pierrelf.com
Rust implementation of OCI Distribution Spec with granular access control
fix: disable Axum default body size limit for large blob uploads
+16
-2
+14
-2
caddy/Caddyfile
+14
-2
caddy/Caddyfile
···
1
1
# Replace 'your-registry.example.com' with your real domain
2
2
# Caddy will automatically obtain TLS certificates for this domain via Let's Encrypt
3
-
# and reverse-proxy traffic to the `grain` service on port 8888 (same Docker network)
3
+
# and reverse-proxy traffic to the grain service on port 8888 (same Docker network)
4
+
# Note: Caddy passes the Authorization header through by default - do NOT use header_up
5
+
# directives as they can cause literal placeholder strings to be passed instead of values
4
6
5
7
your-registry.example.com {
6
-
reverse_proxy grain:8888
8
+
# Allow large uploads for container images
9
+
request_body {
10
+
max_size 0
11
+
}
12
+
13
+
reverse_proxy grain:8888 {
14
+
# Rewrite Location headers from internal address to public HTTPS URL
15
+
header_up Host {host}
16
+
header_down Location http://0.0.0.0:8888 https://your-registry.example.com
17
+
}
18
+
7
19
log {
8
20
output file /var/log/caddy/grain_access.log
9
21
}
+2
src/main.rs
+2
src/main.rs
···
1
1
use std::sync::Arc;
2
2
3
3
use axum::{
4
+
extract::DefaultBodyLimit,
4
5
routing::{delete, get, head, patch, post, put},
5
6
Router,
6
7
};
···
109
110
.route("/{*path}", patch(meta::catch_all_patch))
110
111
.route("/{*path}", delete(meta::catch_all_delete))
111
112
.with_state(shared_state)
113
+
.layer(DefaultBodyLimit::disable()) // Allow unlimited body size for blob uploads
112
114
.layer(axum::middleware::from_fn(middleware::track_metrics))
113
115
.layer(CorsLayer::permissive())
114
116
.merge(