DigitalOcean

Report this

What is the reason for this report?
Question

Setting up a read-only user for a private Docker registry

Posted on October 22, 2020
Nginx
Docker
Ubuntu
mullenba

By mullenba

I’ve been able to set up and secure a private registry similar to the tutorial here: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-private-docker-registry-on-ubuntu-14-04

However, I would like to create a user that can only pull images (no pushes). How do I do it?

Thanks.



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
pistle2020
pistle2020
October 22, 2020

If the username starts with admin or admin-, the subrequest handler responds with a status code of 200. This response allows any client request to proceed to the registry via the original handler (location /). A match on this condition effectively grants full read-write access to the registry. If the username does not start with the admin prefix, but the HTTP request method is GET or HEAD, the subrequest handler responds with 200 status. This response allows the client request to proceed to the upstream registry. A match on this condition effectively grants read-only access to the registry. In any other case, the subrequest handler responds with a 403 Forbidden. The original request handler aborts further processing and returns the 403 response to the client. A match on this condition prohibits the client request from reaching the registry. In effect, this condition prevents all anonymous user access and prevents anything but GET and HEAD access (i.e., read-only access) by non-admin users.

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and AI-native businesses

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2026 DigitalOcean, LLC.Sitemap.