From ed29d339c1c2dae43b8cfe773f6dcc5e4ddac1f7 Mon Sep 17 00:00:00 2001
From: silverwind <me@silverwind.io>
Date: Fri, 29 Mar 2024 13:47:04 +0100
Subject: [PATCH 1/2] Improve `examples/read-only-auth`

---
 examples/read-only-auth/README.md                         | 7 +++++--
 examples/read-only-auth/docker-compose.yml                | 6 +++---
 examples/read-only-auth/nginx.conf                        | 8 ++++----
 .../read-only-auth/{read-only.htpasswd => read.htpasswd}  | 0
 .../{read-write.htpasswd => write.htpasswd}               | 0
 5 files changed, 12 insertions(+), 9 deletions(-)
 rename examples/read-only-auth/{read-only.htpasswd => read.htpasswd} (100%)
 rename examples/read-only-auth/{read-write.htpasswd => write.htpasswd} (100%)

diff --git a/examples/read-only-auth/README.md b/examples/read-only-auth/README.md
index 009e3679..34d95b3b 100644
--- a/examples/read-only-auth/README.md
+++ b/examples/read-only-auth/README.md
@@ -2,9 +2,12 @@
 
 This example will override the original nginx conf with read only access to the registry. You will need to rewrite all the project configuration (replaces `proxy_pass` with your own value, in this example `http://registry:5000` is fine).
 
-There are two htpasswd files. `read-write.htpasswd` a read and write access to the registry and `read-only.htpasswd` for a read only access.
+There are two htpasswd files:
 
-All users in `read-only.htpasswd` should be in `read-write.htpasswd`.
+- `write.htpasswd` for write access
+- `read.htpasswd` for read access
+
+All users in `write.htpasswd` should also be in `read.htpasswd` so that they can read and write.
 
 Read only user: login: `read` password: `registry`.
 Read and write user: login: `write` password: `registry`.
diff --git a/examples/read-only-auth/docker-compose.yml b/examples/read-only-auth/docker-compose.yml
index bce9fa0c..c83bbced 100644
--- a/examples/read-only-auth/docker-compose.yml
+++ b/examples/read-only-auth/docker-compose.yml
@@ -17,11 +17,11 @@ services:
       - SINGLE_REGISTRY=true
     volumes:
       - ./nginx.conf:/etc/nginx/conf.d/default.conf
-      - ./read-write.htpasswd:/etc/nginx/auth/read-write.htpasswd:ro
-      - ./read-only.htpasswd:/etc/nginx/auth/read-only.htpasswd
+      - ./read-write.htpasswd:/etc/nginx/auth/write.htpasswd:ro
+      - ./read-only.htpasswd:/etc/nginx/auth/read.htpasswd:ro
     depends_on:
       - registry
     networks:
       - registry-ui-net
 networks:
-  registry-ui-net:
\ No newline at end of file
+  registry-ui-net:
diff --git a/examples/read-only-auth/nginx.conf b/examples/read-only-auth/nginx.conf
index c2da71cf..ffbe49fe 100644
--- a/examples/read-only-auth/nginx.conf
+++ b/examples/read-only-auth/nginx.conf
@@ -28,10 +28,10 @@ server {
         }
         # To add basic authentication to v2 use auth_basic setting.
         auth_basic "Registry realm";
-        auth_basic_user_file /etc/nginx/auth/read-write.htpasswd;
-        # For requests that *aren't* a PUT, POST, or DELETE
-        limit_except PUT POST DELETE {
-          auth_basic_user_file /etc/nginx/auth/read-only.htpasswd;
+        auth_basic_user_file /etc/nginx/auth/read.htpasswd;
+        # For requests that *aren't* a GET, HEAD or OPTIONS use the write file
+        limit_except GET HEAD OPTIONS {
+          auth_basic_user_file /etc/nginx/auth/write.htpasswd;
         }
 
         proxy_pass http://registry:5000;
diff --git a/examples/read-only-auth/read-only.htpasswd b/examples/read-only-auth/read.htpasswd
similarity index 100%
rename from examples/read-only-auth/read-only.htpasswd
rename to examples/read-only-auth/read.htpasswd
diff --git a/examples/read-only-auth/read-write.htpasswd b/examples/read-only-auth/write.htpasswd
similarity index 100%
rename from examples/read-only-auth/read-write.htpasswd
rename to examples/read-only-auth/write.htpasswd

From 584cc4c635ea4f29e68b0989cf27de6e878fb6f1 Mon Sep 17 00:00:00 2001
From: silverwind <me@silverwind.io>
Date: Fri, 29 Mar 2024 14:22:52 +0100
Subject: [PATCH 2/2] Update examples/read-only-auth/nginx.conf

---
 examples/read-only-auth/nginx.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/read-only-auth/nginx.conf b/examples/read-only-auth/nginx.conf
index ffbe49fe..f56fd240 100644
--- a/examples/read-only-auth/nginx.conf
+++ b/examples/read-only-auth/nginx.conf
@@ -29,7 +29,7 @@ server {
         # To add basic authentication to v2 use auth_basic setting.
         auth_basic "Registry realm";
         auth_basic_user_file /etc/nginx/auth/read.htpasswd;
-        # For requests that *aren't* a GET, HEAD or OPTIONS use the write file
+        # For requests that *aren't* a GET, HEAD or OPTIONS use the write file instead
         limit_except GET HEAD OPTIONS {
           auth_basic_user_file /etc/nginx/auth/write.htpasswd;
         }