Skip to content

nginx proxy examples

Rob Nelson edited this page Feb 2, 2015 · 2 revisions

The following nginx configurations will provide a proxy for both the registry, and this frontend-ui These configurations expect that you're using DNS or a --link in your docker run to provide the correct names for your upstream statements.

This nginx configuration expects you to have DNS or /etc/hosts entries so that machines & users can access the registry at https://privregistry.domain and the frontendui at https://registryui.domain

Below the nginx configurations is a basic shell script to start the registry, redis, registry-frontend, and nginx to proxy both services.

etc/nginx/sites-enabled/registry-frontend.conf

# For versions of nginx > 1.3.9 that include chunked transfer encoding support
# Replace with appropriate values where necessary

upstream registry-frontend {
  server frontend:80;
}

# uncomment if you want a 301 redirect for users attempting to connect
# on port 80
# NOTE: docker client will still fail. This is just for convenience
# server {
#   listen *:80;
#   server_name my.docker.registry.com;
#   return 301 https://$server_name$request_uri;
# }

server {
  listen 443;
  server_name registryui.domain;

  ssl on;
  ssl_certificate /etc/ssl/certs/docker-registry;
  ssl_certificate_key /etc/ssl/private/docker-registry;

  client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads


  location / {
    include               /etc/nginx/conf.d/registry-frontend.conf;
  }
}

etc/nginx/conf.d/registry-frontend.conf

proxy_pass                       http://registry-frontend;
proxy_set_header  Host           $http_host;   # required for docker client's sake
proxy_set_header  X-Real-IP      $remote_addr; # pass on real client's IP
#proxy_set_header  Authorization  ""; # see https://github.com/dotcloud/docker-registry/issues/170
proxy_read_timeout               900;

etc/nginx/sites-enabled/privregistry.domain.conf

# For versions of nginx > 1.3.9 that include chunked transfer encoding support
# Replace with appropriate values where necessary

upstream docker-registry {
  server registry:5000;
}
# uncomment if you want a 301 redirect for users attempting to connect
# on port 80
# NOTE: docker client will still fail. This is just for convenience
# server {
#   listen *:80;
#   server_name my.docker.registry.com;
#   return 301 https://$server_name$request_uri;
# }

server {
  listen 443;
  server_name privregistry.domain;

  ssl on;
  ssl_certificate /etc/ssl/certs/docker-registry;
  ssl_certificate_key /etc/ssl/private/docker-registry;

  client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads

  # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
  chunked_transfer_encoding on;

  location / {
    auth_basic            "Restricted";
    auth_basic_user_file  /etc/nginx/docker-registry.htpasswd;
    include               /etc/nginx/conf.d/docker-registry.conf;
  }

  location /_ping {
    auth_basic off;
    include               /etc/nginx/conf.d/docker-registry.conf;
  }

  location /v1/_ping {
    auth_basic off;
    include               /etc/nginx/conf.d/docker-registry.conf;
  }
}

etc/nginx/conf.d/docker-registry.conf

proxy_pass                       http://docker-registry;
client_body_timeout		 30s;
client_body_in_single_buffer	 on;
client_body_temp_path 		 /dev/nginx 1 2;
client_max_body_size		 0;
chunked_transfer_encoding	 on;
tcp_nodelay			 on;
tcp_nopush			 off;
proxy_max_temp_file_size	 3172m;
sendfile_max_chunk		 0;
sendfile			 off;
proxy_set_header  Host           $http_host;   # required for docker client's sake
proxy_set_header  X-Real-IP      $remote_addr; # pass on real client's IP
proxy_set_header  Authorization  ""; # see https://github.com/dotcloud/docker-registry/issues/170
proxy_read_timeout               120s;
reset_timedout_connection 	 on;

This is a more complex script to start

  • redis for registry caching
  • docker-registry
  • docker-registry-frontend
  • nginx proxy configured as above
#!/bin/sh

start () {
for i in registry_redis registry_registry registry_frontend registry_proxy ; do
    docker start ${i} 
done
}

run () {
REGDATA=$(pwd)/registry-data
docker run \
	 -d \
	 --restart=always \
	 --name=registry_redis \
	 shastafareye/redis \
 && docker run -d --restart=always \
	-e LOGLEVEL=debug \
 	-e CORS_ORIGINS=[\'*\'] \
 	-e STORAGE_PATH=/registry \
 	-e SEARCH_BACKEND=sqlalchemy \
	-e SQLALCHEMY_INDEX_DATABASE=sqlite:////registry-data/docker-registry.db \
	-e CACHE_REDIS_HOST=redis \
        -e CACHE_REDIS_PORT=6379 \
        -e CACHE_REDIS_DB=0 \
        -e CACHE_LRU_REDIS_HOST=redis \
        -e CACHE_LRU_REDIS_PORT=6379 \
        -e CACHE_LRU_REDIS_DB=1 \
	-e GUNICORN_OPTS='[--preload]' \
	-e WEB_CONCURRENCY=10 \
	-e SETTINGS_FLAVOR=s3 \
    	-e AWS_REGION=us-west-2 \
    	-e AWS_SECURE=true \
    	-e AWS_BUCKET=[YOUR_AWS_BUCKET] \
    	-e STORAGE_PATH=/registry \
    	-e AWS_KEY=[YOUR_AWS_KEY] \
    	-e AWS_SECRET=[YOUR_AWS_SECRET] \
    	-e INDEX_ENDPOINT=https://index.docker.io \
	-v ${REGDATA}:/registry-data \
 	--name registry_registry \
	--link registry_redis:redis \
	shastafareye/docker-registry \
 && docker run --restart=always \
	 -d  \
	 -e ENV_DOCKER_REGISTRY_HOST=registry \
	 -e ENV_DOCKER_REGISTRY_PORT=5000 \
	 --name=registry_frontend \
	 --link registry_registry:registry \
	 konradkleine/docker-registry-frontend \
 && docker run -d --restart=always \
         -p 443:443 \
	 --name=registry_proxy \
	 --link registry_registry:registry \
	 --link registry_frontend:frontend \
         -v /some/dir/nginx:/etc/nginx \
	 shastafareye/nginx
}

stop () {
for r in `docker ps -a |grep registry_ | awk '{print $NF}'` ; do
  docker stop ${r} 
done
}

remove () {
for r in `docker ps -a|grep registry_ | awk '{print $NF}'` ; do
  docker rm ${r} 
done
}

case ${1} in 
   start) echo "starting registry..."
        start
	;;
    stop) echo "stopping registry - dont forget to remove if needed"
	stop
	;;
     run) run 
	;;
  remove) echo "removing registry containers..."
	remove
	;;
   whack) echo "stopping and removing  registry containers..."
	stop 
	remove
	;;
       *) echo "Usage: ${0} [start|stop|remove|whack]"
	;;
esac
Clone this wiki locally