github.com/cvmfs/docker-graphdriver@v0.0.0-20181206110523-155ec6df0521/provision/roles/docker-registry/templates/nginx-registry.conf.j2 (about) 1 upstream docker-registry { 2 server localhost:5000; 3 } 4 5 server { 6 listen 443; 7 server_name {{ ansible_fqdn }}; 8 9 # SSL 10 ssl on; 11 ssl_certificate /etc/nginx/conf.d/{{ ansible_fqdn }}.crt; 12 ssl_certificate_key /etc/nginx/conf.d/{{ ansible_fqdn }}.key; 13 14 # disable any limits to avoid HTTP 413 for large image uploads 15 client_max_body_size 0; 16 17 # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486) 18 chunked_transfer_encoding on; 19 20 location /v2/ { 21 # Do not allow connections from docker 1.5 and earlier 22 # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents 23 if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) { 24 return 404; 25 } 26 27 # To add basic authentication to v2 use auth_basic setting plus add_header 28 auth_basic "registry.localhost"; 29 auth_basic_user_file /etc/nginx/conf.d/registry.password; 30 add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always; 31 32 proxy_pass http://docker-registry; 33 proxy_set_header Host $http_host; # required for docker client's sake 34 proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP 35 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 36 proxy_set_header X-Forwarded-Proto $scheme; 37 proxy_read_timeout 900; 38 } 39 }