Skip to content

Instantly share code, notes, and snippets.

@deskoh
Created July 18, 2022 02:00
Show Gist options
  • Save deskoh/454290e292c2ac64127afd9e0636b1d3 to your computer and use it in GitHub Desktop.
Save deskoh/454290e292c2ac64127afd9e0636b1d3 to your computer and use it in GitHub Desktop.
###########################################################
## Additional domain alias for Docker registry
###########################################################
map $http_host $repoKey {
cr.io docker;
p.cr.io docker-private;
m.cr.io docker-mirror;
}
## server configuration
server {
listen 80 ;
server_name cr.io;
include conf.d/artifactory-docker.inc;
}
server {
listen 443 ssl;
server_name cr.io;
# Server TLS
ssl_certificate "/etc/nginx/ssl/io.crt";
ssl_certificate_key "/etc/nginx/ssl/io.key";
include conf.d/ssl_config.inc;
include conf.d/artifactory-docker.inc;
}
## Application specific logs
## access_log /var/log/nginx/docker-access.log timing;
## error_log /var/log/nginx/docker-error.log;
## tcp_nopush on;
## sendfile_max_chunk 1m;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repoKey/$1/$2;
chunked_transfer_encoding on;
client_max_body_size 0;
location /artifactory/ {
proxy_request_buffering off;
proxy_http_version 1.1;
proxy_read_timeout 2400s;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
if ( $request_uri ~ ^/artifactory/(.*)$ ) {
proxy_pass http://artifactory:8081/artifactory/$1;
}
proxy_pass http://artifactory:8081/artifactory/;
proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
###############################################################
## based on configuration was generated by JFrog Artifactory ##
###############################################################
## server configuration
server {
listen 80 ;
server_name ~(?<repo>.+)\.repo.dev.local repo.dev.local;
server_name ~(?<repo>.+)\.dev.local;
include conf.d/artifactory.inc;
}
server {
listen 443 ssl ;
server_name ~(?<repo>.+)\.repo.dev.local repo.dev.local;
server_name ~(?<repo>.+)\.dev.local;
# Server TLS
ssl_certificate "/etc/nginx/ssl/dev.local.crt";
ssl_certificate_key "/etc/nginx/ssl/dev.local.key";
include conf.d/ssl_config.inc;
include conf.d/artifactory.inc;
}
## Application specific logs
## access_log /var/log/nginx/repo.dev.local-access.log timing;
## error_log /var/log/nginx/repo.dev.local-error.log;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
rewrite ^/$ /ui redirect;
rewrite ^/ui$ /ui/ redirect;
rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2;
chunked_transfer_encoding on;
client_max_body_size 0;
location / {
proxy_read_timeout 2400s;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
proxy_buffer_size 128k;
proxy_buffers 40 128k;
proxy_busy_buffers_size 128k;
proxy_pass http://artifactory:8082;
proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header X-Content-Type-Options "nosniff" always;
location ~ ^/artifactory/ {
proxy_pass http://artifactory:8081;
}
}
location /yum {
root /data1/fileserver;
autoindex on;
tcp_nopush on;
sendfile_max_chunk 1m;
}
location /rpm-gpg {
root /data1/fileserver;
autoindex on;
tcp_nopush on;
sendfile_max_chunk 1m;
}
location /dnf {
root /data1/fileserver;
autoindex on;
tcp_nopush on;
sendfile_max_chunk 1m;
}
location /apt {
root /data1/fileserver;
autoindex on;
tcp_nopush on;
sendfile_max_chunk 1m;
}
location /docker {
root /data1/fileserver;
autoindex on;
tcp_nopush on;
sendfile_max_chunk 1m;
}
###########################################################
## Fileserver
###########################################################
server {
listen 80;
server_name file.io file.dev.local;
tcp_nopush on;
sendfile_max_chunk 1m;
root /data1/fileserver/file.io;
location / {
autoindex on;
}
}
server {
listen 443 ssl;
server_name file.io file.dev.local;
# Server TLS
ssl_certificate "/etc/nginx/ssl/io.crt";
ssl_certificate_key "/etc/nginx/ssl/io.key";
include conf.d/ssl_config.inc;
tcp_nopush on;
sendfile_max_chunk 1m;
root /data1/fileserver/file.io;
location / {
autoindex on;
}
}
###########################################################
## Fileserver
###########################################################
server {
listen 80 ;
server_name jwt.io;
tcp_nopush on;
sendfile_max_chunk 1m;
root /data1/fileserver/jwt.io;
location / {
autoindex on;
}
}
###########################################################
## Symantec LiveUpdate Administrator definition content
###########################################################
server {
listen 80 ;
server_name lua.dev.local;
tcp_nopush on;
sendfile_max_chunk 1m;
root /data1/fileserver/lua;
location / {
autoindex on;
}
}
# Shared SSL config
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_buffer_size 8k;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 4h;
ssl_session_tickets off;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment