github.com/mika/distribution@v2.2.2-0.20160108133430-a75790e3d8e0+incompatible/contrib/docker-integration/nginx/registry.conf (about) 1 # Docker registry proxy for api versions 1 and 2 2 3 upstream docker-registry { 4 server registryv1:5000; 5 } 6 7 upstream docker-registry-v2 { 8 server registryv2:5000; 9 } 10 11 # No client auth or TLS 12 server { 13 listen 5000; 14 server_name localhost; 15 16 # disable any limits to avoid HTTP 413 for large image uploads 17 client_max_body_size 0; 18 19 # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486) 20 chunked_transfer_encoding on; 21 22 location /v2/ { 23 # Do not allow connections from docker 1.5 and earlier 24 # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents 25 if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) { 26 return 404; 27 } 28 29 include docker-registry-v2.conf; 30 } 31 32 location / { 33 include docker-registry.conf; 34 } 35 } 36 37 # No client auth or TLS (V1 Only) 38 server { 39 listen 5001; 40 server_name localhost; 41 42 # disable any limits to avoid HTTP 413 for large image uploads 43 client_max_body_size 0; 44 45 # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486) 46 chunked_transfer_encoding on; 47 48 location / { 49 include docker-registry.conf; 50 } 51 } 52 53 # No client auth or TLS (V2 Only) 54 server { 55 listen 5002; 56 server_name localhost; 57 58 # disable any limits to avoid HTTP 413 for large image uploads 59 client_max_body_size 0; 60 61 # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486) 62 chunked_transfer_encoding on; 63 64 location / { 65 include docker-registry-v2.conf; 66 } 67 } 68 69 # TLS localhost (V1 Only) 70 server { 71 listen 5011; 72 server_name localhost; 73 ssl on; 74 ssl_certificate /etc/nginx/ssl/registry-ca+localhost-cert.pem; 75 ssl_certificate_key /etc/nginx/ssl/registry-ca+localhost-key.pem; 76 77 client_max_body_size 0; 78 chunked_transfer_encoding on; 79 location / { 80 include docker-registry.conf; 81 } 82 } 83 84 # TLS localregistry (V1 Only) 85 server { 86 listen 5011; 87 server_name localregistry; 88 ssl on; 89 ssl_certificate /etc/nginx/ssl/registry-ca+localregistry-cert.pem; 90 ssl_certificate_key /etc/nginx/ssl/registry-ca+localregistry-key.pem; 91 92 client_max_body_size 0; 93 chunked_transfer_encoding on; 94 location / { 95 include docker-registry.conf; 96 } 97 } 98 99 100 101 # TLS Configuration chart 102 # Username/Password: testuser/passpassword 103 # | ca | client | basic | notes 104 # 5440 | yes | no | no | Tests CA certificate 105 # 5441 | yes | no | yes | Tests basic auth over TLS 106 # 5442 | yes | yes | no | Tests client auth with client CA 107 # 5443 | yes | yes | no | Tests client auth without client CA 108 # 5444 | yes | yes | yes | Tests using basic auth + tls auth 109 # 5445 | no | no | no | Tests insecure using TLS 110 # 5446 | no | no | yes | Tests sending credentials to server with insecure TLS 111 # 5447 | no | yes | no | Tests client auth to insecure 112 # 5448 | yes | no | no | Bad SSL version 113 114 server { 115 listen 5440; 116 server_name localhost; 117 ssl on; 118 ssl_certificate /etc/nginx/ssl/registry-ca+localhost-cert.pem; 119 ssl_certificate_key /etc/nginx/ssl/registry-ca+localhost-key.pem; 120 include registry-noauth.conf; 121 } 122 123 server { 124 listen 5441; 125 server_name localhost; 126 ssl on; 127 ssl_certificate /etc/nginx/ssl/registry-ca+localhost-cert.pem; 128 ssl_certificate_key /etc/nginx/ssl/registry-ca+localhost-key.pem; 129 include registry-basic.conf; 130 } 131 132 server { 133 listen 5442; 134 listen 5443; 135 server_name localhost; 136 ssl on; 137 ssl_certificate /etc/nginx/ssl/registry-ca+localhost-cert.pem; 138 ssl_certificate_key /etc/nginx/ssl/registry-ca+localhost-key.pem; 139 ssl_client_certificate /etc/nginx/ssl/registry-ca+ca.pem; 140 ssl_verify_client on; 141 include registry-noauth.conf; 142 } 143 144 server { 145 listen 5444; 146 server_name localhost; 147 ssl on; 148 ssl_certificate /etc/nginx/ssl/registry-ca+localhost-cert.pem; 149 ssl_certificate_key /etc/nginx/ssl/registry-ca+localhost-key.pem; 150 ssl_client_certificate /etc/nginx/ssl/registry-ca+ca.pem; 151 ssl_verify_client on; 152 include registry-basic.conf; 153 } 154 155 server { 156 listen 5445; 157 server_name localhost; 158 ssl on; 159 ssl_certificate /etc/nginx/ssl/registry-noca+localhost-cert.pem; 160 ssl_certificate_key /etc/nginx/ssl/registry-noca+localhost-key.pem; 161 include registry-noauth.conf; 162 } 163 164 server { 165 listen 5446; 166 server_name localhost; 167 ssl on; 168 ssl_certificate /etc/nginx/ssl/registry-noca+localhost-cert.pem; 169 ssl_certificate_key /etc/nginx/ssl/registry-noca+localhost-key.pem; 170 include registry-basic.conf; 171 } 172 173 server { 174 listen 5447; 175 server_name localhost; 176 ssl on; 177 ssl_certificate /etc/nginx/ssl/registry-noca+localhost-cert.pem; 178 ssl_certificate_key /etc/nginx/ssl/registry-noca+localhost-key.pem; 179 ssl_client_certificate /etc/nginx/ssl/registry-ca+ca.pem; 180 ssl_verify_client on; 181 include registry-noauth.conf; 182 } 183 184 server { 185 listen 5448; 186 server_name localhost; 187 ssl on; 188 ssl_certificate /etc/nginx/ssl/registry-ca+localhost-cert.pem; 189 ssl_certificate_key /etc/nginx/ssl/registry-ca+localhost-key.pem; 190 ssl_protocols SSLv3; 191 include registry-noauth.conf; 192 } 193 194 # Add configuration for localregistry server_name 195 # Requires configuring /etc/hosts to use 196 # Set /etc/hosts entry to external IP, not 127.0.0.1 for testing 197 # Docker secure/insecure registry features 198 server { 199 listen 5440; 200 server_name localregistry; 201 ssl on; 202 ssl_certificate /etc/nginx/ssl/registry-ca+localregistry-cert.pem; 203 ssl_certificate_key /etc/nginx/ssl/registry-ca+localregistry-key.pem; 204 include registry-noauth.conf; 205 } 206 207 server { 208 listen 5441; 209 server_name localregistry; 210 ssl on; 211 ssl_certificate /etc/nginx/ssl/registry-ca+localregistry-cert.pem; 212 ssl_certificate_key /etc/nginx/ssl/registry-ca+localregistry-key.pem; 213 include registry-basic.conf; 214 } 215 216 server { 217 listen 5442; 218 listen 5443; 219 server_name localregistry; 220 ssl on; 221 ssl_certificate /etc/nginx/ssl/registry-ca+localregistry-cert.pem; 222 ssl_certificate_key /etc/nginx/ssl/registry-ca+localregistry-key.pem; 223 ssl_client_certificate /etc/nginx/ssl/registry-ca+ca.pem; 224 ssl_verify_client on; 225 include registry-noauth.conf; 226 } 227 228 server { 229 listen 5444; 230 server_name localregistry; 231 ssl on; 232 ssl_certificate /etc/nginx/ssl/registry-ca+localregistry-cert.pem; 233 ssl_certificate_key /etc/nginx/ssl/registry-ca+localregistry-key.pem; 234 ssl_client_certificate /etc/nginx/ssl/registry-ca+ca.pem; 235 ssl_verify_client on; 236 include registry-basic.conf; 237 } 238 239 server { 240 listen 5445; 241 server_name localregistry; 242 ssl on; 243 ssl_certificate /etc/nginx/ssl/registry-noca+localregistry-cert.pem; 244 ssl_certificate_key /etc/nginx/ssl/registry-noca+localregistry-key.pem; 245 include registry-noauth.conf; 246 } 247 248 server { 249 listen 5446; 250 server_name localregistry; 251 ssl on; 252 ssl_certificate /etc/nginx/ssl/registry-noca+localregistry-cert.pem; 253 ssl_certificate_key /etc/nginx/ssl/registry-noca+localregistry-key.pem; 254 include registry-basic.conf; 255 } 256 257 server { 258 listen 5447; 259 server_name localregistry; 260 ssl on; 261 ssl_certificate /etc/nginx/ssl/registry-noca+localregistry-cert.pem; 262 ssl_certificate_key /etc/nginx/ssl/registry-noca+localregistry-key.pem; 263 ssl_client_certificate /etc/nginx/ssl/registry-ca+ca.pem; 264 ssl_verify_client on; 265 include registry-noauth.conf; 266 } 267 268 server { 269 listen 5448; 270 server_name localregistry; 271 ssl on; 272 ssl_certificate /etc/nginx/ssl/registry-ca+localregistry-cert.pem; 273 ssl_certificate_key /etc/nginx/ssl/registry-ca+localregistry-key.pem; 274 ssl_protocols SSLv3; 275 include registry-noauth.conf; 276 } 277