From 37d34813ee7cee2a7ccc606968c7dfe81361f4fd Mon Sep 17 00:00:00 2001
From: continuist <continuist02@gmail.com>
Date: Sat, 28 Jun 2025 23:33:53 -0400
Subject: [PATCH] Try to fix the problem with the registry UI asking for
 authentication

---
 registry/nginx.conf | 67 ++++-----------------------------------------
 1 file changed, 5 insertions(+), 62 deletions(-)

diff --git a/registry/nginx.conf b/registry/nginx.conf
index 78dfbab..0b8e4cf 100644
--- a/registry/nginx.conf
+++ b/registry/nginx.conf
@@ -20,69 +20,12 @@ http {
         ssl_protocols TLSv1.2 TLSv1.3;
         ssl_ciphers HIGH:!aNULL:!MD5;
 
-        # Allow registry UI to access registry API without authentication
-        location /v2/_catalog {
-            proxy_pass https://registry_api;
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_connect_timeout 30s;
-            proxy_send_timeout 30s;
-            proxy_read_timeout 30s;
-            proxy_ssl_verify off;
-        }
-
-        # Public read access for specific registry operations
-        location ~ ^/v2/([^/]+)/manifests/ {
-            limit_except GET {
-                deny all;
-            }
-            proxy_pass https://registry_api;
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_connect_timeout 30s;
-            proxy_send_timeout 30s;
-            proxy_read_timeout 30s;
-            proxy_ssl_verify off;
-        }
-
-        location ~ ^/v2/([^/]+)/blobs/ {
-            limit_except GET {
-                deny all;
-            }
-            proxy_pass https://registry_api;
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_connect_timeout 30s;
-            proxy_send_timeout 30s;
-            proxy_read_timeout 30s;
-            proxy_ssl_verify off;
-        }
-
-        location ~ ^/v2/([^/]+)/tags/list {
-            limit_except GET {
-                deny all;
-            }
-            proxy_pass https://registry_api;
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_connect_timeout 30s;
-            proxy_send_timeout 30s;
-            proxy_read_timeout 30s;
-            proxy_ssl_verify off;
-        }
-
-        # Require authentication for all other registry operations (push, delete, etc.)
+        # Public read access for all GET requests to registry API
         location /v2/ {
-            auth_basic "Registry Realm";
-            auth_basic_user_file /etc/nginx/auth/auth.htpasswd;
+            limit_except GET {
+                auth_basic "Registry Realm";
+                auth_basic_user_file /etc/nginx/auth/auth.htpasswd;
+            }
             
             proxy_pass https://registry_api;
             proxy_set_header Host $host;