justlaputa · September 4, 2019 20:17
diff --git a/nginx-config-docker-reverse-proxy.conf b/nginx-config-docker-reverse-proxy.conf
 # Copy from https://github.com/MarvAmBass/docker-nginx-registry-proxy/blob/master/docker-registry.conf
 # For versions of Nginx > 1.3.9 that include chunked transfer encoding support
 # Replace with appropriate values where necessary

 upstream docker-registry {
 server registry:5000;
 }

 server {
 listen 443 default_server;

 ssl on;
 ssl_certificate external/cert.pem;
 ssl_certificate_key external/key.pem;
 
 # set HSTS-Header because we only allow https traffic
 add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
 
 proxy_set_header Host       $http_host;   # required for Docker client sake
 proxy_set_header X-Real-IP  $remote_addr; # pass on real client IP

 client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads

 # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
 chunked_transfer_encoding on;

 location / {
     # let Nginx know about our auth file
     auth_basic              "Restricted";
     auth_basic_user_file    external/docker-registry.htpasswd;

     proxy_pass http://docker-registry;
 }
 location /_ping {
     auth_basic off;
     proxy_pass http://docker-registry;
 }  
 location /v1/_ping {
     auth_basic off;
     proxy_pass http://docker-registry;
 }
 location /v2/ {
     if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*\$" ) {
       return 404;
     }

     # To add basic authentication to v2 use auth_basic setting plus add_header
     auth_basic "Registry realm";
     auth_basic_user_file    external/docker-registry.htpasswd;
     add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always;

     proxy_pass                          http://docker-registry;
     proxy_set_header  Host              $http_host;   # required for docker client's sake
     proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
     proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
     proxy_set_header  X-Forwarded-Proto $scheme;
     proxy_read_timeout                  900;
 }

 }
	# Copy from https://github.com/MarvAmBass/docker-nginx-registry-proxy/blob/master/docker-registry.conf
	# For versions of Nginx > 1.3.9 that include chunked transfer encoding support
	# Replace with appropriate values where necessary

	upstream docker-registry {
	server registry:5000;
	}

	server {
	listen 443 default_server;

	ssl on;
	ssl_certificate external/cert.pem;
	ssl_certificate_key external/key.pem;

	# set HSTS-Header because we only allow https traffic
	add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";

	proxy_set_header Host $http_host; # required for Docker client sake
	proxy_set_header X-Real-IP $remote_addr; # pass on real client IP

	client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads

	# required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
	chunked_transfer_encoding on;

	location / {
	# let Nginx know about our auth file
	auth_basic "Restricted";
	auth_basic_user_file external/docker-registry.htpasswd;

	proxy_pass http://docker-registry;
	}
	location /_ping {
	auth_basic off;
	proxy_pass http://docker-registry;
	}
	location /v1/_ping {
	auth_basic off;
	proxy_pass http://docker-registry;
	}
	location /v2/ {
	if ($http_user_agent ~ "^(docker\/1\.(3\|4\|5(?!\.[0-9]-dev))\|Go ).*\$" ) {
	return 404;
	}

	# To add basic authentication to v2 use auth_basic setting plus add_header
	auth_basic "Registry realm";
	auth_basic_user_file external/docker-registry.htpasswd;
	add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always;

	proxy_pass http://docker-registry;
	proxy_set_header Host $http_host; # required for docker client's sake
	proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_read_timeout 900;
	}

	}