docs: add new example ui as proxy with read-only right

2025-04-27 15:39:54 +03:00 · 2020-11-01 23:02:16 +01:00 · 2020-11-01 23:02:16 +01:00 · 99ea6cf1d8
commit 99ea6cf1d8
parent ccd349b7d5
9 changed files with 122 additions and 4 deletions
--- a/CONTRIBUTORS.md
+++ b/CONTRIBUTORS.md
@ -28,11 +28,10 @@
 - [@wuyue92tree](https://github.com/wuyue92tree)
 - Giovanni Toraldo [@gionn](https://github.com/gionn)
 - [@marcusblake](https://github.com/marcusblake)
- Dario [@pidario](https://github.com/pidario)
+- Dario Piombo [@pidario](https://github.com/pidario)
 - Jernej K. [@Cvetk0](https://github.com/Cvetk0)
 - Cristian Posoiu [@cr1st1p](https://github.com/cr1st1p)
 - Sepp Zuther [@Herr-Sepp](https://github.com/Herr-Sepp)
 - Tomas Hulata [@tombokombo](https://github.com/tombokombo)
 - Ben Jackson [@bjj](https://github.com/bjj)
 - 三十文 [@xfduan](https://github.com/xfduan)
 - Dario Piombo [@pidario](https://github.com/pidario)
--- a/README.md
+++ b/README.md
@ -261,3 +261,4 @@ check out the [Electron](examples/electron/README.md) standalone application.
 - [Add custom headers bases on environment variable and/or file when the ui is used as proxy](https://github.com/Joxit/docker-registry-ui/tree/master/examples/proxy-headers) ([#89](https://github.com/Joxit/docker-registry-ui/pull/89))
 - [UI showing same sha256 content digest for all tags + Delete is not working](https://github.com/Joxit/docker-registry-ui/tree/master/examples/issue-116) ([#116](https://github.com/Joxit/docker-registry-ui/issues/116))
 - [Electron-based Standalone Application](https://github.com/Joxit/docker-registry-ui/tree/master/examples/electron) ([#129](https://github.com/Joxit/docker-registry-ui/pull/129))
 - [Use docker-registry-ui as proxy with read-only right](https://github.com/Joxit/docker-registry-ui/tree/master/examples/read-only-auth) ([#47](https://github.com/Joxit/docker-registry-ui/issues/47))
--- a/examples/README.md
+++ b/examples/README.md
@ -9,3 +9,5 @@
 - [Unable to push image when docker-registry-ui is used as a proxy on non 80 port](https://github.com/Joxit/docker-registry-ui/tree/master/examples/issue-88) ([#88](https://github.com/Joxit/docker-registry-ui/issues/88))
 - [Add custom headers bases on environment variable and/or file when the ui is used as proxy](https://github.com/Joxit/docker-registry-ui/tree/master/examples/proxy-headers) ([#89](https://github.com/Joxit/docker-registry-ui/pull/89))
 - [UI showing same sha256 content digest for all tags + Delete is not working](https://github.com/Joxit/docker-registry-ui/tree/master/examples/issue-116) ([#116](https://github.com/Joxit/docker-registry-ui/issues/116))
 - [Electron-based Standalone Application](https://github.com/Joxit/docker-registry-ui/tree/master/examples/electron) ([#129](https://github.com/Joxit/docker-registry-ui/pull/129))
 - [Use docker-registry-ui as proxy with read-only right](https://github.com/Joxit/docker-registry-ui/tree/master/examples/read-only-auth) ([#47](https://github.com/Joxit/docker-registry-ui/issues/47))
--- a/examples/read-only-auth/README.md
+++ b/examples/read-only-auth/README.md
@ -0,0 +1,10 @@
 # Docker registry with read only access
 This is the configuration for a docker registry UI using `REGISTRY_URL` (as a proxy) with read only access to the registry.
 There are two htpasswd files. `read-write.htpasswd` a read and write access to the registry and `read-only.htpasswd` for a read only access.
 All users in `read-only.htpasswd` should be in `read-write.htpasswd`.
 Read only user: login: `read` password: `regisrty`.
 Read and write user: login: `write` password: `regisrty`.
--- a/examples/read-only-auth/docker-compose.yml
+++ b/examples/read-only-auth/docker-compose.yml
@ -0,0 +1,27 @@
 version: '2.0'
 services:
  registry:
    image: registry:2.7
    volumes:
      - ./registry-data:/var/lib/registry
      - ./registry.yml:/etc/docker/registry/config.yml
    networks:
      - registry-ui-net
  ui:
    image: joxit/docker-registry-ui:static
    ports:
      - 80:80
    environment:
      - REGISTRY_TITLE=My Private Docker Registry
      - REGISTRY_URL=http://registry:5000
    volumes:
      - ./nginx.conf:/etc/nginx/conf.d/default.conf
      - ./read-write.htpasswd:/etc/nginx/auth/read-write.htpasswd:ro
      - ./read-only.htpasswd:/etc/nginx/auth/read-only.htpasswd
    depends_on:
      - registry
    networks:
      - registry-ui-net
 networks:
  registry-ui-net:
--- a/examples/read-only-auth/nginx.conf
+++ b/examples/read-only-auth/nginx.conf
@ -0,0 +1,55 @@
 server {
    listen       80;
    server_name  localhost;
 #!    resolver 127.0.0.11; # This is for docker container name resolver
    #charset koi8-r;
    #access_log  /var/log/nginx/host.access.log  main;
    # disable any limits to avoid HTTP 413 for large image uploads
    client_max_body_size 0;
    # required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486)
    chunked_transfer_encoding on;
    # required for strict SNI checking: see Issue #70 (https://github.com/Joxit/docker-registry-ui/issues/70)
    proxy_ssl_server_name on;
    proxy_buffering off;
    proxy_ignore_headers "X-Accel-Buffering";
    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
    location /v2 {
        # Do not allow connections from docker 1.5 and earlier
        # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
        if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
            return 404;
        }
        # To add basic authentication to v2 use auth_basic setting.
        auth_basic "Registry realm";
        auth_basic_user_file /etc/nginx/auth/read-write.htpasswd;
        # For requests that *aren't* a PUT, POST, or DELETE
        limit_except PUT POST DELETE {
          auth_basic_user_file /etc/nginx/auth/read-only.htpasswd;
        }
        proxy_pass http://registry:5000;
    }
    #error_page  404              /404.html;
    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
 }
--- a/examples/read-only-auth/read-only.htpasswd
+++ b/examples/read-only-auth/read-only.htpasswd
@ -0,0 +1,2 @@
 read:$2y$05$NHpWy4HuCM8Ol2wZJsf6/.cJtGgv61jWzHTCYt/WntzRLDse1IuVO
 write:$2y$05$aqLmS1hXojRnubpSN4aVDeZ8wLhJtmQr4v0NiZl4KHUHXhDVnyoQm
--- a/examples/read-only-auth/read-write.htpasswd
+++ b/examples/read-only-auth/read-write.htpasswd
@ -0,0 +1 @@
 write:$2y$05$aqLmS1hXojRnubpSN4aVDeZ8wLhJtmQr4v0NiZl4KHUHXhDVnyoQm
--- a/examples/read-only-auth/registry.yml
+++ b/examples/read-only-auth/registry.yml
@ -0,0 +1,21 @@
 version: 0.1
 log:
  fields:
    service: registry
 storage:
  delete:
    enabled: true
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
 http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
    Access-Control-Allow-Origin: ['http://localhost']
    Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
    Access-Control-Allow-Headers: ['Authorization', 'Accept']
    Access-Control-Max-Age: [1728000]
    Access-Control-Allow-Credentials: [true]
    Access-Control-Expose-Headers: ['Docker-Content-Digest']
		`@ -0,0 +1,2 @@`
							`read:$2y$05$NHpWy4HuCM8Ol2wZJsf6/.cJtGgv61jWzHTCYt/WntzRLDse1IuVO`
							`write:$2y$05$aqLmS1hXojRnubpSN4aVDeZ8wLhJtmQr4v0NiZl4KHUHXhDVnyoQm`
		`@ -0,0 +1 @@`
							`write:$2y$05$aqLmS1hXojRnubpSN4aVDeZ8wLhJtmQr4v0NiZl4KHUHXhDVnyoQm`