I played with a docker registry and caddy ad reverse proxy. It’s secured by htpasswd, and the hole registry is auth only…
Docker registry used htpasswd, but it will set the hole registry to private, right? “Workarounds” are nginx / apache configs with request method based basic auth (like PUT)?
Is there another way to deal with public and private repositories?
Or would it possible to secure a ressource by request method (get, post, put,…) with caddy plugin basicauth instead of path?
Theoretically you could use a subdomain (secure.example.com) with an identical reverse proxy. Put a blanket basic auth on this subdomain. Then declare a redirect on the main domain for secure methods like so:
redir 302 {
if {method} is "PUT"
if {method} is "DELETE"
if_op or
/ https://secure.example.com{uri}
}