address in the `REGISTRY_URL` environment variable. **Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address in the `REGISTRY_URL` environment variable.
**Note**: The registry now uses HTTPS, which will resolve the crypto.subtle error and provide secure communication. **Note**: We added an nginx reverse proxy to handle HTTPS for the registry UI.
#### 4.4.1 Create Nginx Configuration
```bash
# Switch to SERVICE_USER (registry directory owner)
sudo su - SERVICE_USER
cat > /opt/registry/nginx.conf << 'EOF'
events {
worker_connections 1024;
}
http {
upstream registry_ui {
server registry-ui:80;
}
server {
listen 443 ssl;
server_name YOUR_CI_CD_IP;
ssl_certificate /etc/nginx/ssl/registry.crt;
ssl_certificate_key /etc/nginx/ssl/registry.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://registry_ui;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
EOF
# Exit SERVICE_USER shell
exit
```
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address in the nginx configuration.
#### 4.5 Install Required Tools #### 4.5 Install Required Tools
@ -615,11 +670,11 @@ sudo su - SERVICE_USER
cd /opt/registry cd /opt/registry
docker compose ps docker compose ps
# Test registry API # Test registry API (HTTPS)
curl http://localhost:5000/v2/_catalog curl -k https://localhost:5000/v2/_catalog
# Test registry UI (optional) # Test registry UI (HTTPS)
curl -I http://localhost:8080 curl -I https://localhost:8080
# Test Docker push/pull (optional but recommended) # Test Docker push/pull (optional but recommended)
# Create a test image # Create a test image
@ -633,8 +688,8 @@ docker build -f /tmp/test.Dockerfile -t localhost:5000/test:latest /tmp
docker push localhost:5000/test:latest docker push localhost:5000/test:latest
# Verify image is in registry # Verify image is in registry
curl http://localhost:5000/v2/_catalog curl -k https://localhost:5000/v2/_catalog
curl http://localhost:5000/v2/test/tags/list curl -k https://localhost:5000/v2/test/tags/list
# Pull image back (verifies pull works) # Pull image back (verifies pull works)
docker rmi localhost:5000/test:latest docker rmi localhost:5000/test:latest
@ -648,7 +703,7 @@ docker rmi localhost:5000/test:latest
rm /tmp/test.Dockerfile rm /tmp/test.Dockerfile
# Clean up test repository using registry UI # Clean up test repository using registry UI
# 1. Open your browser and go to: https://YOUR_CI_CD_IP:8080 # 1. Open your browser and go to: http://YOUR_CI_CD_IP:8080
# 2. You should see the 'test' repository listed # 2. You should see the 'test' repository listed
# 3. Click on the 'test' repository # 3. Click on the 'test' repository
# 4. Click the delete button (trash icon) next to the 'latest' tag # 4. Click the delete button (trash icon) next to the 'latest' tag
@ -656,16 +711,24 @@ rm /tmp/test.Dockerfile
# 6. The test repository should now be removed # 6. The test repository should now be removed
# Verify registry is empty # Verify registry is empty
curl http://localhost:5000/v2/_catalog curl -k https://localhost:5000/v2/_catalog
# Exit SERVICE_USER shell # Exit SERVICE_USER shell
exit exit
``` ```
**Important Notes:**
- **Registry API**: Uses HTTPS on port 5000 (secure)
- **Registry UI**: Uses HTTPS on port 8080 (secure, via nginx reverse proxy)
- **Access URLs**:
- Registry UI: `https://YOUR_CI_CD_IP:8080` (use HTTPS)
- Registry API: `https://YOUR_CI_CD_IP:5000`
- **Browser Access**: Both services now use HTTPS for secure communication
**Expected Output**: **Expected Output**:
- `docker-compose ps` should show both `registry` and `registry-ui` as "Up" - `docker-compose ps` should show both `registry` and `registry-ui` as "Up"
- `curl http://localhost:5000/v2/_catalog` should return `{"repositories":[]}` (empty initially) - `curl -k https://localhost:5000/v2/_catalog` should return `{"repositories":[]}` (empty initially)
- `curl -I http://localhost:8080` should return HTTP 200 - `curl -I https://localhost:8080` should return HTTP 200
- Push/pull test should complete successfully - Push/pull test should complete successfully
**If something goes wrong**: **If something goes wrong**:
@ -729,7 +792,7 @@ docker push YOUR_CI_CD_IP:5000/APP_NAME/frontend:latest
#### **Registry UI Access** #### **Registry UI Access**
Public web interface for browsing images: Public web interface for browsing images:
``` ```
http://YOUR_CI_CD_IP:8080 https://YOUR_CI_CD_IP:8080
``` ```
#### **Client Configuration** #### **Client Configuration**