feat(infra-ops): finalize infrastructure configurations before merge

- Update ASUSTOR gitea-runner and registry configurations
- Add environment examples for registry services
- Clean up MariaDB configuration files
- Prepare for merge to main branch

specs/04-Infrastructure-OPS/04-00-docker-compose/ASUSTOR/registry/.env.example

@@ -1,2 +1,3 @@
 REGISTRY_ADMIN_USER=admin
 REGISTRY_ADMIN_PASSWORD=
+REGISTRY_HTTP_SECRET=

specs/04-Infrastructure-OPS/04-00-docker-compose/ASUSTOR/registry/docker-compose-bak.yml

@@ -0,0 +1,70 @@
+# File: /volume1/np-dms/registry/docker-compose.yml
+# DMS Container v1.8.0: Application name: lcbp3-registry
+# Deploy on: ASUSTOR AS5403T
+# Services: registry, portainer
+# ============================================================
+# ⚠️  ข้อกำหนด:
+#     - ต้องสร้าง Docker Network ก่อน: docker network create lcbp3
+#     - Registry ใช้ Port 5000 (domain: registry.np-dms.work)
+#     - Portainer ใช้ Port 9443 (domain: portainer.np-dms.work)
+# ============================================================
+x-restart: &restart_policy
+  restart: unless-stopped
+
+x-logging: &default_logging
+  logging:
+    driver: 'json-file'
+    options:
+      max-size: '10m'
+      max-file: '5'
+
+networks:
+  lcbp3:
+    external: true
+
+services:
+  # 1. Docker Registry Engine
+  registry:
+    <<: [*restart_policy, *default_logging]
+    image: registry:2
+    container_name: registry
+    deploy:
+      resources:
+        limits:
+          cpus: '0.5'
+          memory: 256M
+    environment:
+      TZ: 'Asia/Bangkok'
+      REGISTRY_STORAGE_DELETE_ENABLED: 'true'
+      # เพิ่มความปลอดภัยเบื้องต้น (ถ้าต้องการ) หรือจัดการเรื่อง CORS
+      # REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin: '[https://registry-ui.np-dms.work]'
+      # REGISTRY_HTTP_HEADERS_Access-Control-Allow-Methods: '[HEAD,GET,OPTIONS,DELETE]'
+      # REGISTRY_HTTP_HEADERS_Access-Control-Allow-Headers: '[Authorization,Accept,Cache-Control]'
+    ports:
+      - "5000:5000"
+    volumes:
+      - '/volume1/np-dms/registry/data:/var/lib/registry'
+    healthcheck:
+      test: ["CMD", "bin/registry", "garbage-collect", "--dry-run", "/etc/docker/registry/config.yml"] # Check config/binary readiness
+      interval: 1m
+      timeout: 10s
+      retries: 3
+    networks:
+      - lcbp3
+
+  # 2. Registry Browser UI
+  registry-ui:
+    <<: [*restart_policy, *default_logging]
+    image: joxit/docker-registry-ui:latest
+    container_name: registry-ui
+    ports:
+      - "8880:80"
+    environment:
+      - REGISTRY_TITLE=LCBP3-DMS Local Registry
+      - REGISTRY_URL=http://registry:5000
+      - SINGLE_REGISTRY=true
+      - DELETE_IMAGES=true # ยอมให้กดลบจากหน้า UI ได้
+    depends_on:
+      - registry
+    networks:
+      - lcbp3

specs/04-Infrastructure-OPS/04-00-docker-compose/ASUSTOR/registry/docker-compose.yml

@@ -26,7 +26,7 @@ x-logging: &default_logging
     options:
       max-size: '10m'
       max-file: '5'
-
+name: lcbp3-registry
 networks:
   lcbp3:
     external: true
@@ -45,9 +45,8 @@ services:
         reservations:
           cpus: '0.1'
           memory: 64M
-
     env_file:
-      - .env
+      - /share/np-dms/registry/.env
     environment:
       TZ: 'Asia/Bangkok'
       # --- Storage ---
@@ -57,15 +56,17 @@ services:
       REGISTRY_AUTH: 'htpasswd'
       REGISTRY_AUTH_HTPASSWD_REALM: 'NP-DMS Registry'
       REGISTRY_AUTH_HTPASSWD_PATH: '/auth/htpasswd'
-    security_opt:
-      - no-new-privileges:true
+      REGISTRY_HTTP_SECRET: ${REGISTRY_HTTP_SECRET}
+    # security_opt:
+    #   - no-new-privileges:true
     ports:
       - '5000:5000'
     volumes:
       - '/volume1/np-dms/registry/data:/var/lib/registry'
       - '/volume1/np-dms/registry/auth:/auth:ro'
     healthcheck:
-      test: ['CMD', 'wget', '--spider', '-q', 'http://localhost:5000/v2/']
+      # test: ['CMD', 'wget', '--spider', '-q', 'http://localhost:5000/v2/']
+      test: ["CMD", "nc", "-z", "localhost", "5000"]
       interval: 30s
       timeout: 10s
       retries: 3
@@ -88,17 +89,26 @@ services:
       - '8880:80'
     environment:
       TZ: 'Asia/Bangkok'
-      REGISTRY_TITLE: 'NP-DMS Registry'
-      REGISTRY_URL: 'http://registry:5000'
+      REGISTRY_TITLE: ${DMS_REGISTRY_TITLE}
+      # REGISTRY_URL: 'http://registry:5000'
+      NGINX_PROXY_PASS_URL: 'http://registry:5000'
       SINGLE_REGISTRY: 'true'
       DELETE_IMAGES: 'true'
+      # --- เพิ่มส่วนนี้เพื่อให้ UI คุยกับ Registry ที่มี Auth ได้ ---
+      # 1. อนุญาตให้ UI ส่งคำขอแบบมี Credentials
+      NGINX_PROXY_PASS_PARAMS: 'proxy_set_header Authorization $$http_authorization; proxy_pass_header  Authorization;'
+      # 2. กรณีต้องการให้ UI จำรหัสผ่าน (Basic Auth) ไว้เลย (ใช้ค่าจาก .env)
+      REGISTRY_USER: ${DMS_REGISTRY_ADMIN_USER}
+      REGISTRY_PASSWORD: ${DMS_REGISTRY_ADMIN_PASSWORD}
+
     depends_on:
       registry:
         condition: service_healthy
     networks:
       - lcbp3
     healthcheck:
-      test: ['CMD', 'wget', '--spider', '-q', 'http://localhost:80/']
+      # test: ['CMD', 'wget', '--spider', '-q', 'http://localhost:80/']
+      test: ["CMD-SHELL", "wget --spider -q http://localhost/ || exit 1"]
       interval: 30s
       timeout: 10s
       retries: 3