246 lines
5.0 KiB
Markdown
246 lines
5.0 KiB
Markdown
# Docker Registry DNS Configuration
|
|
|
|
## Overview
|
|
|
|
The Docker registry at `192.168.200.200:5000` is now accessible via the domain name `registry.directlx.dev` using HTTPS through Nginx Proxy Manager.
|
|
|
|
## DNS Resolution
|
|
|
|
- **Domain**: registry.directlx.dev
|
|
- **DNS Resolution**: 192.168.200.71 (NPM - Nginx Proxy Manager)
|
|
- **Backend**: 192.168.200.200:5000 (Docker Registry)
|
|
- **Protocol**: HTTPS (SSL terminated at NPM)
|
|
- **DNS Server**: Pi-hole (192.168.200.100)
|
|
|
|
## Usage
|
|
|
|
### Docker Push
|
|
|
|
```bash
|
|
# Tag your image
|
|
docker tag my-image:latest registry.directlx.dev/my-image:latest
|
|
|
|
# Push to registry
|
|
docker push registry.directlx.dev/my-image:latest
|
|
```
|
|
|
|
### Docker Pull
|
|
|
|
```bash
|
|
docker pull registry.directlx.dev/my-image:latest
|
|
```
|
|
|
|
### Docker Compose
|
|
|
|
Update your `.env` files to use the domain name:
|
|
|
|
```env
|
|
DOCKER_REGISTRY=registry.directlx.dev
|
|
```
|
|
|
|
Then in `docker-compose.yml`:
|
|
|
|
```yaml
|
|
services:
|
|
app:
|
|
image: ${DOCKER_REGISTRY}/my-image:latest
|
|
```
|
|
|
|
## Verification
|
|
|
|
### Test DNS Resolution
|
|
|
|
```bash
|
|
# Query Pi-hole directly
|
|
nslookup registry.directlx.dev 192.168.200.100
|
|
|
|
# Check local resolution
|
|
getent hosts registry.directlx.dev
|
|
```
|
|
|
|
Expected output: `192.168.200.71 registry.directlx.dev`
|
|
|
|
### Test Registry Connectivity
|
|
|
|
```bash
|
|
# Health check (via HTTPS)
|
|
curl -I https://registry.directlx.dev/v2/
|
|
|
|
# List repositories
|
|
curl https://registry.directlx.dev/v2/_catalog
|
|
```
|
|
|
|
### Test Docker Integration
|
|
|
|
```bash
|
|
# List tags for a repository
|
|
curl https://registry.directlx.dev/v2/hiveops-incident/tags/list
|
|
```
|
|
|
|
## Current Repositories
|
|
|
|
As of 2026-02-14, the registry contains:
|
|
|
|
- atm-incident-backend
|
|
- atm-incident-frontend
|
|
- hiveops-agent
|
|
- hiveops-auth
|
|
- hiveops-config
|
|
- hiveops-incident
|
|
- hiveops-incident-backend
|
|
- hiveops-incident-frontend
|
|
- hiveops-mgmt
|
|
- hiveops-release
|
|
- hiveops-remote
|
|
- smart-client
|
|
|
|
## Configuration Files
|
|
|
|
### Pi-hole DNS Record
|
|
|
|
Managed by: `playbooks/configure-directlx-dev-dns.yml`
|
|
|
|
```yaml
|
|
dns_records:
|
|
- { ip: "192.168.200.71", hostname: "registry" }
|
|
```
|
|
|
|
### NPM Proxy Host Configuration
|
|
|
|
Configure in NPM web UI (http://192.168.200.71:81):
|
|
|
|
**Domain Names:**
|
|
- registry.directlx.dev
|
|
|
|
**Forward Hostname/IP:** 192.168.200.200
|
|
**Forward Port:** 5000
|
|
**Scheme:** http
|
|
|
|
**SSL:**
|
|
- ✅ Force SSL
|
|
- ✅ HTTP/2 Support
|
|
- ✅ HSTS Enabled
|
|
- SSL Certificate: Let's Encrypt or custom
|
|
|
|
### Local /etc/hosts (Optional)
|
|
|
|
For local workstation access without Pi-hole DNS:
|
|
|
|
```bash
|
|
sudo tee -a /etc/hosts <<EOF
|
|
192.168.200.71 registry.directlx.dev
|
|
EOF
|
|
```
|
|
|
|
Or use the Ansible playbook:
|
|
|
|
```bash
|
|
ansible-playbook playbooks/configure-local-dns-localhost.yml --ask-become-pass
|
|
```
|
|
|
|
## Troubleshooting
|
|
|
|
### Registry Not Resolving
|
|
|
|
**Check DNS:**
|
|
```bash
|
|
nslookup registry.directlx.dev 192.168.200.100
|
|
```
|
|
|
|
If no result, re-run the DNS configuration playbook:
|
|
```bash
|
|
ansible-playbook playbooks/configure-directlx-dev-dns.yml
|
|
```
|
|
|
|
### Connection Refused
|
|
|
|
**Check registry is running:**
|
|
```bash
|
|
ansible docker -m shell -a "docker ps | grep registry"
|
|
```
|
|
|
|
**Check firewall:**
|
|
```bash
|
|
ansible docker -m shell -a "ufw status" -b
|
|
```
|
|
|
|
### Docker Daemon Configuration
|
|
|
|
With HTTPS enabled via NPM, no insecure registry configuration is needed. Docker will trust the SSL certificate.
|
|
|
|
If you encounter certificate issues, ensure the CA certificate is trusted on your system.
|
|
|
|
## Security Notes
|
|
|
|
- ✅ HTTPS enabled via NPM (SSL/TLS encryption)
|
|
- ✅ Registry accessible only on local network (192.168.200.0/24)
|
|
- ✅ SSL certificate from Let's Encrypt (valid and trusted)
|
|
- ⚠️ No authentication configured (suitable for internal use)
|
|
- For production, consider:
|
|
- Adding Docker registry authentication
|
|
- Implementing access controls
|
|
- Rate limiting at NPM level
|
|
|
|
## Quick Setup Guide
|
|
|
|
**Complete setup in 2 steps:**
|
|
|
|
1. **DNS Configuration** (✅ DONE)
|
|
```bash
|
|
ansible-playbook playbooks/configure-directlx-dev-dns.yml
|
|
```
|
|
|
|
2. **NPM Proxy Configuration** (⚠️ REQUIRED)
|
|
|
|
See: [NPM Registry Setup Guide](NPM-REGISTRY-SETUP.md)
|
|
|
|
Quick summary:
|
|
- Navigate to NPM Admin (http://192.168.200.71:81)
|
|
- Add Proxy Host for registry.directlx.dev
|
|
- Forward to: 192.168.200.200:5000
|
|
- Enable SSL with Let's Encrypt
|
|
- Add custom Nginx config (see guide)
|
|
|
|
## Related Documentation
|
|
|
|
- **[NPM Registry Setup Guide](NPM-REGISTRY-SETUP.md)** - Step-by-step NPM configuration ⭐
|
|
- [Local DNS Configuration](LOCAL-DNS-CONFIGURATION.md) - General DNS setup
|
|
- [SSL Offloading Fix](SSL-OFFLOADING-FIX.md) - HTTPS configuration
|
|
- Global CLAUDE.md - Docker registry URL reference
|
|
|
|
## Maintenance
|
|
|
|
### Update DNS Record
|
|
|
|
Edit `playbooks/configure-directlx-dev-dns.yml` and add/modify:
|
|
|
|
```yaml
|
|
dns_records:
|
|
- { ip: "NEW_IP", hostname: "registry" }
|
|
```
|
|
|
|
Then apply:
|
|
|
|
```bash
|
|
ansible-playbook playbooks/configure-directlx-dev-dns.yml
|
|
```
|
|
|
|
### Clear DNS Cache
|
|
|
|
On Pi-hole:
|
|
```bash
|
|
ansible pihole -m shell -a "pihole restartdns" -b
|
|
```
|
|
|
|
On local workstation:
|
|
```bash
|
|
sudo systemd-resolve --flush-caches
|
|
resolvectl flush-caches
|
|
```
|
|
|
|
---
|
|
|
|
**Created**: 2026-02-14
|
|
**Last Updated**: 2026-02-14
|
|
**Author**: DirectLX Infrastructure Team
|