readysite / readysite.org / internal / sharing / registry.go
882 B
registry.go 
package sharing

import (
	"cmp"
	"net/http"
	"net/http/httputil"
	"net/url"
	"os"
)

// RegistryURL is the internal Docker registry endpoint.
// Uses REGISTRY_HOST env var or defaults to "registry:5000" for container network access.
var RegistryURL = "http://" + cmp.Or(os.Getenv("REGISTRY_HOST"), "registry:5000")

// NewRegistryProxy creates a reverse proxy for read-only registry access.
// Only GET and HEAD requests are allowed (no push access via proxy).
func NewRegistryProxy() http.Handler {
	target, _ := url.Parse(RegistryURL)
	proxy := httputil.NewSingleHostReverseProxy(target)

	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		// Only allow GET and HEAD (read-only)
		if r.Method != http.MethodGet && r.Method != http.MethodHead {
			http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
			return
		}
		proxy.ServeHTTP(w, r)
	})
}
← Back

Create your account

Enter your email to get started. No password needed.

Already have an account? Sign in