Finish making Caddyfile work correctly

2025-08-16 16:25:23 -04:00 · 2025-08-16 16:25:23 -04:00 · bf41839b8c
commit bf41839b8c
parent ab2902098e
4 changed files with 32 additions and 3 deletions
--- a/CI_CD_PIPELINE_SETUP_GUIDE.md
+++ b/CI_CD_PIPELINE_SETUP_GUIDE.md
@ -789,7 +789,7 @@ sudo chmod 644 ca/ca.crt registry.crt                 # Certificates - world rea
 sudo chmod 644 requests/registry.csr requests/openssl.conf  # Requests - world readable
 # Verify certificate creation
-sudo -u CI_SERVICE_USER openssl x509 -in registry.crt -text -noout | grep -E "(Subject:|DNS:|IP Address:)"
+sudo -u CI_SERVICE_USER openssl x509 -in /etc/registry/certs/registry.crt -text -noout | grep -E "(Subject:|DNS:|IP Address:)"
 # 2. Install CA certificate into Docker trust store
 sudo mkdir -p /etc/docker/certs.d/YOUR_ACTUAL_IP_ADDRESS
@ -884,6 +884,20 @@ echo "Certificates will be renewed automatically and the registry service will b
 #### 5.7 Set Up Systemd Service for Docker Registry
 ```bash
 # Create system-wide Docker configuration to avoid permission issues
 sudo mkdir -p /etc/docker
 sudo tee /etc/docker/config.json > /dev/null << 'EOF'
 {
  "auths": {},
  "HttpHeaders": {
    "User-Agent": "Docker-Client/20.10.0 (linux)"
  }
 }
 EOF
 # Set proper permissions for system-wide Docker config
 sudo chmod 644 /etc/docker/config.json
 # Install systemd service from repository
 sudo cp /opt/APP_NAME/registry/docker-registry.service /etc/systemd/system/docker-registry.service
--- a/registry/Caddyfile
+++ b/registry/Caddyfile
@ -1,3 +1,16 @@
 # Unauthenticated pulls on 443 (GET requests only)
 :443 {
  tls /etc/registry/certs/registry.crt /etc/registry/certs/private/registry.key
  log
  # Block all write operations explicitly
  @writes method PUT POST PATCH DELETE
  respond @writes "Method Not Allowed" 405
  # Allow all GET requests to v2 API (Docker Registry itself will handle security)
  reverse_proxy /v2/* registry:5000
 }
 # Auth-required pushes on 4443
 :4443 {
  tls /etc/registry/certs/registry.crt /etc/registry/certs/private/registry.key
--- a/registry/docker-compose.registry.yml
+++ b/registry/docker-compose.registry.yml
@ -27,5 +27,5 @@ services:
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - /etc/registry/certs:/etc/registry/certs:ro
-    env_file:
+    environment:
-      - /etc/registry/env/.env
+      - REGISTRY_PASSWORD_HASH=${REGISTRY_PASSWORD_HASH}
--- a/registry/docker-registry.service
+++ b/registry/docker-registry.service
@ -9,6 +9,8 @@ RemainAfterExit=yes
 User=CI_SERVICE_USER
 Group=CI_SERVICE_USER
 WorkingDirectory=/opt/APP_NAME/registry
 EnvironmentFile=/etc/registry/env/.env
 Environment=DOCKER_CONFIG=/etc/docker
 ExecStart=/usr/bin/docker compose -f docker-compose.registry.yml up -d
 ExecStop=/usr/bin/docker compose -f docker-compose.registry.yml down
 ExecReload=/usr/bin/docker compose -f docker-compose.registry.yml restart