marchermans · June 10, 2020 09:28
diff --git a/gistfile1.txt b/gistfile1.txt
  server {
    listen 80;
    root /srv/Portus/public;

    ##
    # Docker-specific stuff.

    proxy_set_header Host $http_host;   # required for Docker client sake
    proxy_set_header X-Forwarded-Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Scheme $scheme;

    # disable any limits to avoid HTTP 413 for large image uploads
    client_max_body_size 0;

    # required to avoid HTTP 411: see Issue #1486
    # (https://github.com/docker/docker/issues/1486)
    chunked_transfer_encoding on;

    # Don't allow the browser to render the page inside a frame or iframe
    # and avoid Clickjacking. More in the following link:
    #
    # https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
    add_header X-Frame-Options DENY;

    # Disable content-type sniffing on some browsers.
    add_header X-Content-Type-Options nosniff;

    # This header enables the Cross-site scripting (XSS) filter built into
    # most recent web browsers. It's usually enabled by default anyway, so the
    # role of this header is to re-enable the filter for this particular
    # website if it was disabled by the user.
    add_header X-XSS-Protection "1; mode=block";

    # Add header for IE in compatibility mode.
    add_header X-UA-Compatible "IE=edge";

        # Redirect (most) requests to /v2/* to the Docker Registry
        location /v2/ {
          # Do not allow connections from docker 1.5 and earlier
          # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
          if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
        return 404;
      }

      ## If $docker_distribution_api_version is empty, the header will not be added.
      ## See the map directive above where this variable is defined.
      add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;

      proxy_pass https://registry;
      proxy_set_header Host $http_host;   # required for docker client's sake
      proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Forwarded-Ssl on; 
      proxy_set_header X-Forwarded-Port 443;
      proxy_set_header X-Forwarded-Host $http_host;
      proxy_read_timeout 900;
      proxy_buffering on;
        }

        # Portus needs to handle /v2/token for authentication
        location = /v2/token {
      proxy_pass http://portus;
      proxy_set_header Host $http_host;   # required for docker client's sake
      proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Forwarded-Ssl on; 
      proxy_set_header X-Forwarded-Port 443;
      proxy_set_header X-Forwarded-Host $http_host;
      proxy_read_timeout 900;
      proxy_buffering on;
    }

        # Portus needs to handle /v2/webhooks/events for notifications
        location = /v2/webhooks/events {
      proxy_pass http://portus;
      proxy_set_header Host $http_host;   # required for docker client's sake
      proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Forwarded-Ssl on; 
      proxy_set_header X-Forwarded-Port 443;
      proxy_set_header X-Forwarded-Host $http_host;
      proxy_read_timeout 900;
      proxy_buffering on;
    }

    # Assets are mapped inside of /srv/Portus/public from a shared volume.
    location ~ ^/(assets)/ {
      access_log  off;
      gzip_static on;
      expires     max;
      add_header  Cache-Control public;
      add_header  Last-Modified "";
      add_header  ETag "";
      break;
    }

        # Portus handles everything else for the UI
        location / {
      try_files $uri/index.html $uri.html $uri @portus;
    }

    location @portus {
      proxy_pass http://portus;
      proxy_set_header Host $http_host;   # required for docker client's sake
      proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Forwarded-Ssl on;
      proxy_set_header X-Forwarded-Port 443;
      proxy_set_header X-Forwarded-Host $http_host;
      proxy_read_timeout 900;
      proxy_buffering on;
    }
  }
 }
	server {
	listen 80;
	root /srv/Portus/public;

	##
	# Docker-specific stuff.

	proxy_set_header Host $http_host; # required for Docker client sake
	proxy_set_header X-Forwarded-Host $http_host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Scheme $scheme;

	# disable any limits to avoid HTTP 413 for large image uploads
	client_max_body_size 0;

	# required to avoid HTTP 411: see Issue #1486
	# (https://github.com/docker/docker/issues/1486)
	chunked_transfer_encoding on;

	# Don't allow the browser to render the page inside a frame or iframe
	# and avoid Clickjacking. More in the following link:
	#
	# https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
	add_header X-Frame-Options DENY;

	# Disable content-type sniffing on some browsers.
	add_header X-Content-Type-Options nosniff;

	# This header enables the Cross-site scripting (XSS) filter built into
	# most recent web browsers. It's usually enabled by default anyway, so the
	# role of this header is to re-enable the filter for this particular
	# website if it was disabled by the user.
	add_header X-XSS-Protection "1; mode=block";

	# Add header for IE in compatibility mode.
	add_header X-UA-Compatible "IE=edge";

	# Redirect (most) requests to /v2/* to the Docker Registry
	location /v2/ {
	# Do not allow connections from docker 1.5 and earlier
	# docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
	if ($http_user_agent ~ "^(docker\/1\.(3\|4\|5(?!\.[0-9]-dev))\|Go ).*$" ) {
	return 404;
	}

	## If $docker_distribution_api_version is empty, the header will not be added.
	## See the map directive above where this variable is defined.
	add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;

	proxy_pass https://registry;
	proxy_set_header Host $http_host; # required for docker client's sake
	proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header X-Forwarded-Ssl on;
	proxy_set_header X-Forwarded-Port 443;
	proxy_set_header X-Forwarded-Host $http_host;
	proxy_read_timeout 900;
	proxy_buffering on;
	}

	# Portus needs to handle /v2/token for authentication
	location = /v2/token {
	proxy_pass http://portus;
	proxy_set_header Host $http_host; # required for docker client's sake
	proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header X-Forwarded-Ssl on;
	proxy_set_header X-Forwarded-Port 443;
	proxy_set_header X-Forwarded-Host $http_host;
	proxy_read_timeout 900;
	proxy_buffering on;
	}

	# Portus needs to handle /v2/webhooks/events for notifications
	location = /v2/webhooks/events {
	proxy_pass http://portus;
	proxy_set_header Host $http_host; # required for docker client's sake
	proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header X-Forwarded-Ssl on;
	proxy_set_header X-Forwarded-Port 443;
	proxy_set_header X-Forwarded-Host $http_host;
	proxy_read_timeout 900;
	proxy_buffering on;
	}

	# Assets are mapped inside of /srv/Portus/public from a shared volume.
	location ~ ^/(assets)/ {
	access_log off;
	gzip_static on;
	expires max;
	add_header Cache-Control public;
	add_header Last-Modified "";
	add_header ETag "";
	break;
	}

	# Portus handles everything else for the UI
	location / {
	try_files $uri/index.html $uri.html $uri @portus;
	}

	location @portus {
	proxy_pass http://portus;
	proxy_set_header Host $http_host; # required for docker client's sake
	proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header X-Forwarded-Ssl on;
	proxy_set_header X-Forwarded-Port 443;
	proxy_set_header X-Forwarded-Host $http_host;
	proxy_read_timeout 900;
	proxy_buffering on;
	}
	}
	}