Skip to content

Instantly share code, notes, and snippets.

@mickaelperrin
Last active February 27, 2019 09:41
Show Gist options
  • Save mickaelperrin/fc8bd0c505b47b7fe4c54dc1cbf845ab to your computer and use it in GitHub Desktop.
Save mickaelperrin/fc8bd0c505b47b7fe4c54dc1cbf845ab to your computer and use it in GitHub Desktop.
Create docker registry proxy for gitlab.com (proxifies myregistry.mydomain.tlf/myimage to registry.gitlab.com/mygitlabproject/myimage)
server {
listen 80;
server_name registry.docker;
set $vendor your_gitlab_vendor_name;
# Prevent infinite loop of redirects
location /v2/$vendor/ {
proxy_pass https://registry.gitlab.com;
}
# This block is used in the auth process
location /jwt/auth {
# Change the scope of the authentification to add the vendor name before the image
rewrite_by_lua_block {
local args = ngx.req.get_uri_args()
if args.scope then
args.scope = args.scope:gsub("repository:(.*):", "repository:" .. ngx.var.vendor .. "/%1:")
end
ngx.req.set_uri_args(args)
}
proxy_pass https://gitlab.com;
}
location / {
# Do not add vendor name for requests starting with _
rewrite ^/v2/_(.*)$ /v2/_$1 break;
# Add vendor name before all requests
rewrite ^/v2/(.+)$ /v2/$vendor/$1 break;
# Edit www-authenticate response headers to use our own /jwt/auth location
header_filter_by_lua_block {
if ngx.header["www-authenticate"] then
ngx.header["www-authenticate"] = ngx.header["www-authenticate"]:gsub("gitlab.com", ngx.var.server_name)
end
}
proxy_pass https://registry.gitlab.com;
}
}
version: '2'
services:
nginx:
restart: always
image: openresty/openresty:alpine
environment:
- VIRTUAL_HOST=registry.docker
- VIRTUAL_PORT=80
- HTTPS_METHOD=redirect
ports:
- 80
volumes:
- ./default.conf:/etc/nginx/conf.d/default.conf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment