dlx-ansible/docs/DOCKER-REGISTRY-DNS.md

# Docker Registry DNS Configuration

## Overview

The Docker registry at `192.168.200.200:5000` is now accessible via the domain name `registry.directlx.dev` using HTTPS through Nginx Proxy Manager.

## DNS Resolution

- **Domain**: registry.directlx.dev
- **DNS Resolution**: 192.168.200.71 (NPM - Nginx Proxy Manager)
- **Backend**: 192.168.200.200:5000 (Docker Registry)
- **Protocol**: HTTPS (SSL terminated at NPM)
- **DNS Server**: Pi-hole (192.168.200.100)

## Usage

### Docker Push

```bash
# Tag your image
docker tag my-image:latest registry.directlx.dev/my-image:latest

# Push to registry
docker push registry.directlx.dev/my-image:latest
```

### Docker Pull

```bash
docker pull registry.directlx.dev/my-image:latest
```

### Docker Compose

Update your `.env` files to use the domain name:

```env
DOCKER_REGISTRY=registry.directlx.dev
```

Then in `docker-compose.yml`:

```yaml
services:
  app:
    image: ${DOCKER_REGISTRY}/my-image:latest
```

## Verification

### Test DNS Resolution

```bash
# Query Pi-hole directly
nslookup registry.directlx.dev 192.168.200.100

# Check local resolution
getent hosts registry.directlx.dev
```

Expected output: `192.168.200.71 registry.directlx.dev`

### Test Registry Connectivity

```bash
# Health check (via HTTPS)
curl -I https://registry.directlx.dev/v2/

# List repositories
curl https://registry.directlx.dev/v2/_catalog
```

### Test Docker Integration

```bash
# List tags for a repository
curl https://registry.directlx.dev/v2/hiveops-incident/tags/list
```

## Current Repositories

As of 2026-02-14, the registry contains:

- atm-incident-backend
- atm-incident-frontend
- hiveops-agent
- hiveops-auth
- hiveops-config
- hiveops-incident
- hiveops-incident-backend
- hiveops-incident-frontend
- hiveops-mgmt
- hiveops-release
- hiveops-remote
- smart-client

## Configuration Files

### Pi-hole DNS Record

Managed by: `playbooks/configure-directlx-dev-dns.yml`

```yaml
dns_records:
  - { ip: "192.168.200.71", hostname: "registry" }
```

### NPM Proxy Host Configuration

Configure in NPM web UI (http://192.168.200.71:81):

**Domain Names:**
- registry.directlx.dev

**Forward Hostname/IP:** 192.168.200.200
**Forward Port:** 5000
**Scheme:** http

**SSL:**
- ✅ Force SSL
- ✅ HTTP/2 Support
- ✅ HSTS Enabled
- SSL Certificate: Let's Encrypt or custom

### Local /etc/hosts (Optional)

For local workstation access without Pi-hole DNS:

```bash
sudo tee -a /etc/hosts <<EOF
192.168.200.71  registry.directlx.dev
EOF
```

Or use the Ansible playbook:

```bash
ansible-playbook playbooks/configure-local-dns-localhost.yml --ask-become-pass
```

## Troubleshooting

### Registry Not Resolving

**Check DNS:**
```bash
nslookup registry.directlx.dev 192.168.200.100
```

If no result, re-run the DNS configuration playbook:
```bash
ansible-playbook playbooks/configure-directlx-dev-dns.yml
```

### Connection Refused

**Check registry is running:**
```bash
ansible docker -m shell -a "docker ps | grep registry"
```

**Check firewall:**
```bash
ansible docker -m shell -a "ufw status" -b
```

### Docker Daemon Configuration

With HTTPS enabled via NPM, no insecure registry configuration is needed. Docker will trust the SSL certificate.

If you encounter certificate issues, ensure the CA certificate is trusted on your system.

## Security Notes

- ✅ HTTPS enabled via NPM (SSL/TLS encryption)
- ✅ Registry accessible only on local network (192.168.200.0/24)
- ✅ SSL certificate from Let's Encrypt (valid and trusted)
- ⚠️ No authentication configured (suitable for internal use)
- For production, consider:
  - Adding Docker registry authentication
  - Implementing access controls
  - Rate limiting at NPM level

## Quick Setup Guide

**Complete setup in 2 steps:**

1. **DNS Configuration** (✅ DONE)
   ```bash
   ansible-playbook playbooks/configure-directlx-dev-dns.yml
   ```

2. **NPM Proxy Configuration** (⚠️ REQUIRED)

   See: [NPM Registry Setup Guide](NPM-REGISTRY-SETUP.md)

   Quick summary:
   - Navigate to NPM Admin (http://192.168.200.71:81)
   - Add Proxy Host for registry.directlx.dev
   - Forward to: 192.168.200.200:5000
   - Enable SSL with Let's Encrypt
   - Add custom Nginx config (see guide)

## Related Documentation

- **[NPM Registry Setup Guide](NPM-REGISTRY-SETUP.md)** - Step-by-step NPM configuration ⭐
- [Local DNS Configuration](LOCAL-DNS-CONFIGURATION.md) - General DNS setup
- [SSL Offloading Fix](SSL-OFFLOADING-FIX.md) - HTTPS configuration
- Global CLAUDE.md - Docker registry URL reference

## Maintenance

### Update DNS Record

Edit `playbooks/configure-directlx-dev-dns.yml` and add/modify:

```yaml
dns_records:
  - { ip: "NEW_IP", hostname: "registry" }
```

Then apply:

```bash
ansible-playbook playbooks/configure-directlx-dev-dns.yml
```

### Clear DNS Cache

On Pi-hole:
```bash
ansible pihole -m shell -a "pihole restartdns" -b
```

On local workstation:
```bash
sudo systemd-resolve --flush-caches
resolvectl flush-caches
```

---

**Created**: 2026-02-14
**Last Updated**: 2026-02-14
**Author**: DirectLX Infrastructure Team