devteam/sharenet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Improve security #5
Some checks are pending
CI/CD Pipeline (Fully Isolated DinD) / Run Tests (DinD) (push) Waiting to run
Details
CI/CD Pipeline (Fully Isolated DinD) / Build and Push Docker Images (DinD) (push) Blocked by required conditions
Details
CI/CD Pipeline (Fully Isolated DinD) / Deploy to Production (push) Blocked by required conditions
Details

Browse source
This commit is contained in:
continuist 2025-08-24 14:43:26 -04:00
parent 4508b746cb
commit 147ead4546
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
Docker_Registry_Install_Guide.md
View file

@ -42,7 +42,7 @@ This guide covers setting up a rootless Docker Registry v2 with host TLS reverse
```bash
# Install Podman and related tools
sudo apt install -y podman slirp4netns fuse-overlayfs
sudo apt install -y podman slirp4netns fuse-overlayfs nginxImprov
# Verify installation
podman --version
@ -199,6 +199,7 @@ access_log /var/log/registry-proxy/access.log;
error_log /var/log/registry-proxy/error.log;
http {
server_tokens off;
limit_req_zone $binary_remote_addr zone=reg_read:10m rate=10r/s;
limit_req_zone $binary_remote_addr zone=reg_write:10m rate=5r/s;
client_max_body_size 2g;
@ -225,13 +226,13 @@ http {
ssl_certificate_key /etc/registry/certs/private/registry.key;
ssl_protocols TLSv1.2 TLSv1.3;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
if ($request_method ~* ^(PUT|PATCH|POST|DELETE)$) { return 403; }
location /v2/ {
limit_req zone=reg_read burst=20 nodelay;
proxy_pass http://reg;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
limit_except GET HEAD { return 403; }
}
}