docker-registry conf

upstream docker-registry {
  server localhost:5000;
}

server {
# disabled until docker supports selfsigned certs
#  listen 443;
  server_name my.own.server.com;
  access_log /var/log/nginx/docker-registry.access.log  main;
  error_log /var/log/nginx/docker-registry.error.log error;

# Docker doesn't like self signed certs
#  ssl on;
#  ssl_certificate /etc/ssl/certs/docker-registry.crt;
#  ssl_certificate_key /etc/ssl/private/docker-registry.key;

  proxy_set_header Host             $http_host;   # required for docker client's sake
  proxy_set_header X-Real-IP        $remote_addr; # pass on real client's IP
  proxy_set_header Authorization    ""; # see https://github.com/dotcloud/docker-registry/issues/170
  # If you don't have nginx compiled with ldap support comment out the next lines. See: http://www.allgoodbits.org/articles/view/21
  auth_ldap_url "ldap://cool.place.com:389/OU=Corporate,DC=cool,DC=place,DC=com?sAMAccountName?sub?(objectClass=*)";
  auth_ldap_binddn "user";
  auth_ldap_binddn_passwd "password";

  client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads

# Using nginx 1.4.7 this part is not necessary since chukin is default.
# required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
#  chunkin on;
#  error_page 411 = @my_411_error;
#  location @my_411_error {
#    chunkin_resume;
#  }

  location / {
    # If you don't have nginx compiled with ldap support comment out the next lines. See: http://www.allgoodbits.org/articles/view/21
    auth_ldap "Docker Registry Restricted Area";
    auth_ldap_require group "your group CN here";
    auth_ldap_satisfy any;

    proxy_pass http://docker-registry;
    proxy_set_header Host $host;
    proxy_read_timeout 900;
  }

  location /_ping {
    auth_basic off;
    proxy_pass http://docker-registry;
  }

  location /v1/_ping {
    auth_basic off;
    proxy_pass http://docker-registry;
  }
}