docs: document Port 443 connection issue and pipeline fix v2

Added a detailed session log explaining the root cause and resolution for pipeline failures due to "connection refused" on Port 443. Updated `.gitea/workflows/docker-publish.yaml` to configure BuildKit for HTTP and introduced a `socat` TCP proxy for internal registry access.

.gitea/workflows/docker-publish.yaml

@@ -94,12 +94,24 @@ jobs:
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
+        with:
+          config-inline: |
+            [registry."git.mo-code.at"]
+              http = true
+              insecure = true
 
-      # Pangolin-Bypass: Gitea direkt intern erreichbar machen (10.0.0.22:3000)
-      # Hintergrund: Ohne diesen Eintrag routet der Runner über Pangolin (git.mo-code.at),
-      # was bei großen Docker-Layern (70+ Sekunden Upload) mit 502 abbricht.
+      # Pangolin-Bypass: Gitea intern via HTTP erreichbar machen
+      # Problem: git.mo-code.at ist extern HTTPS (Pangolin), Gitea intern läuft HTTP auf Port 3000.
+      #   Alter Fix (/etc/hosts → 10.0.0.22) scheiterte: Docker versuchte HTTPS:443, Port geschlossen.
+      # Lösung: socat proxied lokalen Port 80 → 10.0.0.22:3000
+      #          buildkitd nutzt http=true (Port 80) → socat → Gitea:3000 (kein TLS nötig)
       - name: Registry intern auflösen (Pangolin-Bypass)
-        run: echo "10.0.0.22 git.mo-code.at" | sudo tee -a /etc/hosts
+        run: |
+          which socat || sudo apt-get install -y -q socat
+          echo "127.0.0.1 git.mo-code.at" | sudo tee -a /etc/hosts
+          sudo socat TCP4-LISTEN:80,fork,reuseaddr TCP4:10.0.0.22:3000 &
+          sleep 1
+          echo "✓ Proxy aktiv: git.mo-code.at:80 → 10.0.0.22:3000"
 
       - name: Log in to the Container registry
         uses: docker/login-action@v3