Add nginx configuration for v1 and v2 registry
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
This commit is contained in:
parent
5dd885b311
commit
6f087829c9
@ -406,3 +406,61 @@ middleware:
|
||||
**TODO(stevvooe): Need a "best practice" configuration overview. Perhaps, we can point to a documentation section.
|
||||
|
||||
|
||||
# Configure nginx to deploy alongside v1 registry
|
||||
|
||||
This sections describes how to configure nginx to proxy to both a v1 and v2
|
||||
registry. Nginx will handle routing of to the correct registry based on the
|
||||
URL and Docker client version.
|
||||
|
||||
## Example configuration
|
||||
With v1 registry running at `localhost:5001` and v2 registry running at
|
||||
`localhost:5002`. Add this to `/etc/nginx/conf.d/registry.conf`.
|
||||
```
|
||||
server {
|
||||
listen 5000;
|
||||
server_name localhost;
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/docker/registry/certs/domain.crt;
|
||||
ssl_certificate_key /etc/docker/registry/certs/domain.key;
|
||||
|
||||
client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads
|
||||
|
||||
# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
|
||||
chunked_transfer_encoding on;
|
||||
|
||||
location /v2/ {
|
||||
# Do not allow connections from docker 1.5 and earlier
|
||||
# docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
|
||||
if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
|
||||
return 404;
|
||||
}
|
||||
|
||||
proxy_pass http://localhost:5002;
|
||||
proxy_set_header Host $http_host; # required for docker client's sake
|
||||
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
|
||||
proxy_read_timeout 900;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:5001;
|
||||
proxy_set_header Host $http_host; # required for docker client's sake
|
||||
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
|
||||
proxy_set_header Authorization ""; # see https://github.com/docker/docker-registry/issues/170
|
||||
proxy_read_timeout 900;
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## Running nginx without a v1 registry
|
||||
When running a v2 registry behind nginx without a v1 registry, the `/v1/` endpoint should
|
||||
be explicitly configured to return a 404 if only the `/v2/` route is proxied. This
|
||||
is needed due to the v1 registry fallback logic within Docker 1.5 and 1.6 which will attempt
|
||||
to retrieve content from the v1 endpoint if no content was retrieved from v2.
|
||||
|
||||
Add this location block to explicitly block v1 requests.
|
||||
```
|
||||
localhost /v1/ {
|
||||
return 404;
|
||||
}
|
||||
```
|
||||
|
Loading…
Reference in New Issue
Block a user