Create docker registry proxy for gitlab.com (proxifies myregistry.mydomain.tlf/myimage to registry.gitlab.com/mygitlabproject/myimage)

default.conf

server {
  listen 80;
  server_name registry.docker;
  set $vendor your_gitlab_vendor_name;

  # Prevent infinite loop of redirects
  location /v2/$vendor/ {
    proxy_pass https://registry.gitlab.com;
  }

  # This block is used in the auth process
  location /jwt/auth {

    # Change the scope of the authentification to add the vendor name before the image
    rewrite_by_lua_block {
      local args = ngx.req.get_uri_args()
      if args.scope then
        args.scope = args.scope:gsub("repository:(.*):", "repository:" .. ngx.var.vendor .. "/%1:")
      end
      ngx.req.set_uri_args(args)
    }
    proxy_pass https://gitlab.com;
  }

  location / {
    # Do not add vendor name for requests starting with _
    rewrite ^/v2/_(.*)$ /v2/_$1 break;

    # Add vendor name before all requests
    rewrite ^/v2/(.+)$ /v2/$vendor/$1 break;

    # Edit www-authenticate response headers to use our own /jwt/auth location
    header_filter_by_lua_block {
      if ngx.header["www-authenticate"] then
        ngx.header["www-authenticate"] = ngx.header["www-authenticate"]:gsub("gitlab.com", ngx.var.server_name)
      end
    }

    proxy_pass https://registry.gitlab.com;
  }
}

docker-compose.yml

version: '2'

services:
  nginx:
    restart: always
    image: openresty/openresty:alpine
    environment:
      - VIRTUAL_HOST=registry.docker
      - VIRTUAL_PORT=80
      - HTTPS_METHOD=redirect
    ports:
      - 80
    volumes:
      - ./default.conf:/etc/nginx/conf.d/default.conf