github.com/cvmfs/docker-graphdriver@v0.0.0-20181206110523-155ec6df0521/provision/roles/docker-registry/templates/nginx-registry.conf.j2

github.com/cvmfs/docker-graphdriver@v0.0.0-20181206110523-155ec6df0521/provision/roles/docker-registry/templates/nginx-registry.conf.j2 (about)

     1  upstream docker-registry {
     2    server localhost:5000;
     3  }
     4  
     5  server {
     6    listen 443;
     7    server_name {{ ansible_fqdn }};
     8  
     9    # SSL
    10    ssl on;
    11    ssl_certificate /etc/nginx/conf.d/{{ ansible_fqdn }}.crt;
    12    ssl_certificate_key /etc/nginx/conf.d/{{ ansible_fqdn }}.key;
    13  
    14    # disable any limits to avoid HTTP 413 for large image uploads
    15    client_max_body_size 0;
    16  
    17    # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
    18    chunked_transfer_encoding on;
    19  
    20    location /v2/ {
    21      # Do not allow connections from docker 1.5 and earlier
    22      # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
    23      if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
    24        return 404;
    25      }
    26  
    27      # To add basic authentication to v2 use auth_basic setting plus add_header
    28      auth_basic "registry.localhost";
    29      auth_basic_user_file /etc/nginx/conf.d/registry.password;
    30      add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always;
    31  
    32      proxy_pass                          http://docker-registry;
    33      proxy_set_header  Host              $http_host;   # required for docker client's sake
    34      proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
    35      proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
    36      proxy_set_header  X-Forwarded-Proto $scheme;
    37      proxy_read_timeout                  900;
    38    }
    39  }