devteam/sharenet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
sharenet/registry/README.md
continuist a43f2003d0
Some checks are pending
CI/CD Pipeline (Fully Isolated DinD) / Run Tests (DinD) (push) Waiting to run
Details
CI/CD Pipeline (Fully Isolated DinD) / Build and Push Docker Images (DinD) (push) Blocked by required conditions
Details
CI/CD Pipeline (Fully Isolated DinD) / Deploy to Production (push) Blocked by required conditions
Details
Improve Caddyfile and use registry config file
2025-07-13 10:53:33 -04:00

2.2 KiB
Raw Blame History

Docker Registry Configuration

This folder contains the configuration files for the Docker Registry setup used in the CI/CD pipeline.

Files

  • docker-compose.registry.yml: Docker Compose configuration for the registry and Caddy reverse proxy
  • Caddyfile: Caddy configuration for HTTPS and authentication
  • config.yml: Docker Registry configuration file
  • README.md: This documentation file

Architecture

The registry setup uses:

  • Docker Registry: Basic registry for storing Docker images
  • Caddy: Reverse proxy with automatic HTTPS and authentication
  • Environment Variables: For authentication credentials

Authentication Model

  • Pulls: Unauthenticated (public read access)
    • /v2/*/blobs/* - Download image layers
    • /v2/*/manifests/* - Download image manifests
    • /v2/_catalog - List repositories
    • /v2/*/tags/list - List image tags
  • Pushes: Require authentication with registry-user credentials
    • /v2/*/blobs/uploads/* - Upload image layers
    • /v2/*/manifests/* (PUT/POST/PATCH/DELETE) - Upload/update manifests

Security Features

  • URL-based access control: Different paths require different authentication levels
  • Method-based restrictions: Push operations require authentication
  • Path validation: Prevents method spoofing by validating both URL patterns and HTTP methods
  • Security headers: X-Content-Type-Options, X-Frame-Options for additional protection

Configuration

The setup is configured through:

  1. Environment Variables: Stored in .env file (created during setup)
  2. Caddyfile: Handles HTTPS and authentication
  3. Docker Compose: Orchestrates the registry and Caddy services
  4. Registry Config: config.yml contains the Docker Registry configuration

Usage

The registry is automatically set up during the CI/CD pipeline setup process. The configuration files are copied from this folder to the registry server and customized with the appropriate IP address and credentials.

Security

  • Authentication is handled by Caddy using environment variables
  • HTTPS is automatically managed by Caddy
  • Registry data is persisted in Docker volumes
  • Environment file contains sensitive credentials and should be properly secured