devteam/sharenet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
sharenet/registry/README.md
continuist a43f2003d0
Some checks are pending
CI/CD Pipeline (Fully Isolated DinD) / Run Tests (DinD) (push) Waiting to run
Details
CI/CD Pipeline (Fully Isolated DinD) / Build and Push Docker Images (DinD) (push) Blocked by required conditions
Details
CI/CD Pipeline (Fully Isolated DinD) / Deploy to Production (push) Blocked by required conditions
Details
Improve Caddyfile and use registry config file
2025-07-13 10:53:33 -04:00

54 lines
No EOL
2.2 KiB
Markdown
Raw Blame History

# Docker Registry Configuration
This folder contains the configuration files for the Docker Registry setup used in the CI/CD pipeline.
## Files
- **`docker-compose.registry.yml`**: Docker Compose configuration for the registry and Caddy reverse proxy
- **`Caddyfile`**: Caddy configuration for HTTPS and authentication
- **`config.yml`**: Docker Registry configuration file
- **`README.md`**: This documentation file
## Architecture
The registry setup uses:
- **Docker Registry**: Basic registry for storing Docker images
- **Caddy**: Reverse proxy with automatic HTTPS and authentication
- **Environment Variables**: For authentication credentials
## Authentication Model
- **Pulls**: Unauthenticated (public read access)
- `/v2/*/blobs/*` - Download image layers
- `/v2/*/manifests/*` - Download image manifests
- `/v2/_catalog` - List repositories
- `/v2/*/tags/list` - List image tags
- **Pushes**: Require authentication with `registry-user` credentials
- `/v2/*/blobs/uploads/*` - Upload image layers
- `/v2/*/manifests/*` (PUT/POST/PATCH/DELETE) - Upload/update manifests
## Security Features
- **URL-based access control**: Different paths require different authentication levels
- **Method-based restrictions**: Push operations require authentication
- **Path validation**: Prevents method spoofing by validating both URL patterns and HTTP methods
- **Security headers**: X-Content-Type-Options, X-Frame-Options for additional protection
## Configuration
The setup is configured through:
1. **Environment Variables**: Stored in `.env` file (created during setup)
2. **Caddyfile**: Handles HTTPS and authentication
3. **Docker Compose**: Orchestrates the registry and Caddy services
4. **Registry Config**: `config.yml` contains the Docker Registry configuration
## Usage
The registry is automatically set up during the CI/CD pipeline setup process. The configuration files are copied from this folder to the registry server and customized with the appropriate IP address and credentials.
## Security
- Authentication is handled by Caddy using environment variables
- HTTPS is automatically managed by Caddy
- Registry data is persisted in Docker volumes
- Environment file contains sensitive credentials and should be properly secured
Reference in a new issue View git blame Copy permalink