Improve security #5

Docker_Registry_Install_Guide.md

@@ -42,7 +42,7 @@ This guide covers setting up a rootless Docker Registry v2 with host TLS reverse
 
 ```bash
 # Install Podman and related tools
-sudo apt install -y podman slirp4netns fuse-overlayfs
+sudo apt install -y podman slirp4netns fuse-overlayfs nginxImprov
 
 # Verify installation
 podman --version
@@ -199,6 +199,7 @@ access_log /var/log/registry-proxy/access.log;
 error_log  /var/log/registry-proxy/error.log;
 
 http {
+  server_tokens off;
   limit_req_zone $binary_remote_addr zone=reg_read:10m rate=10r/s;
   limit_req_zone $binary_remote_addr zone=reg_write:10m rate=5r/s;
   client_max_body_size 2g;
@@ -225,13 +226,13 @@ http {
     ssl_certificate_key /etc/registry/certs/private/registry.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-    if ($request_method ~* ^(PUT|PATCH|POST|DELETE)$) { return 403; }
     location /v2/ {
       limit_req zone=reg_read burst=20 nodelay;
       proxy_pass http://reg;
       proxy_set_header Host $host;
       proxy_set_header X-Forwarded-Proto https;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      limit_except GET HEAD { return 403; }
     }
   }