# Auth-required pushes on 4443
:4443 {
  tls /etc/certs/registry.crt /etc/certs/registry.key
  log

  # require auth on writes
  @writes method PUT POST PATCH DELETE
  basic_auth @writes {
    registry-user {env.REGISTRY_PASSWORD_HASH}
  }

  # also require auth on the /v2/ ping so Docker sends creds
  @v2ping {
    path /v2/
    method GET
  }
  basic_auth @v2ping {
    registry-user {env.REGISTRY_PASSWORD_HASH}
  }

  reverse_proxy /v2/* registry:5000
}


# TODO: Add Option B: Let's Encrypt certificates (Domain name)