devteam/sharenet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Try to fix the problem with the registry UI asking for authentication
Some checks are pending
CI/CD Pipeline / Test Backend (push) Waiting to run
Details
CI/CD Pipeline / Test Frontend (push) Waiting to run
Details
CI/CD Pipeline / Build and Push Docker Images (push) Blocked by required conditions
Details
CI/CD Pipeline / Deploy to Production (push) Blocked by required conditions
Details

Browse source
This commit is contained in:
continuist 2025-06-28 23:33:53 -04:00
parent 5d6a4d8689
commit 37d34813ee
1 changed files with 5 additions and 62 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

67
registry/nginx.conf
View file

@ -20,69 +20,12 @@ http {
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
# Allow registry UI to access registry API without authentication
location /v2/_catalog {
proxy_pass https://registry_api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 30s;
proxy_send_timeout 30s;
proxy_read_timeout 30s;
proxy_ssl_verify off;
}
# Public read access for specific registry operations
location ~ ^/v2/([^/]+)/manifests/ {
limit_except GET {
deny all;
}
proxy_pass https://registry_api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 30s;
proxy_send_timeout 30s;
proxy_read_timeout 30s;
proxy_ssl_verify off;
}
location ~ ^/v2/([^/]+)/blobs/ {
limit_except GET {
deny all;
}
proxy_pass https://registry_api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 30s;
proxy_send_timeout 30s;
proxy_read_timeout 30s;
proxy_ssl_verify off;
}
location ~ ^/v2/([^/]+)/tags/list {
limit_except GET {
deny all;
}
proxy_pass https://registry_api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 30s;
proxy_send_timeout 30s;
proxy_read_timeout 30s;
proxy_ssl_verify off;
}
# Require authentication for all other registry operations (push, delete, etc.)
# Public read access for all GET requests to registry API
location /v2/ {
auth_basic "Registry Realm";
auth_basic_user_file /etc/nginx/auth/auth.htpasswd;
limit_except GET {
auth_basic "Registry Realm";
auth_basic_user_file /etc/nginx/auth/auth.htpasswd;
}
proxy_pass https://registry_api;
proxy_set_header Host $host;