Route all package mirrors through local Nexus

Point Docker, NuGet, and npm pulls at the Nexus group repos on
171.22.25.73:8081 for both CI/CD and local builds, so the pipeline and
developers no longer depend on Docker Hub, MCR, nuget.org, or npmjs.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

.gitea/workflows/ci-cd.yml

@@ -17,13 +17,13 @@ concurrency:
 #   ubuntu-latest:docker://node:20-alpine   ← CI jobs run in real Docker containers
 #   self-hosted:host                        ← deploy runs directly on the server
 #
-# All images are pulled from local Nexus mirrors (fast, no internet):
-#   Docker Hub → http://171.22.25.73:5000   (docker-hub-proxy repo)
-#   MCR        → http://171.22.25.73:5002   (mcr-proxy repo)
+# All images/packages served from local Nexus at 171.22.25.73:8081:
+#   Docker images → 171.22.25.73:8081           (docker-group: Docker Hub + MCR)
+#   NuGet         → http://171.22.25.73:8081/repository/nuget-group/
+#   npm           → http://171.22.25.73:8081/repository/npm-group/
 #
-# mirror hostname → host-gateway (docker bridge IP 172.17.0.1) — used for:
-#   NuGet  → http://mirror:8081/repository/nuget-group/
-#   npm    → http://mirror:8081/repository/npm-group/
+# The runner host is 171.22.25.73, so Nexus is always reachable directly.
+# Daemon must have: "insecure-registries": ["171.22.25.73:8081"]
 # ─────────────────────────────────────────────────────────────────────────────
 
 jobs:
@@ -32,13 +32,12 @@ jobs:
     name: "CI · API (dotnet build + test)"
     runs-on: ubuntu-latest
     container:
-      image: 171.22.25.73:5002/dotnet/sdk:10.0
+      image: 171.22.25.73:8081/repository/docker-group/dotnet/sdk:10.0
       options: >-
         --add-host=gitea:host-gateway
-        --add-host=mirror:host-gateway
     services:
       postgres:
-        image: docker-mirror.liara.ir/library/postgres:16-alpine
+        image: 171.22.25.73:8081/repository/docker-group/postgres:16-alpine
         env:
           POSTGRES_DB: meezi_test
           POSTGRES_USER: meezi
@@ -49,7 +48,7 @@ jobs:
           --health-timeout 5s
           --health-retries 10
       redis:
-        image: docker-mirror.liara.ir/library/redis:7-alpine
+        image: 171.22.25.73:8081/repository/docker-group/redis:7-alpine
         options: >-
           --health-cmd "redis-cli ping"
           --health-interval 5s
@@ -74,8 +73,10 @@ jobs:
           <configuration>
             <packageSources>
               <clear />
-              <add key="nexus" value="http://mirror:8081/repository/nuget-group/index.json"
-                   protocolVersion="3" allowInsecureConnections="true" />
+              <add key="nexus"
+                   value="http://171.22.25.73:8081/repository/nuget-group/index.json"
+                   protocolVersion="3"
+                   allowInsecureConnections="true" />
             </packageSources>
           </configuration>
           EOF
@@ -98,10 +99,9 @@ jobs:
     name: "CI · Admin API (dotnet build)"
     runs-on: ubuntu-latest
     container:
-      image: 171.22.25.73:5002/dotnet/sdk:10.0
+      image: 171.22.25.73:8081/repository/docker-group/dotnet/sdk:10.0
       options: >-
         --add-host=gitea:host-gateway
-        --add-host=mirror:host-gateway
     steps:
       - name: Checkout
         env:
@@ -121,8 +121,10 @@ jobs:
           <configuration>
             <packageSources>
               <clear />
-              <add key="nexus" value="http://mirror:8081/repository/nuget-group/index.json"
-                   protocolVersion="3" allowInsecureConnections="true" />
+              <add key="nexus"
+                   value="http://171.22.25.73:8081/repository/nuget-group/index.json"
+                   protocolVersion="3"
+                   allowInsecureConnections="true" />
             </packageSources>
           </configuration>
           EOF
@@ -139,10 +141,9 @@ jobs:
     name: "CI · Dashboard (tsc)"
     runs-on: ubuntu-latest
     container:
-      image: 171.22.25.73:5000/library/node:20-alpine
+      image: 171.22.25.73:8081/repository/docker-group/node:20-alpine
       options: >-
         --add-host=gitea:host-gateway
-        --add-host=mirror:host-gateway
     steps:
       - name: Checkout
         env:
@@ -158,7 +159,7 @@ jobs:
 
       - name: Install dependencies
         working-directory: web/dashboard
-        run: npm install --legacy-peer-deps --ignore-scripts --registry http://mirror:8081/repository/npm-group/
+        run: npm install --legacy-peer-deps --ignore-scripts --registry http://171.22.25.73:8081/repository/npm-group/
 
       - name: TypeScript check
         working-directory: web/dashboard
@@ -170,10 +171,9 @@ jobs:
     name: "CI · Admin Web (tsc)"
     runs-on: ubuntu-latest
     container:
-      image: 171.22.25.73:5000/library/node:20-alpine
+      image: 171.22.25.73:8081/repository/docker-group/node:20-alpine
       options: >-
         --add-host=gitea:host-gateway
-        --add-host=mirror:host-gateway
     steps:
       - name: Checkout
         env:
@@ -189,7 +189,7 @@ jobs:
 
       - name: Install dependencies
         working-directory: web/admin
-        run: npm install --legacy-peer-deps --ignore-scripts --registry http://mirror:8081/repository/npm-group/
+        run: npm install --legacy-peer-deps --ignore-scripts --registry http://171.22.25.73:8081/repository/npm-group/
 
       - name: TypeScript check
         working-directory: web/admin
@@ -201,10 +201,9 @@ jobs:
     name: "CI · Website (tsc)"
     runs-on: ubuntu-latest
     container:
-      image: 171.22.25.73:5000/library/node:20-alpine
+      image: 171.22.25.73:8081/repository/docker-group/node:20-alpine
       options: >-
         --add-host=gitea:host-gateway
-        --add-host=mirror:host-gateway
     steps:
       - name: Checkout
         env:
@@ -220,7 +219,7 @@ jobs:
 
       - name: Install dependencies
         working-directory: web/website
-        run: npm install --legacy-peer-deps --ignore-scripts --registry http://mirror:8081/repository/npm-group/
+        run: npm install --legacy-peer-deps --ignore-scripts --registry http://171.22.25.73:8081/repository/npm-group/
 
       - name: TypeScript check
         working-directory: web/website
@@ -232,10 +231,9 @@ jobs:
     name: "CI · Koja (tsc)"
     runs-on: ubuntu-latest
     container:
-      image: 171.22.25.73:5000/library/node:20-alpine
+      image: 171.22.25.73:8081/repository/docker-group/node:20-alpine
       options: >-
         --add-host=gitea:host-gateway
-        --add-host=mirror:host-gateway
     steps:
       - name: Checkout
         env:
@@ -251,7 +249,7 @@ jobs:
 
       - name: Install dependencies
         working-directory: web/koja
-        run: npm install --legacy-peer-deps --ignore-scripts --registry http://mirror:8081/repository/npm-group/
+        run: npm install --legacy-peer-deps --ignore-scripts --registry http://171.22.25.73:8081/repository/npm-group/
 
       - name: TypeScript check
         working-directory: web/koja

docker-compose.admin.yml

@@ -16,8 +16,8 @@ services:
       extra_hosts:
         - "mirror:host-gateway"
       args:
-        DOTNET_SDK_IMAGE: ${DOTNET_SDK_IMAGE:-mcr-mirror.liara.ir/dotnet/sdk:10.0}
-        DOTNET_ASPNET_IMAGE: ${DOTNET_ASPNET_IMAGE:-mcr-mirror.liara.ir/dotnet/aspnet:10.0}
+        DOTNET_SDK_IMAGE: ${DOTNET_SDK_IMAGE:-171.22.25.73:8081/repository/docker-group/dotnet/sdk:10.0}
+        DOTNET_ASPNET_IMAGE: ${DOTNET_ASPNET_IMAGE:-171.22.25.73:8081/repository/docker-group/dotnet/aspnet:10.0}
     container_name: meezi-admin-api
     restart: unless-stopped
     depends_on:
@@ -52,8 +52,8 @@ services:
       extra_hosts:
         - "mirror:host-gateway"
       args:
-        NODE_IMAGE: ${NODE_IMAGE:-docker-mirror.liara.ir/library/node:20-alpine}
-        NPM_REGISTRY: ${NPM_REGISTRY:-https://package-mirror.liara.ir/repository/npm/}
+        NODE_IMAGE: ${NODE_IMAGE:-171.22.25.73:8081/repository/docker-group/node:20-alpine}
+        NPM_REGISTRY: ${NPM_REGISTRY:-http://171.22.25.73:8081/repository/npm-group/}
         NEXT_PUBLIC_ADMIN_API_URL: ${NEXT_PUBLIC_ADMIN_API_URL:-http://localhost:5081}
     container_name: meezi-admin-web
     restart: unless-stopped

docker-compose.yml

@@ -1,5 +1,12 @@
 # Meezi — main stack (Postgres, Redis, API, Dashboard, Website, Koja)
 #
+# All images/packages served from local Nexus at 171.22.25.73:8081
+#   Docker images → 171.22.25.73:8081  (docker-group: proxies Docker Hub + MCR)
+#   NuGet          → http://171.22.25.73:8081/repository/nuget-group/
+#   npm            → http://171.22.25.73:8081/repository/npm-group/
+#
+# Docker Desktop: add "insecure-registries": ["171.22.25.73:8081"] to daemon.json
+#
 # Local dev:
 #   cp .env.example .env
 #   docker compose up -d --build
@@ -18,7 +25,7 @@
 
 services:
   postgres:
-    image: ${POSTGRES_IMAGE:-docker-mirror.liara.ir/library/postgres:16-alpine}
+    image: ${POSTGRES_IMAGE:-171.22.25.73:8081/repository/docker-group/postgres:16-alpine}
     container_name: meezi-db
     restart: unless-stopped
     environment:
@@ -36,7 +43,7 @@ services:
       retries: 10
 
   redis:
-    image: ${REDIS_IMAGE:-docker-mirror.liara.ir/library/redis:7-alpine}
+    image: ${REDIS_IMAGE:-171.22.25.73:8081/repository/docker-group/redis:7-alpine}
     container_name: meezi-redis
     restart: unless-stopped
     ports:
@@ -57,8 +64,8 @@ services:
       extra_hosts:
         - "mirror:host-gateway"
       args:
-        DOTNET_SDK_IMAGE: ${DOTNET_SDK_IMAGE:-mcr-mirror.liara.ir/dotnet/sdk:10.0}
-        DOTNET_ASPNET_IMAGE: ${DOTNET_ASPNET_IMAGE:-mcr-mirror.liara.ir/dotnet/aspnet:10.0}
+        DOTNET_SDK_IMAGE: ${DOTNET_SDK_IMAGE:-171.22.25.73:8081/repository/docker-group/dotnet/sdk:10.0}
+        DOTNET_ASPNET_IMAGE: ${DOTNET_ASPNET_IMAGE:-171.22.25.73:8081/repository/docker-group/dotnet/aspnet:10.0}
     container_name: meezi-api
     restart: unless-stopped
     depends_on:
@@ -103,8 +110,8 @@ services:
       extra_hosts:
         - "mirror:host-gateway"
       args:
-        NODE_IMAGE: ${NODE_IMAGE:-docker-mirror.liara.ir/library/node:20-alpine}
-        NPM_REGISTRY: ${NPM_REGISTRY:-https://package-mirror.liara.ir/repository/npm/}
+        NODE_IMAGE: ${NODE_IMAGE:-171.22.25.73:8081/repository/docker-group/node:20-alpine}
+        NPM_REGISTRY: ${NPM_REGISTRY:-http://171.22.25.73:8081/repository/npm-group/}
         NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL:-http://localhost:5080}
     container_name: meezi-web
     restart: unless-stopped
@@ -124,8 +131,8 @@ services:
       extra_hosts:
         - "mirror:host-gateway"
       args:
-        NODE_IMAGE: ${NODE_IMAGE:-docker-mirror.liara.ir/library/node:20-alpine}
-        NPM_REGISTRY: ${NPM_REGISTRY:-https://package-mirror.liara.ir/repository/npm/}
+        NODE_IMAGE: ${NODE_IMAGE:-171.22.25.73:8081/repository/docker-group/node:20-alpine}
+        NPM_REGISTRY: ${NPM_REGISTRY:-http://171.22.25.73:8081/repository/npm-group/}
         MEEZI_API_URL: http://api:8080
         NEXT_PUBLIC_SITE_URL: ${NEXT_PUBLIC_SITE_URL:-http://localhost:3010}
     container_name: meezi-website
@@ -148,8 +155,8 @@ services:
       extra_hosts:
         - "mirror:host-gateway"
       args:
-        NODE_IMAGE: ${NODE_IMAGE:-docker-mirror.liara.ir/library/node:20-alpine}
-        NPM_REGISTRY: ${NPM_REGISTRY:-https://package-mirror.liara.ir/repository/npm/}
+        NODE_IMAGE: ${NODE_IMAGE:-171.22.25.73:8081/repository/docker-group/node:20-alpine}
+        NPM_REGISTRY: ${NPM_REGISTRY:-http://171.22.25.73:8081/repository/npm-group/}
         NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL:-http://localhost:5080}
         NEXT_PUBLIC_SITE_URL: ${NEXT_PUBLIC_KOJA_URL:-http://localhost:3103}
     container_name: meezi-koja

docker/admin-api/Dockerfile

@@ -1,11 +1,11 @@
-ARG DOTNET_SDK_IMAGE=mcr.microsoft.com/dotnet/sdk:10.0
-ARG DOTNET_ASPNET_IMAGE=mcr.microsoft.com/dotnet/aspnet:10.0
+ARG DOTNET_SDK_IMAGE=171.22.25.73:8081/repository/docker-group/dotnet/sdk:10.0
+ARG DOTNET_ASPNET_IMAGE=171.22.25.73:8081/repository/docker-group/dotnet/aspnet:10.0
 
 FROM ${DOTNET_SDK_IMAGE} AS build
 WORKDIR /src
 
 COPY global.json Directory.Build.props Directory.Packages.props ./
-# nuget.docker.config points to local Nexus mirror (mirror:8081 via extra_hosts in compose)
+# nuget.docker.config points to local Nexus mirror (171.22.25.73:8081)
 COPY nuget.docker.config ./nuget.config
 
 COPY src/Meezi.Shared/Meezi.Shared.csproj src/Meezi.Shared/

docker/admin-web/Dockerfile

@@ -1,9 +1,9 @@
-ARG NODE_IMAGE=docker-mirror.liara.ir/library/node:20-alpine
+ARG NODE_IMAGE=171.22.25.73:8081/repository/docker-group/node:20-alpine
 
 FROM ${NODE_IMAGE} AS deps
 WORKDIR /app
 COPY web/admin/package*.json ./
-ARG NPM_REGISTRY=https://package-mirror.liara.ir/repository/npm/
+ARG NPM_REGISTRY=http://171.22.25.73:8081/repository/npm-group/
 # Install deps then ensure Alpine (musl) SWC binary is present
 RUN npm install --legacy-peer-deps --ignore-scripts --registry ${NPM_REGISTRY} \
     && NEXT_VER=$(node -e "process.stdout.write(require('./node_modules/next/package.json').version)") \

docker/api/Dockerfile

@@ -1,11 +1,11 @@
-ARG DOTNET_SDK_IMAGE=mcr.microsoft.com/dotnet/sdk:10.0
-ARG DOTNET_ASPNET_IMAGE=mcr.microsoft.com/dotnet/aspnet:10.0
+ARG DOTNET_SDK_IMAGE=171.22.25.73:8081/repository/docker-group/dotnet/sdk:10.0
+ARG DOTNET_ASPNET_IMAGE=171.22.25.73:8081/repository/docker-group/dotnet/aspnet:10.0
 
 FROM ${DOTNET_SDK_IMAGE} AS build
 WORKDIR /src
 
 COPY global.json Directory.Build.props Directory.Packages.props ./
-# nuget.docker.config points to local Nexus mirror (mirror:8081 via extra_hosts in compose)
+# nuget.docker.config points to local Nexus mirror (171.22.25.73:8081)
 COPY nuget.docker.config ./nuget.config
 
 COPY src/Meezi.Shared/Meezi.Shared.csproj src/Meezi.Shared/

docker/daemon-registry-mirror.example.json

@@ -1,6 +1,8 @@
 {
+  "insecure-registries": [
+    "171.22.25.73:8081"
+  ],
   "registry-mirrors": [
-    "https://docker.iranrepo.ir",
-    "https://registry.docker.ir"
+    "http://171.22.25.73:8081"
   ]
 }

docker/koja/Dockerfile

@@ -1,9 +1,9 @@
-ARG NODE_IMAGE=docker-mirror.liara.ir/library/node:20-alpine
+ARG NODE_IMAGE=171.22.25.73:8081/repository/docker-group/node:20-alpine
 
 FROM ${NODE_IMAGE} AS deps
 WORKDIR /app
 COPY web/koja/package*.json ./
-ARG NPM_REGISTRY=https://package-mirror.liara.ir/repository/npm/
+ARG NPM_REGISTRY=http://171.22.25.73:8081/repository/npm-group/
 RUN npm install --legacy-peer-deps --ignore-scripts --registry ${NPM_REGISTRY}
 
 FROM ${NODE_IMAGE} AS builder

docker/web/Dockerfile

@@ -1,9 +1,9 @@
-ARG NODE_IMAGE=docker-mirror.liara.ir/library/node:20-alpine
+ARG NODE_IMAGE=171.22.25.73:8081/repository/docker-group/node:20-alpine
 
 FROM ${NODE_IMAGE} AS deps
 WORKDIR /app
 COPY web/dashboard/package*.json ./
-ARG NPM_REGISTRY=https://package-mirror.liara.ir/repository/npm/
+ARG NPM_REGISTRY=http://171.22.25.73:8081/repository/npm-group/
 RUN npm install --legacy-peer-deps --ignore-scripts --registry ${NPM_REGISTRY}
 
 FROM ${NODE_IMAGE} AS builder

docker/website/Dockerfile

@@ -1,9 +1,9 @@
-ARG NODE_IMAGE=docker-mirror.liara.ir/library/node:20-alpine
+ARG NODE_IMAGE=171.22.25.73:8081/repository/docker-group/node:20-alpine
 
 FROM ${NODE_IMAGE} AS deps
 WORKDIR /app
 COPY web/website/package*.json ./
-ARG NPM_REGISTRY=https://package-mirror.liara.ir/repository/npm/
+ARG NPM_REGISTRY=http://171.22.25.73:8081/repository/npm-group/
 # Install deps then ensure Alpine (musl) SWC binary is present
 RUN npm install --legacy-peer-deps --ignore-scripts --registry ${NPM_REGISTRY} \
     && NEXT_VER=$(node -e "process.stdout.write(require('./node_modules/next/package.json').version)") \

nuget.docker.config

@@ -1,10 +1,12 @@
 <?xml version="1.0" encoding="utf-8"?>
-<!-- NuGet config for Docker builds — routes restores through Liara NuGet mirror. -->
+<!-- NuGet config for Docker builds — routes restores through local Nexus mirror. -->
 <configuration>
   <packageSources>
     <clear />
-    <add key="liara-nuget" value="https://package-mirror.liara.ir/repository/nuget/index.json"
-         protocolVersion="3" />
+    <add key="nexus"
+         value="http://171.22.25.73:8081/repository/nuget-group/index.json"
+         protocolVersion="3"
+         allowInsecureConnections="true" />
   </packageSources>
   <config>
     <add key="http_retry_count" value="8" />