commit 353de60795af2ece6e9082b80e9ef3c4f7fb14a7 Author: Kienan Stewart Date: Fri Sep 30 18:27:53 2022 -0400 Initial commit diff --git a/container-compose.yml b/container-compose.yml new file mode 100644 index 0000000..14e1859 --- /dev/null +++ b/container-compose.yml @@ -0,0 +1,22 @@ +--- +version: '3' + +volumes: + data: {} + +services: + registry: + image: docker.io/registry + volumes: + - data:/var/lib/registry + auth: + image: docker.io/nginx + environment: + - "REGISTRY_URL=${REGISTRY_URL:-registry:5000}" + - "REGISTRY_AUTH_FILE_ALL=${REGISTRY_AUTH_FILE_ALL:-./htpasswd}" + volumes: + - "${REGISTRY_AUTH_FILE_ALL:-./htpasswd}:/etc/nginx/htpasswd:ro" + - "./templates:/etc/nginx/templates:ro" + - "./nginx.conf:/etc/nginx/nginx.conf:ro" + ports: + - "${REGISTRY_HTTP_PORT:-8081}:80" diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..87771f3 --- /dev/null +++ b/nginx.conf @@ -0,0 +1,45 @@ +events { + worker_connections 1024; +} + +http { + include conf.d/registry_upstream; + + # @see https://docs.docker.com/registry/recipes/nginx/ + ## Set a variable to help us decide if we need to add the + ## 'Docker-Distribution-Api-Version' header. + ## The registry always sets this header. + ## In the case of nginx performing auth, the header is unset + ## since nginx is auth-ing before proxying. + map $upstream_http_docker_distribution_api_version $docker_distribution_api_version { + '' 'registry/2.0'; + } + + server { + listen 80; + server_name auth; + + client_max_body_size 0; + chunked_transfer_encoding on; + + location /v2/ { + if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) { + return 404; + } + + auth_basic "Registry"; + auth_basic_user_file /etc/nginx/htpasswd; + + ## If $docker_distribution_api_version is empty, the header is not added. + ## See the map directive above where this variable is defined. + add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always; + + proxy_pass http://docker-registry; + proxy_set_header Host $http_host; # required for docker client's sake + proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 900; + } + } +} \ No newline at end of file diff --git a/templates/registry_upstream.template b/templates/registry_upstream.template new file mode 100644 index 0000000..4c3b270 --- /dev/null +++ b/templates/registry_upstream.template @@ -0,0 +1,3 @@ +upstream docker-registry { + server $REGISTRY_URL; +}