Support insecure VPN registry pulls
Build & Deploy / Build & Push Docker Image (push) Successful in 2m52s
Test / Type Check (all packages) (push) Successful in 50s
Build & Deploy / Deploy to VPS (push) Successful in 4s
Test / API Unit Tests (push) Successful in 49s
Test / Homepage Unit Tests (push) Successful in 42s
Test / Storefront Unit Tests (push) Successful in 39s
Test / Admin Unit Tests (push) Successful in 40s
Test / Dashboard Unit Tests (push) Successful in 41s
Test / API Integration Tests (push) Successful in 1m1s

This commit is contained in:
root
2026-07-02 12:06:01 -04:00
parent 1fd1ddf3f2
commit 7c1bd2d0c0
4 changed files with 123 additions and 1 deletions
+52
View File
@@ -118,6 +118,7 @@ load_prod_env_exports() {
REGISTRY_USER \
REGISTRY_PASSWORD \
REGISTRY_TOKEN \
REGISTRY_INSECURE \
VPN_CONTAINER
do
export_env_value_if_unset "${key}"
@@ -129,6 +130,54 @@ load_prod_env_exports() {
fi
}
registry_host_name() {
local host="${REGISTRY_HOST:-}"
host="${host#http://}"
host="${host#https://}"
host="${host%%/*}"
printf '%s' "${host}"
}
ensure_registry_transport_configured() {
local insecure="${REGISTRY_INSECURE:-false}"
local host
if [[ "${insecure}" != "true" && "${insecure}" != "1" ]]; then
return 0
fi
host="$(registry_host_name)"
if [[ -z "${host}" ]]; then
return 0
fi
REGISTRY_HOST="${host}"
export REGISTRY_HOST
if docker info 2>/dev/null | awk '/Insecure Registries:/,/Live Restore Enabled:/' | grep -Fqx " ${host}"; then
return 0
fi
cat >&2 <<EOF
Docker is not configured to pull ${host} over HTTP.
Docker image names cannot include http://. Configure the VPS Docker daemon once by adding
this entry to /etc/docker/daemon.json, merging it with any existing settings:
{
"insecure-registries": ["${host}"]
}
Then restart Docker:
sudo systemctl restart docker
Then rerun ./deploy-production.sh.
EOF
exit 1
}
validate_prod_env_file() {
local acme_email api_domain public_site_domain cors_origins postgres_password redis_password jwt_secret
@@ -234,6 +283,8 @@ require_release_image() {
login_registry_if_configured() {
local archive_disabled="${IMAGE_ARCHIVE_DISABLED:-false}"
ensure_registry_transport_configured
if [[ -z "${REGISTRY_PASSWORD:-}" && -n "${REGISTRY_TOKEN:-}" ]]; then
REGISTRY_PASSWORD="${REGISTRY_TOKEN}"
export REGISTRY_PASSWORD
@@ -278,6 +329,7 @@ login_registry_if_configured() {
pull_prod_release_images() {
require_release_image
ensure_registry_transport_configured
if load_release_image_archives; then
verify_prod_release_image