fix(data): add ruleset to explicitly allow Docker / OCI clients

Fixes #1252 This is technically a regression as these clients used to work in Anubis v1.22.0, however it is allowable to make this opt-in as most websites do not expect to be serving Docker / OCI registry client traffic. Signed-off-by: Xe Iaso <me@xeiaso.net>
2026-04-16 13:24:57 +00:00 · 2025-11-07 18:47:39 -05:00
parent df217d61c8
commit 2ab4e5546f
7 changed files with 103 additions and 0 deletions
--- a/test/docker-registry/test.sh
+++ b/test/docker-registry/test.sh
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+source ../lib/lib.sh
+
+build_anubis_ko
+
+function cleanup() {
+	docker compose down
+}
+
+trap cleanup EXIT SIGINT
+
+mint_cert registry.local.cetacean.club
+
+docker compose up -d
+
+backoff-retry skopeo \
+	--insecure-policy \
+	copy \
+	--dest-tls-verify=false \
+	docker://hello-world \
+	docker://registry.local.cetacean.club:3004/hello-world