Skip to content

Instantly share code, notes, and snippets.

@rhrn

rhrn/registry

Last active May 11, 2018 08:47
Show Gist options
  • Save rhrn/26770003d812b7e7c7c64167d5457122 to your computer and use it in GitHub Desktop.
Save rhrn/26770003d812b7e7c7c64167d5457122 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
registry
upstream registry-upstream {
server registry:5000;
}
map $upstream_http_docker_distribution_api_version $docker_distribution_api_version {
'' 'registry/2.0';
}
server {
listen 8443 ssl http2;
server_name registry.example.com;
keepalive_timeout 10m;
ssl on;
ssl_dhparam /run/secrets/dhparam.pem;
ssl_certificate /run/secrets/registry.example.com.fullchain;
ssl_certificate_key /run/secrets/registry.example.com.privkey;
ssl_session_timeout 5m;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
client_max_body_size 0;
chunked_transfer_encoding on;
location / {
auth_basic "Registry realm";
auth_basic_user_file /run/secrets/registry_htpasswd;
add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;
proxy_redirect off;
proxy_pass http://registry-upstream;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
proxy_buffering on;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment