Remove unnecessary secret field in registry config.yml for public read access
Some checks are pending
Some checks are pending
This commit is contained in:
parent
fdaec65250
commit
81c70f85cb
1 changed files with 14 additions and 4 deletions
|
@ -453,9 +453,7 @@ http:
|
||||||
X-Content-Type-Options: [nosniff]
|
X-Content-Type-Options: [nosniff]
|
||||||
X-Frame-Options: [DENY]
|
X-Frame-Options: [DENY]
|
||||||
X-XSS-Protection: [1; mode=block]
|
X-XSS-Protection: [1; mode=block]
|
||||||
# Enable public read access
|
# Public read access, authentication required for push
|
||||||
secret: "your-secret-key-here"
|
|
||||||
# Restrict write access to specific IPs
|
|
||||||
auth:
|
auth:
|
||||||
htpasswd:
|
htpasswd:
|
||||||
realm: basic-realm
|
realm: basic-realm
|
||||||
|
@ -468,10 +466,16 @@ health:
|
||||||
EOF
|
EOF
|
||||||
```
|
```
|
||||||
|
|
||||||
|
**What this configuration does:**
|
||||||
|
- **Public Read Access**: Anyone can pull images without authentication
|
||||||
|
- **Authenticated Push**: Only authenticated users can push images
|
||||||
|
- **Security Headers**: Protects against common web vulnerabilities
|
||||||
|
- **No Secret Key**: The `secret` field was unnecessary and has been removed
|
||||||
|
|
||||||
#### 4.3 Create Authentication File
|
#### 4.3 Create Authentication File
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Create htpasswd file for authentication
|
# Create htpasswd file for authentication (required for push operations)
|
||||||
mkdir -p /opt/registry/auth
|
mkdir -p /opt/registry/auth
|
||||||
htpasswd -Bbn push-user "$(openssl rand -base64 32)" > /opt/registry/auth.htpasswd
|
htpasswd -Bbn push-user "$(openssl rand -base64 32)" > /opt/registry/auth.htpasswd
|
||||||
|
|
||||||
|
@ -479,6 +483,12 @@ htpasswd -Bbn push-user "$(openssl rand -base64 32)" > /opt/registry/auth.htpass
|
||||||
htpasswd -Bbn read-user "$(openssl rand -base64 32)" >> /opt/registry/auth.htpasswd
|
htpasswd -Bbn read-user "$(openssl rand -base64 32)" >> /opt/registry/auth.htpasswd
|
||||||
```
|
```
|
||||||
|
|
||||||
|
**What this does**: Creates user credentials for registry authentication.
|
||||||
|
- `push-user`: Can push and pull images (used by CI/CD pipeline for deployments)
|
||||||
|
- `read-user`: Can only pull images (optional, for read-only access)
|
||||||
|
|
||||||
|
**Note**: Pull operations are public and don't require authentication, but push operations require these credentials.
|
||||||
|
|
||||||
#### 4.4 Create Docker Compose for Registry
|
#### 4.4 Create Docker Compose for Registry
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
|
|
Loading…
Add table
Reference in a new issue