File tree Expand file tree Collapse file tree 4 files changed +39
-1
lines changed Expand file tree Collapse file tree 4 files changed +39
-1
lines changed Original file line number Diff line number Diff line change @@ -13,6 +13,7 @@ COPY files/ecr.ini /etc/supervisor.d/ecr.ini
13
13
COPY files/root /etc/crontabs/root
14
14
15
15
COPY files/nginx.conf /usr/local/openresty/nginx/conf/nginx.conf
16
+ COPY files/ssl.conf /usr/local/openresty/nginx/conf/ssl.conf
16
17
17
18
ENV PORT 5000
18
19
Original file line number Diff line number Diff line change @@ -18,11 +18,20 @@ http {
18
18
# this is necessary for us to be able to disable request buffering in all cases
19
19
proxy_http_version 1.1 ;
20
20
21
+ #SSLCONFIG
22
+
21
23
# will run before forking out nginx worker processes
22
24
init_by_lua_block { require "cjson" }
23
25
26
+ #https://docs.docker.com/registry/recipes/nginx/#setting-things-up
27
+ map $upstream_http_docker_distribution_api_version $docker_distribution_api_version {
28
+ '' 'registry/2.0' ;
29
+ }
30
+
24
31
server {
25
- listen PORT default_server ;
32
+ listen LISTEN default_server ;
33
+
34
+ #AUTHCONFIG
26
35
27
36
# Cache
28
37
add_header X-Cache-Status $upstream_cache_status ;
50
59
http_500 http_502 http_503 http_504;
51
60
proxy_cache_lock on;
52
61
62
+ add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;
53
63
add_header "Access-Control-Allow-Origin" "*" ;
54
64
55
65
location / {
Original file line number Diff line number Diff line change
1
+ ssl_certificate_key REGISTRY_HTTP_TLS_KEY;
2
+ ssl_certificate REGISTRY_HTTP_TLS_CERTIFICATE;
3
+
4
+ ssl_protocols TLSv1.2;
5
+ ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
6
+ ssl_prefer_server_ciphers on;
7
+
8
+ add_header Strict-Transport-Security max-age=31536000;
9
+
Original file line number Diff line number Diff line change @@ -36,11 +36,29 @@ echo Using cache max size $CACHE_MAX_SIZE
36
36
37
37
CONFIG=/usr/local/openresty/nginx/conf/nginx.conf
38
38
39
+ ENABLESSL=' '
40
+ SSLINCLUDE=' '
41
+ SSLCONFIG=/usr/local/openresty/nginx/conf/ssl.conf
42
+ if [ ! -z " $REGISTRY_HTTP_TLS_CERTIFICATE " ] && [ ! -z " $REGISTRY_HTTP_TLS_KEY " ]; then
43
+ sed -i -e s! REGISTRY_HTTP_TLS_CERTIFICATE! " $REGISTRY_HTTP_TLS_CERTIFICATE " ! g $SSLCONFIG
44
+ sed -i -e s! REGISTRY_HTTP_TLS_KEY! " $REGISTRY_HTTP_TLS_KEY " ! g $SSLCONFIG
45
+ ENABLESSL=' ssl'
46
+ SSLINCLUDE=" include $SSLCONFIG ;"
47
+ fi
48
+
49
+ AUTHCONFIG=' '
50
+ if [ ! -z " $REGISTRY_AUTH_HTPASSWD_PATH " ] && [ ! -z " $REGISTRY_AUTH_HTPASSWD_REALM " ]; then
51
+ AUTHCONFIG=" auth_basic ${REGISTRY_AUTH_HTPASSWD_REALM} ;\n auth_basic_user_file ${REGISTRY_AUTH_HTPASSWD_PATH} ;"
52
+ fi
53
+
39
54
# Update nginx config
40
55
sed -i -e s! UPSTREAM! " $UPSTREAM " ! g $CONFIG
56
+ sed -i -e s! LISTEN! " $PORT $ENABLESSL " ! g $CONFIG
41
57
sed -i -e s! PORT! " $PORT " ! g $CONFIG
42
58
sed -i -e s! RESOLVER! " $RESOLVER " ! g $CONFIG
43
59
sed -i -e s! CACHE_MAX_SIZE! " $CACHE_MAX_SIZE " ! g $CONFIG
60
+ sed -i -e s! # SSLCONFIG!"$SSLINCLUDE"!g $CONFIG
61
+ sed -i -e s! # AUTHCONFIG!"$AUTHCONFIG"!g $CONFIG
44
62
45
63
# setup ~/.aws directory
46
64
AWS_FOLDER=' /root/.aws'
You can’t perform that action at this time.
0 commit comments