docs: improve examples/read-only-auth (#371)

* Improve `examples/read-only-auth` * Update examples/read-only-auth/nginx.conf
2025-04-26 06:59:52 +03:00 · 2024-04-05 21:59:24 +02:00 · 2024-04-05 21:59:24 +02:00 · a36e3aac57
commit a36e3aac57
parent 7025df687c
5 changed files with 12 additions and 9 deletions
--- a/examples/read-only-auth/README.md
+++ b/examples/read-only-auth/README.md
@ -2,9 +2,12 @@

 This example will override the original nginx conf with read only access to the registry. You will need to rewrite all the project configuration (replaces `proxy_pass` with your own value, in this example `http://registry:5000` is fine).

-There are two htpasswd files. `read-write.htpasswd` a read and write access to the registry and `read-only.htpasswd` for a read only access.
+There are two htpasswd files:

-All users in `read-only.htpasswd` should be in `read-write.htpasswd`.
+- `write.htpasswd` for write access
+- `read.htpasswd` for read access
+
+All users in `write.htpasswd` should also be in `read.htpasswd` so that they can read and write.

 Read only user: login: `read` password: `registry`.
 Read and write user: login: `write` password: `registry`.
--- a/examples/read-only-auth/docker-compose.yml
+++ b/examples/read-only-auth/docker-compose.yml
@ -17,11 +17,11 @@ services:
      - SINGLE_REGISTRY=true
    volumes:
      - ./nginx.conf:/etc/nginx/conf.d/default.conf
-      - ./read-write.htpasswd:/etc/nginx/auth/read-write.htpasswd:ro
-      - ./read-only.htpasswd:/etc/nginx/auth/read-only.htpasswd
+      - ./read-write.htpasswd:/etc/nginx/auth/write.htpasswd:ro
+      - ./read-only.htpasswd:/etc/nginx/auth/read.htpasswd:ro
    depends_on:
      - registry
    networks:
      - registry-ui-net
 networks:
-  registry-ui-net:
+  registry-ui-net:
--- a/examples/read-only-auth/nginx.conf
+++ b/examples/read-only-auth/nginx.conf
@ -28,10 +28,10 @@ server {
        }
        # To add basic authentication to v2 use auth_basic setting.
        auth_basic "Registry realm";
-        auth_basic_user_file /etc/nginx/auth/read-write.htpasswd;
-        # For requests that *aren't* a PUT, POST, or DELETE
-        limit_except PUT POST DELETE {
-          auth_basic_user_file /etc/nginx/auth/read-only.htpasswd;
+        auth_basic_user_file /etc/nginx/auth/read.htpasswd;
+        # For requests that *aren't* a GET, HEAD or OPTIONS use the write file instead
+        limit_except GET HEAD OPTIONS {
+          auth_basic_user_file /etc/nginx/auth/write.htpasswd;
        }

        proxy_pass http://registry:5000;
--- a/examples/read-only-auth/read-only.htpasswd
+++ b/examples/read-only-auth/read-only.htpasswd
--- a/examples/read-only-auth/read-write.htpasswd
+++ b/examples/read-only-auth/read-write.htpasswd