dlx-ansible/docs/DOCKER-REGISTRY-DNS.md

Docker Registry DNS Configuration

Overview

The Docker registry at 192.168.200.200:5000 is now accessible via the domain name registry.directlx.dev using HTTPS through Nginx Proxy Manager.

DNS Resolution

• Domain: registry.directlx.dev
• DNS Resolution: 192.168.200.71 (NPM - Nginx Proxy Manager)
• Backend: 192.168.200.200:5000 (Docker Registry)
• Protocol: HTTPS (SSL terminated at NPM)
• DNS Server: Pi-hole (192.168.200.100)

Usage

Docker Push

# Tag your image
docker tag my-image:latest registry.directlx.dev/my-image:latest

# Push to registry
docker push registry.directlx.dev/my-image:latest

Docker Pull

docker pull registry.directlx.dev/my-image:latest

Docker Compose

Update your .env files to use the domain name:

DOCKER_REGISTRY=registry.directlx.dev

Then in docker-compose.yml:

services:
  app:
    image: ${DOCKER_REGISTRY}/my-image:latest

Verification

Test DNS Resolution

# Query Pi-hole directly
nslookup registry.directlx.dev 192.168.200.100

# Check local resolution
getent hosts registry.directlx.dev

Expected output: 192.168.200.71 registry.directlx.dev

Test Registry Connectivity

# Health check (via HTTPS)
curl -I https://registry.directlx.dev/v2/

# List repositories
curl https://registry.directlx.dev/v2/_catalog

Test Docker Integration

# List tags for a repository
curl https://registry.directlx.dev/v2/hiveops-incident/tags/list

Current Repositories

As of 2026-02-14, the registry contains:

• atm-incident-backend
• atm-incident-frontend
• hiveops-agent
• hiveops-auth
• hiveops-config
• hiveops-incident
• hiveops-incident-backend
• hiveops-incident-frontend
• hiveops-mgmt
• hiveops-release
• hiveops-remote
• smart-client

Configuration Files

Pi-hole DNS Record

Managed by: playbooks/configure-directlx-dev-dns.yml

dns_records:
  - { ip: "192.168.200.71", hostname: "registry" }

NPM Proxy Host Configuration

Configure in NPM web UI (http://192.168.200.71:81):

Domain Names:

• registry.directlx.dev

Forward Hostname/IP: 192.168.200.200 Forward Port: 5000 Scheme: http

SSL:

• ✅ Force SSL
• ✅ HTTP/2 Support
• ✅ HSTS Enabled
• SSL Certificate: Let's Encrypt or custom

Local /etc/hosts (Optional)

For local workstation access without Pi-hole DNS:

sudo tee -a /etc/hosts <<EOF
192.168.200.71  registry.directlx.dev
EOF

Or use the Ansible playbook:

ansible-playbook playbooks/configure-local-dns-localhost.yml --ask-become-pass

Troubleshooting

Registry Not Resolving

Check DNS:

nslookup registry.directlx.dev 192.168.200.100

If no result, re-run the DNS configuration playbook:

ansible-playbook playbooks/configure-directlx-dev-dns.yml

Connection Refused

Check registry is running:

ansible docker -m shell -a "docker ps | grep registry"

Check firewall:

ansible docker -m shell -a "ufw status" -b

Docker Daemon Configuration

With HTTPS enabled via NPM, no insecure registry configuration is needed. Docker will trust the SSL certificate.

If you encounter certificate issues, ensure the CA certificate is trusted on your system.

Security Notes

• ✅ HTTPS enabled via NPM (SSL/TLS encryption)
• ✅ Registry accessible only on local network (192.168.200.0/24)
• ✅ SSL certificate from Let's Encrypt (valid and trusted)
• ⚠️ No authentication configured (suitable for internal use)
• For production, consider:
  • Adding Docker registry authentication
  • Implementing access controls
  • Rate limiting at NPM level

Quick Setup Guide

Complete setup in 2 steps:

1. DNS Configuration (✅ DONE)

   ansible-playbook playbooks/configure-directlx-dev-dns.yml
   

2. NPM Proxy Configuration (⚠️ REQUIRED)

   See: NPM Registry Setup Guide

   Quick summary:

   • Navigate to NPM Admin (http://192.168.200.71:81)
   • Add Proxy Host for registry.directlx.dev
   • Forward to: 192.168.200.200:5000
   • Enable SSL with Let's Encrypt
   • Add custom Nginx config (see guide)

Related Documentation

• NPM Registry Setup Guide - Step-by-step NPM configuration ⭐
• Local DNS Configuration - General DNS setup
• SSL Offloading Fix - HTTPS configuration
• Global CLAUDE.md - Docker registry URL reference

Maintenance

Update DNS Record

Edit playbooks/configure-directlx-dev-dns.yml and add/modify:

dns_records:
  - { ip: "NEW_IP", hostname: "registry" }

Then apply:

ansible-playbook playbooks/configure-directlx-dev-dns.yml

Clear DNS Cache

On Pi-hole:

ansible pihole -m shell -a "pihole restartdns" -b

On local workstation:

sudo systemd-resolve --flush-caches
resolvectl flush-caches

---

Created: 2026-02-14 Last Updated: 2026-02-14 Author: DirectLX Infrastructure Team