Pull Docker images from Nexus connector port 8087

The Docker daemon reaches the Nexus Docker group over the dedicated
connector port 8087 (its registry mirror), not the main 8081 HTTP port,
which caused HTTPS-to-HTTP pull failures in CI. Repoint all image refs to
171.22.25.73:8087 at the connector root; npm and NuGet stay on 8081.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

.gitea/workflows/ci-cd.yml

@@ -17,13 +17,13 @@ concurrency:
 #   ubuntu-latest:docker://node:20-alpine   ← CI jobs run in real Docker containers
 #   self-hosted:host                        ← deploy runs directly on the server
 #
-# All images/packages served from local Nexus at 171.22.25.73:8081:
+# All images/packages served from local Nexus at 171.22.25.73:
-#   Docker images → 171.22.25.73:8081           (docker-group: Docker Hub + MCR)
+#   Docker images → 171.22.25.73:8087           (docker-group connector: Docker Hub + MCR)
 #   NuGet         → http://171.22.25.73:8081/repository/nuget-group/
 #   npm           → http://171.22.25.73:8081/repository/npm-group/
 #
 # The runner host is 171.22.25.73, so Nexus is always reachable directly.
-# Daemon must have: "insecure-registries": ["171.22.25.73:8081"]
+# Daemon must have: "insecure-registries": ["171.22.25.73:8087"]
 # ─────────────────────────────────────────────────────────────────────────────
 
 jobs:
@@ -32,12 +32,12 @@ jobs:
     name: "CI · API (dotnet build + test)"
     runs-on: ubuntu-latest
     container:
-      image: 171.22.25.73:8081/repository/docker-group/dotnet/sdk:10.0
+      image: 171.22.25.73:8087/dotnet/sdk:10.0
       options: >-
         --add-host=gitea:host-gateway
     services:
       postgres:
-        image: 171.22.25.73:8081/repository/docker-group/postgres:16-alpine
+        image: 171.22.25.73:8087/postgres:16-alpine
         env:
           POSTGRES_DB: meezi_test
           POSTGRES_USER: meezi
@@ -48,7 +48,7 @@ jobs:
           --health-timeout 5s
           --health-retries 10
       redis:
-        image: 171.22.25.73:8081/repository/docker-group/redis:7-alpine
+        image: 171.22.25.73:8087/redis:7-alpine
         options: >-
           --health-cmd "redis-cli ping"
           --health-interval 5s
@@ -99,7 +99,7 @@ jobs:
     name: "CI · Admin API (dotnet build)"
     runs-on: ubuntu-latest
     container:
-      image: 171.22.25.73:8081/repository/docker-group/dotnet/sdk:10.0
+      image: 171.22.25.73:8087/dotnet/sdk:10.0
       options: >-
         --add-host=gitea:host-gateway
     steps:
@@ -141,7 +141,7 @@ jobs:
     name: "CI · Dashboard (tsc)"
     runs-on: ubuntu-latest
     container:
-      image: 171.22.25.73:8081/repository/docker-group/node:20-alpine
+      image: 171.22.25.73:8087/node:20-alpine
       options: >-
         --add-host=gitea:host-gateway
     steps:
@@ -171,7 +171,7 @@ jobs:
     name: "CI · Admin Web (tsc)"
     runs-on: ubuntu-latest
     container:
-      image: 171.22.25.73:8081/repository/docker-group/node:20-alpine
+      image: 171.22.25.73:8087/node:20-alpine
       options: >-
         --add-host=gitea:host-gateway
     steps:
@@ -201,7 +201,7 @@ jobs:
     name: "CI · Website (tsc)"
     runs-on: ubuntu-latest
     container:
-      image: 171.22.25.73:8081/repository/docker-group/node:20-alpine
+      image: 171.22.25.73:8087/node:20-alpine
       options: >-
         --add-host=gitea:host-gateway
     steps:
@@ -231,7 +231,7 @@ jobs:
     name: "CI · Koja (tsc)"
     runs-on: ubuntu-latest
     container:
-      image: 171.22.25.73:8081/repository/docker-group/node:20-alpine
+      image: 171.22.25.73:8087/node:20-alpine
       options: >-
         --add-host=gitea:host-gateway
     steps:

docker-compose.admin.yml

@@ -16,8 +16,8 @@ services:
       extra_hosts:
         - "mirror:host-gateway"
       args:
-        DOTNET_SDK_IMAGE: ${DOTNET_SDK_IMAGE:-171.22.25.73:8081/repository/docker-group/dotnet/sdk:10.0}
+        DOTNET_SDK_IMAGE: ${DOTNET_SDK_IMAGE:-171.22.25.73:8087/dotnet/sdk:10.0}
-        DOTNET_ASPNET_IMAGE: ${DOTNET_ASPNET_IMAGE:-171.22.25.73:8081/repository/docker-group/dotnet/aspnet:10.0}
+        DOTNET_ASPNET_IMAGE: ${DOTNET_ASPNET_IMAGE:-171.22.25.73:8087/dotnet/aspnet:10.0}
     container_name: meezi-admin-api
     restart: unless-stopped
     depends_on:
@@ -52,7 +52,7 @@ services:
       extra_hosts:
         - "mirror:host-gateway"
       args:
-        NODE_IMAGE: ${NODE_IMAGE:-171.22.25.73:8081/repository/docker-group/node:20-alpine}
+        NODE_IMAGE: ${NODE_IMAGE:-171.22.25.73:8087/node:20-alpine}
         NPM_REGISTRY: ${NPM_REGISTRY:-http://171.22.25.73:8081/repository/npm-group/}
         NEXT_PUBLIC_ADMIN_API_URL: ${NEXT_PUBLIC_ADMIN_API_URL:-http://localhost:5081}
     container_name: meezi-admin-web

docker-compose.yml

@@ -1,11 +1,12 @@
 # Meezi — main stack (Postgres, Redis, API, Dashboard, Website, Koja)
 #
-# All images/packages served from local Nexus at 171.22.25.73:8081
+# All images/packages served from local Nexus at 171.22.25.73:
-#   Docker images → 171.22.25.73:8081  (docker-group: proxies Docker Hub + MCR)
+#   Docker images → 171.22.25.73:8087  (docker-group connector: proxies Docker Hub + MCR)
 #   NuGet          → http://171.22.25.73:8081/repository/nuget-group/
 #   npm            → http://171.22.25.73:8081/repository/npm-group/
 #
-# Docker Desktop: add "insecure-registries": ["171.22.25.73:8081"] to daemon.json
+# Docker Desktop: add "insecure-registries": ["171.22.25.73:8087"] to daemon.json
+# (8087 is the Nexus Docker connector port; it serves images at the root path)
 #
 # Local dev:
 #   cp .env.example .env
@@ -25,7 +26,7 @@
 
 services:
   postgres:
-    image: ${POSTGRES_IMAGE:-171.22.25.73:8081/repository/docker-group/postgres:16-alpine}
+    image: ${POSTGRES_IMAGE:-171.22.25.73:8087/postgres:16-alpine}
     container_name: meezi-db
     restart: unless-stopped
     environment:
@@ -43,7 +44,7 @@ services:
       retries: 10
 
   redis:
-    image: ${REDIS_IMAGE:-171.22.25.73:8081/repository/docker-group/redis:7-alpine}
+    image: ${REDIS_IMAGE:-171.22.25.73:8087/redis:7-alpine}
     container_name: meezi-redis
     restart: unless-stopped
     ports:
@@ -64,8 +65,8 @@ services:
       extra_hosts:
         - "mirror:host-gateway"
       args:
-        DOTNET_SDK_IMAGE: ${DOTNET_SDK_IMAGE:-171.22.25.73:8081/repository/docker-group/dotnet/sdk:10.0}
+        DOTNET_SDK_IMAGE: ${DOTNET_SDK_IMAGE:-171.22.25.73:8087/dotnet/sdk:10.0}
-        DOTNET_ASPNET_IMAGE: ${DOTNET_ASPNET_IMAGE:-171.22.25.73:8081/repository/docker-group/dotnet/aspnet:10.0}
+        DOTNET_ASPNET_IMAGE: ${DOTNET_ASPNET_IMAGE:-171.22.25.73:8087/dotnet/aspnet:10.0}
     container_name: meezi-api
     restart: unless-stopped
     depends_on:
@@ -110,7 +111,7 @@ services:
       extra_hosts:
         - "mirror:host-gateway"
       args:
-        NODE_IMAGE: ${NODE_IMAGE:-171.22.25.73:8081/repository/docker-group/node:20-alpine}
+        NODE_IMAGE: ${NODE_IMAGE:-171.22.25.73:8087/node:20-alpine}
         NPM_REGISTRY: ${NPM_REGISTRY:-http://171.22.25.73:8081/repository/npm-group/}
         NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL:-http://localhost:5080}
     container_name: meezi-web
@@ -131,7 +132,7 @@ services:
       extra_hosts:
         - "mirror:host-gateway"
       args:
-        NODE_IMAGE: ${NODE_IMAGE:-171.22.25.73:8081/repository/docker-group/node:20-alpine}
+        NODE_IMAGE: ${NODE_IMAGE:-171.22.25.73:8087/node:20-alpine}
         NPM_REGISTRY: ${NPM_REGISTRY:-http://171.22.25.73:8081/repository/npm-group/}
         MEEZI_API_URL: http://api:8080
         NEXT_PUBLIC_SITE_URL: ${NEXT_PUBLIC_SITE_URL:-http://localhost:3010}
@@ -155,7 +156,7 @@ services:
       extra_hosts:
         - "mirror:host-gateway"
       args:
-        NODE_IMAGE: ${NODE_IMAGE:-171.22.25.73:8081/repository/docker-group/node:20-alpine}
+        NODE_IMAGE: ${NODE_IMAGE:-171.22.25.73:8087/node:20-alpine}
         NPM_REGISTRY: ${NPM_REGISTRY:-http://171.22.25.73:8081/repository/npm-group/}
         NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL:-http://localhost:5080}
         NEXT_PUBLIC_SITE_URL: ${NEXT_PUBLIC_KOJA_URL:-http://localhost:3103}

docker/admin-api/Dockerfile

@@ -1,5 +1,5 @@
-ARG DOTNET_SDK_IMAGE=171.22.25.73:8081/repository/docker-group/dotnet/sdk:10.0
+ARG DOTNET_SDK_IMAGE=171.22.25.73:8087/dotnet/sdk:10.0
-ARG DOTNET_ASPNET_IMAGE=171.22.25.73:8081/repository/docker-group/dotnet/aspnet:10.0
+ARG DOTNET_ASPNET_IMAGE=171.22.25.73:8087/dotnet/aspnet:10.0
 
 FROM ${DOTNET_SDK_IMAGE} AS build
 WORKDIR /src

docker/admin-web/Dockerfile

@@ -1,4 +1,4 @@
-ARG NODE_IMAGE=171.22.25.73:8081/repository/docker-group/node:20-alpine
+ARG NODE_IMAGE=171.22.25.73:8087/node:20-alpine
 
 FROM ${NODE_IMAGE} AS deps
 WORKDIR /app

docker/api/Dockerfile

@@ -1,5 +1,5 @@
-ARG DOTNET_SDK_IMAGE=171.22.25.73:8081/repository/docker-group/dotnet/sdk:10.0
+ARG DOTNET_SDK_IMAGE=171.22.25.73:8087/dotnet/sdk:10.0
-ARG DOTNET_ASPNET_IMAGE=171.22.25.73:8081/repository/docker-group/dotnet/aspnet:10.0
+ARG DOTNET_ASPNET_IMAGE=171.22.25.73:8087/dotnet/aspnet:10.0
 
 FROM ${DOTNET_SDK_IMAGE} AS build
 WORKDIR /src

docker/daemon-registry-mirror.example.json

@@ -1,8 +1,8 @@
 {
   "insecure-registries": [
-    "171.22.25.73:8081"
+    "171.22.25.73:8087"
   ],
   "registry-mirrors": [
-    "http://171.22.25.73:8081"
+    "http://171.22.25.73:8087"
   ]
 }

docker/koja/Dockerfile

@@ -1,4 +1,4 @@
-ARG NODE_IMAGE=171.22.25.73:8081/repository/docker-group/node:20-alpine
+ARG NODE_IMAGE=171.22.25.73:8087/node:20-alpine
 
 FROM ${NODE_IMAGE} AS deps
 WORKDIR /app

docker/web/Dockerfile

@@ -1,4 +1,4 @@
-ARG NODE_IMAGE=171.22.25.73:8081/repository/docker-group/node:20-alpine
+ARG NODE_IMAGE=171.22.25.73:8087/node:20-alpine
 
 FROM ${NODE_IMAGE} AS deps
 WORKDIR /app

docker/website/Dockerfile

@@ -1,4 +1,4 @@
-ARG NODE_IMAGE=171.22.25.73:8081/repository/docker-group/node:20-alpine
+ARG NODE_IMAGE=171.22.25.73:8087/node:20-alpine
 
 FROM ${NODE_IMAGE} AS deps
 WORKDIR /app