Last active
February 27, 2019 09:41
-
-
Save mickaelperrin/fc8bd0c505b47b7fe4c54dc1cbf845ab to your computer and use it in GitHub Desktop.
Create docker registry proxy for gitlab.com (proxifies myregistry.mydomain.tlf/myimage to registry.gitlab.com/mygitlabproject/myimage)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 80; | |
server_name registry.docker; | |
set $vendor your_gitlab_vendor_name; | |
# Prevent infinite loop of redirects | |
location /v2/$vendor/ { | |
proxy_pass https://registry.gitlab.com; | |
} | |
# This block is used in the auth process | |
location /jwt/auth { | |
# Change the scope of the authentification to add the vendor name before the image | |
rewrite_by_lua_block { | |
local args = ngx.req.get_uri_args() | |
if args.scope then | |
args.scope = args.scope:gsub("repository:(.*):", "repository:" .. ngx.var.vendor .. "/%1:") | |
end | |
ngx.req.set_uri_args(args) | |
} | |
proxy_pass https://gitlab.com; | |
} | |
location / { | |
# Do not add vendor name for requests starting with _ | |
rewrite ^/v2/_(.*)$ /v2/_$1 break; | |
# Add vendor name before all requests | |
rewrite ^/v2/(.+)$ /v2/$vendor/$1 break; | |
# Edit www-authenticate response headers to use our own /jwt/auth location | |
header_filter_by_lua_block { | |
if ngx.header["www-authenticate"] then | |
ngx.header["www-authenticate"] = ngx.header["www-authenticate"]:gsub("gitlab.com", ngx.var.server_name) | |
end | |
} | |
proxy_pass https://registry.gitlab.com; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: '2' | |
services: | |
nginx: | |
restart: always | |
image: openresty/openresty:alpine | |
environment: | |
- VIRTUAL_HOST=registry.docker | |
- VIRTUAL_PORT=80 | |
- HTTPS_METHOD=redirect | |
ports: | |
- 80 | |
volumes: | |
- ./default.conf:/etc/nginx/conf.d/default.conf |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment