# Docker Registry Configuration

This folder contains the configuration files for the Docker Registry setup used in the CI/CD pipeline.

## Files

- **`docker-compose.registry.yml`**: Docker Compose configuration for the registry and Caddy reverse proxy
- **`Caddyfile`**: Caddy configuration for HTTPS and authentication
- **`config.yml`**: Docker Registry configuration file
- **`README.md`**: This documentation file

## Architecture

The registry setup uses:
- **Docker Registry**: Basic registry for storing Docker images
- **Caddy**: Reverse proxy with automatic HTTPS and authentication
- **Environment Variables**: For authentication credentials

## Authentication Model

- **Pulls**: Unauthenticated (public read access)
  - `/v2/*/blobs/*` - Download image layers
  - `/v2/*/manifests/*` - Download image manifests
  - `/v2/_catalog` - List repositories
  - `/v2/*/tags/list` - List image tags
- **Pushes**: Require authentication with `registry-user` credentials
  - `/v2/*/blobs/uploads/*` - Upload image layers
  - `/v2/*/manifests/*` (PUT/POST/PATCH/DELETE) - Upload/update manifests

## Security Features

- **URL-based access control**: Different paths require different authentication levels
- **Method-based restrictions**: Push operations require authentication
- **Path validation**: Prevents method spoofing by validating both URL patterns and HTTP methods
- **Security headers**: X-Content-Type-Options, X-Frame-Options for additional protection

## Configuration

The setup is configured through:
1. **Environment Variables**: Stored in `.env` file (created during setup)
2. **Caddyfile**: Handles HTTPS and authentication
3. **Docker Compose**: Orchestrates the registry and Caddy services
4. **Registry Config**: `config.yml` contains the Docker Registry configuration

## Usage

The registry is automatically set up during the CI/CD pipeline setup process. The configuration files are copied from this folder to the registry server and customized with the appropriate IP address and credentials.

## Security

- Authentication is handled by Caddy using environment variables
- HTTPS is automatically managed by Caddy
- Registry data is persisted in Docker volumes
- Environment file contains sensitive credentials and should be properly secured