docs: add new example ui as proxy with read-only right

2020-11-01 23:02:16 +01:00 · 2020-11-01 23:02:16 +01:00 · 99ea6cf1d8
parent ccd349b7d5
commit 99ea6cf1d8
9 changed files with 122 additions and 4 deletions
--- a/CONTRIBUTORS.md
+++ b/CONTRIBUTORS.md
@ -28,11 +28,10 @@
 - [@wuyue92tree](https://github.com/wuyue92tree)
 - Giovanni Toraldo [@gionn](https://github.com/gionn)
 - [@marcusblake](https://github.com/marcusblake)
- Dario [@pidario](https://github.com/pidario)
+- Dario Piombo [@pidario](https://github.com/pidario)
 - Jernej K. [@Cvetk0](https://github.com/Cvetk0)
 - Cristian Posoiu [@cr1st1p](https://github.com/cr1st1p)
 - Sepp Zuther [@Herr-Sepp](https://github.com/Herr-Sepp)
 - Tomas Hulata [@tombokombo](https://github.com/tombokombo)
 - Ben Jackson [@bjj](https://github.com/bjj)
- 三十文 [@xfduan](https://github.com/xfduan)
- Dario Piombo [@pidario](https://github.com/pidario)
+- 三十文 [@xfduan](https://github.com/xfduan)
--- a/README.md
+++ b/README.md
@ -261,3 +261,4 @@ check out the [Electron](examples/electron/README.md) standalone application.
 - [Add custom headers bases on environment variable and/or file when the ui is used as proxy](https://github.com/Joxit/docker-registry-ui/tree/master/examples/proxy-headers) ([#89](https://github.com/Joxit/docker-registry-ui/pull/89))
 - [UI showing same sha256 content digest for all tags + Delete is not working](https://github.com/Joxit/docker-registry-ui/tree/master/examples/issue-116) ([#116](https://github.com/Joxit/docker-registry-ui/issues/116))
 - [Electron-based Standalone Application](https://github.com/Joxit/docker-registry-ui/tree/master/examples/electron) ([#129](https://github.com/Joxit/docker-registry-ui/pull/129))
+- [Use docker-registry-ui as proxy with read-only right](https://github.com/Joxit/docker-registry-ui/tree/master/examples/read-only-auth) ([#47](https://github.com/Joxit/docker-registry-ui/issues/47))
--- a/examples/README.md
+++ b/examples/README.md
@ -8,4 +8,6 @@
 - [Use docker-registry-ui with HTTPS](https://github.com/Joxit/docker-registry-ui/tree/master/examples/issue-20) ([#20](https://github.com/Joxit/docker-registry-ui/issues/20))
 - [Unable to push image when docker-registry-ui is used as a proxy on non 80 port](https://github.com/Joxit/docker-registry-ui/tree/master/examples/issue-88) ([#88](https://github.com/Joxit/docker-registry-ui/issues/88))
 - [Add custom headers bases on environment variable and/or file when the ui is used as proxy](https://github.com/Joxit/docker-registry-ui/tree/master/examples/proxy-headers) ([#89](https://github.com/Joxit/docker-registry-ui/pull/89))
- [UI showing same sha256 content digest for all tags + Delete is not working](https://github.com/Joxit/docker-registry-ui/tree/master/examples/issue-116) ([#116](https://github.com/Joxit/docker-registry-ui/issues/116))
+- [UI showing same sha256 content digest for all tags + Delete is not working](https://github.com/Joxit/docker-registry-ui/tree/master/examples/issue-116) ([#116](https://github.com/Joxit/docker-registry-ui/issues/116))
+- [Electron-based Standalone Application](https://github.com/Joxit/docker-registry-ui/tree/master/examples/electron) ([#129](https://github.com/Joxit/docker-registry-ui/pull/129))
+- [Use docker-registry-ui as proxy with read-only right](https://github.com/Joxit/docker-registry-ui/tree/master/examples/read-only-auth) ([#47](https://github.com/Joxit/docker-registry-ui/issues/47))
--- a/examples/read-only-auth/README.md
+++ b/examples/read-only-auth/README.md
@ -0,0 +1,10 @@
+# Docker registry with read only access
+
+This is the configuration for a docker registry UI using `REGISTRY_URL` (as a proxy) with read only access to the registry.
+
+There are two htpasswd files. `read-write.htpasswd` a read and write access to the registry and `read-only.htpasswd` for a read only access.
+
+All users in `read-only.htpasswd` should be in `read-write.htpasswd`.
+
+Read only user: login: `read` password: `regisrty`.
+Read and write user: login: `write` password: `regisrty`.
--- a/examples/read-only-auth/docker-compose.yml
+++ b/examples/read-only-auth/docker-compose.yml
@ -0,0 +1,27 @@
+version: '2.0'
+services:
+  registry:
+    image: registry:2.7
+    volumes:
+      - ./registry-data:/var/lib/registry
+      - ./registry.yml:/etc/docker/registry/config.yml
+    networks:
+      - registry-ui-net
+
+  ui:
+    image: joxit/docker-registry-ui:static
+    ports:
+      - 80:80
+    environment:
+      - REGISTRY_TITLE=My Private Docker Registry
+      - REGISTRY_URL=http://registry:5000
+    volumes:
+      - ./nginx.conf:/etc/nginx/conf.d/default.conf
+      - ./read-write.htpasswd:/etc/nginx/auth/read-write.htpasswd:ro
+      - ./read-only.htpasswd:/etc/nginx/auth/read-only.htpasswd
+    depends_on:
+      - registry
+    networks:
+      - registry-ui-net
+networks:
+  registry-ui-net:
--- a/examples/read-only-auth/nginx.conf
+++ b/examples/read-only-auth/nginx.conf
@ -0,0 +1,55 @@
+server {
+    listen       80;
+    server_name  localhost;
+#!    resolver 127.0.0.11; # This is for docker container name resolver
+    #charset koi8-r;
+    #access_log  /var/log/nginx/host.access.log  main;
+
+    # disable any limits to avoid HTTP 413 for large image uploads
+    client_max_body_size 0;
+
+    # required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486)
+    chunked_transfer_encoding on;
+    # required for strict SNI checking: see Issue #70 (https://github.com/Joxit/docker-registry-ui/issues/70)
+    proxy_ssl_server_name on;
+    proxy_buffering off;
+    proxy_ignore_headers "X-Accel-Buffering";
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+
+    location /v2 {
+        # Do not allow connections from docker 1.5 and earlier
+        # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
+        if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
+            return 404;
+        }
+        # To add basic authentication to v2 use auth_basic setting.
+        auth_basic "Registry realm";
+        auth_basic_user_file /etc/nginx/auth/read-write.htpasswd;
+        # For requests that *aren't* a PUT, POST, or DELETE
+        limit_except PUT POST DELETE {
+          auth_basic_user_file /etc/nginx/auth/read-only.htpasswd;
+        }
+
+        proxy_pass http://registry:5000;
+    }
+
+    #error_page  404              /404.html;
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+
+    # deny access to .htaccess files, if Apache's document root
+    # concurs with nginx's one
+    #
+    #location ~ /\.ht {
+    #    deny  all;
+    #}
+}
--- a/examples/read-only-auth/read-only.htpasswd
+++ b/examples/read-only-auth/read-only.htpasswd
@ -0,0 +1,2 @@
+read:$2y$05$NHpWy4HuCM8Ol2wZJsf6/.cJtGgv61jWzHTCYt/WntzRLDse1IuVO
+write:$2y$05$aqLmS1hXojRnubpSN4aVDeZ8wLhJtmQr4v0NiZl4KHUHXhDVnyoQm
--- a/examples/read-only-auth/read-write.htpasswd
+++ b/examples/read-only-auth/read-write.htpasswd
@ -0,0 +1 @@
+write:$2y$05$aqLmS1hXojRnubpSN4aVDeZ8wLhJtmQr4v0NiZl4KHUHXhDVnyoQm
--- a/examples/read-only-auth/registry.yml
+++ b/examples/read-only-auth/registry.yml
@ -0,0 +1,21 @@
+version: 0.1
+log:
+  fields:
+    service: registry
+storage:
+  delete:
+    enabled: true
+  cache:
+    blobdescriptor: inmemory
+  filesystem:
+    rootdirectory: /var/lib/registry
+http:
+  addr: :5000
+  headers:
+    X-Content-Type-Options: [nosniff]
+    Access-Control-Allow-Origin: ['http://localhost']
+    Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
+    Access-Control-Allow-Headers: ['Authorization', 'Accept']
+    Access-Control-Max-Age: [1728000]
+    Access-Control-Allow-Credentials: [true]
+    Access-Control-Expose-Headers: ['Docker-Content-Digest']
				`@ -0,0 +1 @@`
				`write:$2y$05$aqLmS1hXojRnubpSN4aVDeZ8wLhJtmQr4v0NiZl4KHUHXhDVnyoQm`