Last active
August 29, 2015 13:57
-
-
Save Telmo/9765398 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
upstream docker-registry { | |
server localhost:5000; | |
} | |
server { | |
# disabled until docker supports selfsigned certs | |
# listen 443; | |
server_name my.own.server.com; | |
access_log /var/log/nginx/docker-registry.access.log main; | |
error_log /var/log/nginx/docker-registry.error.log error; | |
# Docker doesn't like self signed certs | |
# ssl on; | |
# ssl_certificate /etc/ssl/certs/docker-registry.crt; | |
# ssl_certificate_key /etc/ssl/private/docker-registry.key; | |
proxy_set_header Host $http_host; # required for docker client's sake | |
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP | |
proxy_set_header Authorization ""; # see https://github.com/dotcloud/docker-registry/issues/170 | |
# If you don't have nginx compiled with ldap support comment out the next lines. See: http://www.allgoodbits.org/articles/view/21 | |
auth_ldap_url "ldap://cool.place.com:389/OU=Corporate,DC=cool,DC=place,DC=com?sAMAccountName?sub?(objectClass=*)"; | |
auth_ldap_binddn "user"; | |
auth_ldap_binddn_passwd "password"; | |
client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads | |
# Using nginx 1.4.7 this part is not necessary since chukin is default. | |
# required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486) | |
# chunkin on; | |
# error_page 411 = @my_411_error; | |
# location @my_411_error { | |
# chunkin_resume; | |
# } | |
location / { | |
# If you don't have nginx compiled with ldap support comment out the next lines. See: http://www.allgoodbits.org/articles/view/21 | |
auth_ldap "Docker Registry Restricted Area"; | |
auth_ldap_require group "your group CN here"; | |
auth_ldap_satisfy any; | |
proxy_pass http://docker-registry; | |
proxy_set_header Host $host; | |
proxy_read_timeout 900; | |
} | |
location /_ping { | |
auth_basic off; | |
proxy_pass http://docker-registry; | |
} | |
location /v1/_ping { | |
auth_basic off; | |
proxy_pass http://docker-registry; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment