Initial commit

2022-09-30 18:27:53 -04:00 · 2022-09-30 18:27:53 -04:00 · 353de60795
commit 353de60795
3 changed files with 70 additions and 0 deletions
--- a/container-compose.yml
+++ b/container-compose.yml
@ -0,0 +1,22 @@
+---
+version: '3'
+
+volumes:
+  data: {}
+
+services:
+  registry:
+    image: docker.io/registry
+    volumes:
+      - data:/var/lib/registry
+  auth:
+    image: docker.io/nginx
+    environment:
+      - "REGISTRY_URL=${REGISTRY_URL:-registry:5000}"
+      - "REGISTRY_AUTH_FILE_ALL=${REGISTRY_AUTH_FILE_ALL:-./htpasswd}"
+    volumes:
+      - "${REGISTRY_AUTH_FILE_ALL:-./htpasswd}:/etc/nginx/htpasswd:ro"
+      - "./templates:/etc/nginx/templates:ro"
+      - "./nginx.conf:/etc/nginx/nginx.conf:ro"
+    ports:
+      - "${REGISTRY_HTTP_PORT:-8081}:80"
--- a/nginx.conf
+++ b/nginx.conf
@ -0,0 +1,45 @@
+events {
+  worker_connections  1024;
+}
+
+http {
+  include conf.d/registry_upstream;
+
+  # @see https://docs.docker.com/registry/recipes/nginx/
+  ## Set a variable to help us decide if we need to add the
+  ## 'Docker-Distribution-Api-Version' header.
+  ## The registry always sets this header.
+  ## In the case of nginx performing auth, the header is unset
+  ## since nginx is auth-ing before proxying.
+  map $upstream_http_docker_distribution_api_version $docker_distribution_api_version {
+    '' 'registry/2.0';
+  }
+
+  server {
+    listen 80;
+    server_name auth;
+
+    client_max_body_size 0;
+    chunked_transfer_encoding on;
+
+    location /v2/ {
+      if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
+        return 404;
+      }
+
+      auth_basic "Registry";
+      auth_basic_user_file /etc/nginx/htpasswd;
+
+      ## If $docker_distribution_api_version is empty, the header is not added.
+      ## See the map directive above where this variable is defined.
+      add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;
+
+      proxy_pass http://docker-registry;
+      proxy_set_header  Host              $http_host;   # required for docker client's sake
+      proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
+      proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
+      proxy_set_header  X-Forwarded-Proto $scheme;
+      proxy_read_timeout                  900;
+    }
+  }
+}
--- a/templates/registry_upstream.template
+++ b/templates/registry_upstream.template
@ -0,0 +1,3 @@
+upstream docker-registry {
+  server $REGISTRY_URL;
+}