parente · April 3, 2023 16:00 · JumpingSpottedTiger · Nov 6, 2015 · StefanPanait · Dec 8, 2015
diff --git a/nginx.conf b/nginx.conf
 user www-data;
 worker_processes 1;
 daemon off;

 events {
  worker_connections  1024;
 }

 http {
  upstream docker-registry {
    server registry:5000;
  }

  server {
    listen                          443 ssl;
    server_name                     registry.mydomain.org;
    ssl_certificate                 /etc/nginx/server.crt;
    ssl_certificate_key             /etc/nginx/server.key;

    client_max_body_size            0;
    chunked_transfer_encoding       on;

    proxy_set_header Host           $http_host;
    proxy_set_header X-Real-IP      $remote_addr;
    proxy_set_header Authorization  "";

    # protected by basic authentication, delegates to /_auth for push/pull authorization
    location / {
      proxy_pass                    http://docker-registry;
      proxy_set_header              Host  $host;
      proxy_read_timeout            900;
      auth_basic                    "Docker Registry";
      auth_basic_user_file          /etc/nginx/registry_users;
      auth_request                  /_auth;
    }

    location /_auth {
      if ($remote_user ~* "^admin-?.*$") {
        # admin* is allowed to do anything
        return 200;
      }
      if ($request_method ~* "^(GET|HEAD)$") {
        # all other authed users can only GET/HEAD
        return 200;
      }
      # anonymous users can do nothing
      return 403;
    }

    # all users can access /v1/users to authenticate
    location /v1/users {
      proxy_pass                    http://docker-registry;
      proxy_set_header              Host  $host;
      proxy_read_timeout            900;
      auth_basic                    "Docker Registry";
      auth_basic_user_file          /etc/nginx/registry_users;
    }

    # ping end points require no authentication
    location /_ping {
      proxy_pass            http://docker-registry;
      auth_basic            off;
    }

    location /v1/_ping {
      proxy_pass            http://docker-registry;
      auth_basic            off;
    }
  }
 }
	user www-data;
	worker_processes 1;
	daemon off;

	events {
	worker_connections 1024;
	}

	http {
	upstream docker-registry {
	server registry:5000;
	}

	server {
	listen 443 ssl;
	server_name registry.mydomain.org;
	ssl_certificate /etc/nginx/server.crt;
	ssl_certificate_key /etc/nginx/server.key;

	client_max_body_size 0;
	chunked_transfer_encoding on;

	proxy_set_header Host $http_host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header Authorization "";

	# protected by basic authentication, delegates to /_auth for push/pull authorization
	location / {
	proxy_pass http://docker-registry;
	proxy_set_header Host $host;
	proxy_read_timeout 900;
	auth_basic "Docker Registry";
	auth_basic_user_file /etc/nginx/registry_users;
	auth_request /_auth;
	}

	location /_auth {
	if ($remote_user ~* "^admin-?.*$") {
	# admin* is allowed to do anything
	return 200;
	}
	if ($request_method ~* "^(GET\|HEAD)$") {
	# all other authed users can only GET/HEAD
	return 200;
	}
	# anonymous users can do nothing
	return 403;
	}

	# all users can access /v1/users to authenticate
	location /v1/users {
	proxy_pass http://docker-registry;
	proxy_set_header Host $host;
	proxy_read_timeout 900;
	auth_basic "Docker Registry";
	auth_basic_user_file /etc/nginx/registry_users;
	}

	# ping end points require no authentication
	location /_ping {
	proxy_pass http://docker-registry;
	auth_basic off;
	}

	location /v1/_ping {
	proxy_pass http://docker-registry;
	auth_basic off;
	}
	}
	}