From 99ea6cf1d84aa3640434881d71a1f3f40a48f427 Mon Sep 17 00:00:00 2001 From: Joxit Date: Sun, 1 Nov 2020 23:02:16 +0100 Subject: [PATCH] docs: add new example ui as proxy with read-only right --- CONTRIBUTORS.md | 5 +- README.md | 1 + examples/README.md | 4 +- examples/read-only-auth/README.md | 10 ++++ examples/read-only-auth/docker-compose.yml | 27 ++++++++++ examples/read-only-auth/nginx.conf | 55 +++++++++++++++++++++ examples/read-only-auth/read-only.htpasswd | 2 + examples/read-only-auth/read-write.htpasswd | 1 + examples/read-only-auth/registry.yml | 21 ++++++++ 9 files changed, 122 insertions(+), 4 deletions(-) create mode 100644 examples/read-only-auth/README.md create mode 100644 examples/read-only-auth/docker-compose.yml create mode 100644 examples/read-only-auth/nginx.conf create mode 100644 examples/read-only-auth/read-only.htpasswd create mode 100644 examples/read-only-auth/read-write.htpasswd create mode 100644 examples/read-only-auth/registry.yml diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index cb9804c..dc71c56 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -28,11 +28,10 @@ - [@wuyue92tree](https://github.com/wuyue92tree) - Giovanni Toraldo [@gionn](https://github.com/gionn) - [@marcusblake](https://github.com/marcusblake) -- Dario [@pidario](https://github.com/pidario) +- Dario Piombo [@pidario](https://github.com/pidario) - Jernej K. [@Cvetk0](https://github.com/Cvetk0) - Cristian Posoiu [@cr1st1p](https://github.com/cr1st1p) - Sepp Zuther [@Herr-Sepp](https://github.com/Herr-Sepp) - Tomas Hulata [@tombokombo](https://github.com/tombokombo) - Ben Jackson [@bjj](https://github.com/bjj) -- 三十文 [@xfduan](https://github.com/xfduan) -- Dario Piombo [@pidario](https://github.com/pidario) \ No newline at end of file +- 三十文 [@xfduan](https://github.com/xfduan) \ No newline at end of file diff --git a/README.md b/README.md index 74e65f1..665ce99 100644 --- a/README.md +++ b/README.md @@ -261,3 +261,4 @@ check out the [Electron](examples/electron/README.md) standalone application. - [Add custom headers bases on environment variable and/or file when the ui is used as proxy](https://github.com/Joxit/docker-registry-ui/tree/master/examples/proxy-headers) ([#89](https://github.com/Joxit/docker-registry-ui/pull/89)) - [UI showing same sha256 content digest for all tags + Delete is not working](https://github.com/Joxit/docker-registry-ui/tree/master/examples/issue-116) ([#116](https://github.com/Joxit/docker-registry-ui/issues/116)) - [Electron-based Standalone Application](https://github.com/Joxit/docker-registry-ui/tree/master/examples/electron) ([#129](https://github.com/Joxit/docker-registry-ui/pull/129)) +- [Use docker-registry-ui as proxy with read-only right](https://github.com/Joxit/docker-registry-ui/tree/master/examples/read-only-auth) ([#47](https://github.com/Joxit/docker-registry-ui/issues/47)) diff --git a/examples/README.md b/examples/README.md index 2e0e408..fef2eaa 100644 --- a/examples/README.md +++ b/examples/README.md @@ -8,4 +8,6 @@ - [Use docker-registry-ui with HTTPS](https://github.com/Joxit/docker-registry-ui/tree/master/examples/issue-20) ([#20](https://github.com/Joxit/docker-registry-ui/issues/20)) - [Unable to push image when docker-registry-ui is used as a proxy on non 80 port](https://github.com/Joxit/docker-registry-ui/tree/master/examples/issue-88) ([#88](https://github.com/Joxit/docker-registry-ui/issues/88)) - [Add custom headers bases on environment variable and/or file when the ui is used as proxy](https://github.com/Joxit/docker-registry-ui/tree/master/examples/proxy-headers) ([#89](https://github.com/Joxit/docker-registry-ui/pull/89)) -- [UI showing same sha256 content digest for all tags + Delete is not working](https://github.com/Joxit/docker-registry-ui/tree/master/examples/issue-116) ([#116](https://github.com/Joxit/docker-registry-ui/issues/116)) \ No newline at end of file +- [UI showing same sha256 content digest for all tags + Delete is not working](https://github.com/Joxit/docker-registry-ui/tree/master/examples/issue-116) ([#116](https://github.com/Joxit/docker-registry-ui/issues/116)) +- [Electron-based Standalone Application](https://github.com/Joxit/docker-registry-ui/tree/master/examples/electron) ([#129](https://github.com/Joxit/docker-registry-ui/pull/129)) +- [Use docker-registry-ui as proxy with read-only right](https://github.com/Joxit/docker-registry-ui/tree/master/examples/read-only-auth) ([#47](https://github.com/Joxit/docker-registry-ui/issues/47)) \ No newline at end of file diff --git a/examples/read-only-auth/README.md b/examples/read-only-auth/README.md new file mode 100644 index 0000000..0e5083f --- /dev/null +++ b/examples/read-only-auth/README.md @@ -0,0 +1,10 @@ +# Docker registry with read only access + +This is the configuration for a docker registry UI using `REGISTRY_URL` (as a proxy) with read only access to the registry. + +There are two htpasswd files. `read-write.htpasswd` a read and write access to the registry and `read-only.htpasswd` for a read only access. + +All users in `read-only.htpasswd` should be in `read-write.htpasswd`. + +Read only user: login: `read` password: `regisrty`. +Read and write user: login: `write` password: `regisrty`. diff --git a/examples/read-only-auth/docker-compose.yml b/examples/read-only-auth/docker-compose.yml new file mode 100644 index 0000000..b5bb4eb --- /dev/null +++ b/examples/read-only-auth/docker-compose.yml @@ -0,0 +1,27 @@ +version: '2.0' +services: + registry: + image: registry:2.7 + volumes: + - ./registry-data:/var/lib/registry + - ./registry.yml:/etc/docker/registry/config.yml + networks: + - registry-ui-net + + ui: + image: joxit/docker-registry-ui:static + ports: + - 80:80 + environment: + - REGISTRY_TITLE=My Private Docker Registry + - REGISTRY_URL=http://registry:5000 + volumes: + - ./nginx.conf:/etc/nginx/conf.d/default.conf + - ./read-write.htpasswd:/etc/nginx/auth/read-write.htpasswd:ro + - ./read-only.htpasswd:/etc/nginx/auth/read-only.htpasswd + depends_on: + - registry + networks: + - registry-ui-net +networks: + registry-ui-net: \ No newline at end of file diff --git a/examples/read-only-auth/nginx.conf b/examples/read-only-auth/nginx.conf new file mode 100644 index 0000000..c2da71c --- /dev/null +++ b/examples/read-only-auth/nginx.conf @@ -0,0 +1,55 @@ +server { + listen 80; + server_name localhost; +#! resolver 127.0.0.11; # This is for docker container name resolver + #charset koi8-r; + #access_log /var/log/nginx/host.access.log main; + + # disable any limits to avoid HTTP 413 for large image uploads + client_max_body_size 0; + + # required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486) + chunked_transfer_encoding on; + # required for strict SNI checking: see Issue #70 (https://github.com/Joxit/docker-registry-ui/issues/70) + proxy_ssl_server_name on; + proxy_buffering off; + proxy_ignore_headers "X-Accel-Buffering"; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + location /v2 { + # Do not allow connections from docker 1.5 and earlier + # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents + if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) { + return 404; + } + # To add basic authentication to v2 use auth_basic setting. + auth_basic "Registry realm"; + auth_basic_user_file /etc/nginx/auth/read-write.htpasswd; + # For requests that *aren't* a PUT, POST, or DELETE + limit_except PUT POST DELETE { + auth_basic_user_file /etc/nginx/auth/read-only.htpasswd; + } + + proxy_pass http://registry:5000; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} diff --git a/examples/read-only-auth/read-only.htpasswd b/examples/read-only-auth/read-only.htpasswd new file mode 100644 index 0000000..926ad04 --- /dev/null +++ b/examples/read-only-auth/read-only.htpasswd @@ -0,0 +1,2 @@ +read:$2y$05$NHpWy4HuCM8Ol2wZJsf6/.cJtGgv61jWzHTCYt/WntzRLDse1IuVO +write:$2y$05$aqLmS1hXojRnubpSN4aVDeZ8wLhJtmQr4v0NiZl4KHUHXhDVnyoQm diff --git a/examples/read-only-auth/read-write.htpasswd b/examples/read-only-auth/read-write.htpasswd new file mode 100644 index 0000000..b93f088 --- /dev/null +++ b/examples/read-only-auth/read-write.htpasswd @@ -0,0 +1 @@ +write:$2y$05$aqLmS1hXojRnubpSN4aVDeZ8wLhJtmQr4v0NiZl4KHUHXhDVnyoQm diff --git a/examples/read-only-auth/registry.yml b/examples/read-only-auth/registry.yml new file mode 100644 index 0000000..7db41ba --- /dev/null +++ b/examples/read-only-auth/registry.yml @@ -0,0 +1,21 @@ +version: 0.1 +log: + fields: + service: registry +storage: + delete: + enabled: true + cache: + blobdescriptor: inmemory + filesystem: + rootdirectory: /var/lib/registry +http: + addr: :5000 + headers: + X-Content-Type-Options: [nosniff] + Access-Control-Allow-Origin: ['http://localhost'] + Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE'] + Access-Control-Allow-Headers: ['Authorization', 'Accept'] + Access-Control-Max-Age: [1728000] + Access-Control-Allow-Credentials: [true] + Access-Control-Expose-Headers: ['Docker-Content-Digest']