From 5d6a4d8689611145c39c4210f4c46a90c4c6f8fc Mon Sep 17 00:00:00 2001 From: continuist Date: Sat, 28 Jun 2025 23:30:36 -0400 Subject: [PATCH] Try to fix CORS issue --- registry/nginx.conf | 32 +++++++++++++++----------------- 1 file changed, 15 insertions(+), 17 deletions(-) diff --git a/registry/nginx.conf b/registry/nginx.conf index 3596ba1..78dfbab 100644 --- a/registry/nginx.conf +++ b/registry/nginx.conf @@ -20,7 +20,20 @@ http { ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; - # Block all non-GET requests to public endpoints + # Allow registry UI to access registry API without authentication + location /v2/_catalog { + proxy_pass https://registry_api; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_connect_timeout 30s; + proxy_send_timeout 30s; + proxy_read_timeout 30s; + proxy_ssl_verify off; + } + + # Public read access for specific registry operations location ~ ^/v2/([^/]+)/manifests/ { limit_except GET { deny all; @@ -66,22 +79,7 @@ http { proxy_ssl_verify off; } - location /v2/_catalog { - limit_except GET { - deny all; - } - proxy_pass https://registry_api; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_connect_timeout 30s; - proxy_send_timeout 30s; - proxy_read_timeout 30s; - proxy_ssl_verify off; - } - - # Require authentication for all other registry operations + # Require authentication for all other registry operations (push, delete, etc.) location /v2/ { auth_basic "Registry Realm"; auth_basic_user_file /etc/nginx/auth/auth.htpasswd;