michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Docker Registry URLs to HTTPS endpoint (registry.michaelschiemer.de)

Browse Source 
- Replace git.michaelschiemer.de:5000 (HTTP) with registry.michaelschiemer.de (HTTPS)
- Update all Ansible playbooks and configuration files
- Update CI/CD workflows to use HTTPS registry endpoint
- Update Docker Compose files with new registry URL
- Update documentation and scripts

Benefits:
- Secure HTTPS connection (no insecure registry config needed)
- Consistent use of HTTPS endpoint via Traefik
- Better security practices for production deployment
This commit is contained in:
Michael Schiemer
2025-10-31 14:35:39 +01:00
parent 82fb65eb00
commit c087d372c2
24 changed files with 1341 additions and 217 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
deployment/stacks/registry/README.md
View File

@@ -475,19 +475,45 @@ Security headers are applied via Traefik's `default-chain@file` middleware:
## Docker Daemon Configuration
### Configure Docker to Trust Registry
### Registry Access Methods
On machines that will push/pull from registry:
The registry is accessible via two methods:
1. **HTTPS via Traefik**: `registry.michaelschiemer.de` (recommended)
- Uses SSL/TLS encryption
- No insecure registry configuration needed
- Preferred for production use
2. **HTTP Direct**: `registry.michaelschiemer.de`
- Direct access to registry port
- Requires insecure registry configuration
- Useful for internal/local access
### Option 1: Using HTTPS Endpoint (Recommended)
No Docker daemon configuration needed. Just login and push:
```bash
# Login via HTTPS endpoint
docker login registry.michaelschiemer.de
# Push images
docker push registry.michaelschiemer.de/framework:latest
```
### Option 2: Using HTTP Endpoint (Direct Access)
If you need to use `registry.michaelschiemer.de`, configure Docker to allow insecure registries:
```bash
# Edit daemon.json
sudo nano /etc/docker/daemon.json
```
Add:
Add `registry.michaelschiemer.de` to `insecure-registries`:
```json
{
"insecure-registries": [],
"insecure-registries": ["registry.michaelschiemer.de"],
"registry-mirrors": [],
"log-driver": "json-file",
"log-opts": {
@@ -497,7 +523,7 @@ Add:
}
```
**Note**: No need to add registry to `insecure-registries` since we use SSL.
**Note**: Only add to `insecure-registries` if using the HTTP endpoint. Use HTTPS endpoint (`registry.michaelschiemer.de`) to avoid insecure registry configuration.
```bash
# Restart Docker