search

Joxit / docker-registry-ui

The simplest and most complete UI for your private registry
https://joxit.dev/docker-registry-ui/
GNU Affero General Public License v3.0
2.57k stars 322 forks source link

Reject pull/push images throung env variable #359

Open orest-gulman opened 8 months ago

orest-gulman commented 8 months ago

I do have a docker compose file with joxit-ui as UI, apache for auth and registry containers. My registry is running on 5000 and on the top I have apache for auth/authz part. In joxit-ui I set PULL_URL=https://myregistry.domain.com:5000 and UI images are shown with correct endpoid and i can push or pull images shougn this URI in case auth part was successfull. For me the issue is that I can push/pull an images bypass auth/auth part by dropping port 5000 and I'm wondering of a posibilitty of rejecting pull/push images inside of joxit-iu nginx.

    environment:
      - SINGLE_REGISTRY=true
      - REGISTRY_URL=https://myregistry.domain.com
      - PULL_URL=https://myregistry.domain.com:5000
      - NGINX_PROXY_PASS_URL=http://172.20.0.20:5000
Joxit commented 8 months ago

Hi, you must use either REGISTRY_URL or NGINX_PROXY_PASS_URL not both of them.

As the configuration suggest, NGINX_PROXY_PASS_URL will proxy pass the requests to your registry.... Since you put an IP on port 5000, its clearly not your apache server.

orest-gulman commented 8 months ago

Hi, NGINX_PROXY_PASS_URL=http://172.20.0.20:5000 That is apache

Joxit commented 8 months ago

So what's https://myregistry.domain.com?

orest-gulman commented 8 months ago

Also apache. I terminate cert on apache 443/5000

Joxit commented 8 months ago

Okay, so just remove the nginx proxy pass option and it should be good for you