By default, the permissions for an anonymous user are Read & Deploy/Cache for any remote repository and Read for any repository type:
This configuration can be altered via the Artifactory UI or REST API. For example, as regards the former, to perform anonymous pulls, you’ll need to enable allow anonymous access via the UI under Security > Settings, as follows:
Thereafter, you will be able to pull images anonymously, as is demonstrated in the following example:
& docker pull <Artifactory_IP>/docker/nginx
Then, you will see something similar in your request.log:
29c707c617220f15|52.16.203.109|anonymous|GET|/api/docker/docker/v2/nginx/manifests/latest|200 43840d78ad848b81|52.16.203.109|anonymous|GET|/api/docker/docker/v2/nginx/manifests/sha256:0efad4d09a419dc6d574c3c3baacb804a530acd61d5eba72cb1f14e1f5ac0c8f|200
For versions prior to Artifactory 4.7.0, an anonymous pull with an authenticated push can be accomplished by using a virtual Docker repository together with a local Docker repository. The latter should be configured with Force Authentication, as follows:
The former should be created with the Force Authentication box unchecked and include the local repository.
While this will allow anonymous pulls from the virtual repository, pushes will not be allowed at all. Pushing can only be accomplished by pushing to the local repository, which does require authentication. Accordingly, although pulls and pushes will go to different places, this will not consume any additional space on either the Artifactory server or the clients that are pulling and pushing.
Here’s a push example:
docker login docker-artifactory:8443 docker push docker-artifactory:8443/nginx
Here’s a pull example:
docker pull docker-artifactory:8444/nginx