Last active
March 21, 2023 11:00
-
-
Save thockin/b9fa587a63f4c642588813ab172e081d to your computer and use it in GitHub Desktop.
Idea: nginx vanity domain fronting gcr.io
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is a GCR vanity domain. It aliases our domain to a specific | |
| # bucket in GCR. | |
| # e.g.`docker pull gcr.example.com/foobar` -> gcr.io/my_bucket/foobar | |
| server { | |
| server_name gcr.example.com; | |
| listen 80; | |
| listen 443 ssl; | |
| location = /v2/ { | |
| # If we redirect this, it can detect as unauthorized, but the token | |
| # auth will go directly to the backend, with the shortened image name | |
| # in a parameter. Much harder to fix up. We know our GCR is public. | |
| return 200; | |
| } | |
| location / { | |
| # There may be fancier ways to express this, but it's nice to be | |
| # obvious. These paths come from: | |
| # https://docs.docker.com/registry/spec/api/#detail | |
| rewrite ^/v2/_catalog$ https://gcr.io/v2/_catalog redirect; | |
| rewrite ^/v2/(.*)/tags/(.*) https://gcr.io/v2/my_bucket/$1/tags/$2 redirect; | |
| rewrite ^/v2/(.*)/manifests/(.*) https://gcr.io/v2/my_bucket/$1/manifests/$2 redirect; | |
| rewrite ^/v2/(.*)/blobs/(.*) https://gcr.io/v2/my_bucket/$1/blobs/$2 redirect; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment