Require authentication for writes to the registry

registry/docker-compose.yml

@@ -1,11 +1,8 @@
 services:
   registry:
     image: registry:2
-    ports:
-      - "5000:5000"
     volumes:
       - /opt/APP_NAME/registry/config.yml:/etc/docker/registry/config.yml:ro
-      - /etc/registry/auth/auth.htpasswd:/etc/docker/registry/auth/auth.htpasswd:ro
       - /etc/ssl/registry/registry.crt:/etc/docker/registry/ssl/registry.crt:ro
       - /etc/ssl/registry/registry.key:/etc/docker/registry/ssl/registry.key:ro
       - registry_data:/var/lib/registry

registry/nginx.conf

@@ -20,8 +20,13 @@ http {
         ssl_protocols TLSv1.2 TLSv1.3;
         ssl_ciphers HIGH:!aNULL:!MD5;
 
-        # Public access for all registry API requests (temporary for testing)
+        # Public read access for all GET requests to registry API
         location /v2/ {
+            limit_except GET {
+                auth_basic "Registry Realm";
+                auth_basic_user_file /etc/nginx/auth/auth.htpasswd;
+            }
+            
             proxy_pass https://registry_api;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;