docs: improve examples/read-only-auth (#371)

* Improve `examples/read-only-auth` * Update examples/read-only-auth/nginx.conf
Joxit · Apr 5, 2024 · a36e3aa · a36e3aa
1 parent 7025df6
commit a36e3aa
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 9 deletions.
diff --git a/examples/read-only-auth/README.md b/examples/read-only-auth/README.md
@@ -2,9 +2,12 @@
 
 This example will override the original nginx conf with read only access to the registry. You will need to rewrite all the project configuration (replaces `proxy_pass` with your own value, in this example `http://registry:5000` is fine).
 
-There are two htpasswd files. `read-write.htpasswd` a read and write access to the registry and `read-only.htpasswd` for a read only access.
+There are two htpasswd files:
 
-All users in `read-only.htpasswd` should be in `read-write.htpasswd`.
+- `write.htpasswd` for write access
+- `read.htpasswd` for read access
+
+All users in `write.htpasswd` should also be in `read.htpasswd` so that they can read and write.
 
 Read only user: login: `read` password: `registry`.
 Read and write user: login: `write` password: `registry`.
diff --git a/examples/read-only-auth/docker-compose.yml b/examples/read-only-auth/docker-compose.yml
@@ -17,11 +17,11 @@ services:
       - SINGLE_REGISTRY=true
     volumes:
       - ./nginx.conf:/etc/nginx/conf.d/default.conf
-      - ./read-write.htpasswd:/etc/nginx/auth/read-write.htpasswd:ro
-      - ./read-only.htpasswd:/etc/nginx/auth/read-only.htpasswd
+      - ./read-write.htpasswd:/etc/nginx/auth/write.htpasswd:ro
+      - ./read-only.htpasswd:/etc/nginx/auth/read.htpasswd:ro
     depends_on:
       - registry
     networks:
       - registry-ui-net
 networks:
-  registry-ui-net:
+  registry-ui-net:
diff --git a/examples/read-only-auth/nginx.conf b/examples/read-only-auth/nginx.conf
@@ -28,10 +28,10 @@ server {
         }
         # To add basic authentication to v2 use auth_basic setting.
         auth_basic "Registry realm";
-        auth_basic_user_file /etc/nginx/auth/read-write.htpasswd;
-        # For requests that *aren't* a PUT, POST, or DELETE
-        limit_except PUT POST DELETE {
-          auth_basic_user_file /etc/nginx/auth/read-only.htpasswd;
+        auth_basic_user_file /etc/nginx/auth/read.htpasswd;
+        # For requests that *aren't* a GET, HEAD or OPTIONS use the write file instead
+        limit_except GET HEAD OPTIONS {
+          auth_basic_user_file /etc/nginx/auth/write.htpasswd;
         }
 
         proxy_pass http://registry:5000;

diff --git a/examples/read-only-auth/read-only.htpasswd → examples/read-only-auth/read.htpasswd b/examples/read-only-auth/read-only.htpasswd → examples/read-only-auth/read.htpasswd
diff --git a/examples/read-only-auth/read-write.htpasswd → examples/read-only-auth/write.htpasswd b/examples/read-only-auth/read-write.htpasswd → examples/read-only-auth/write.htpasswd